Kerio WinRoute Firewall 6.0

         

Ãëîññàðèé


ActiveX

This Microsoft's proprietary technology is used for creation of dynamic objects for Web pages. This technology provides a wide range of features, such as saving to disk and running commands at the client (i.e. at the computer where the Web page is opened). Using ActiveX, virus and worms can for example modify telephone number of the dial-up.

ActiveX is supported only by Microsoft Internet Explorer.

DHCP

DHCP (Dynamic Host Configuration Protocol) Serves automatic IP configuration of computers in the network. IP addresses are assigned from a scope. Parameters include a gateway or router, DNS servers, local domain etc.

DirecWay

This technology enables wideband bidirectional satellite connection to the Internet. For detailed information, follow the link http://www.direcway.com/.

DNS

DNS (Domain Name System) A worldwide distributed database of Internet hostnames and their associated IP address. Computers use Domain Name Servers to resolve host names to IP addresses. DNS allows internet servers to be more easily recognized (i.e. www.kerio.com is easier to remember than 207.235.5.183.

Firewall

Software application or hardware component used to protect hosts or networks from intrusion attempts (usually from the Internet).

In this guide, the word firewall represents the WinRoute host.

IMAP

Internet Message Access Protocol (IMAP) enables clients to manage messages stored on a mail server without downloading them to a local computer. This architecture allows the user to access his/her mail from multiple locations (messages downloaded to a local host disc would not be available from other locations).

IP address

Number consisting of 32 bits that is used to identify the host within the Internet. Each packet contains information about where it was sent from (source IP address) and to which address it is to be delivered (destination IP address).

IPSec

IPsec (IP Security Protocol) is an extended IP protocol which enables secure data transfer. It provides services similar to SSL/TLS, however, these services are provided on a network layer. IPSec can be used for creation of encrypted tunnels between networks (VPN) — so called tunnel mode, or for encryption of traffic between two hosts— so called transport mode.




Kerberos

It is a standard protocol used for user authentication within Windows 2000/2003. Users connect to central servers ( Key Distribution Center — KDC) and the servers send them encrypted keys for connection to other servers within the network. In case of the Windows 2000/2003 domains, function of KDC is provided by the particular domain server.

LDAP

LDAP (Lightweight Directory Access Protocol) is an Internet protocol used to access directory services. Information about user accounts and user rights, about hosts included in the network, etc. are stored in the directories. Typically LDAP is used by email applications to search for email addresses and to delivery management (Microsoft Active Directory).

NAT

NAT (Network Address Translation ) stands for substitution of IP addresses in packets passing through the firewall:



  • source address translation (Source NAT, SNAT) — in packets going from local networks to the Internet source (private) IP addresses are substituted with the external (public) firewall address. Each packet sent from the local network is recorded in the NAT table. If any packet incoming from the Internet matches with a record included in this table, its destination IP address will be substituted by the IP address of the appropriate host within the local network and the packet will be redirected to this host. Packets that do not match with any record in the NAT table will be dropped.



  • destination address translation (Destination NAT, DNAT, it is also called port mapping) — is used to enable services in the local network from the Internet. If any packet incoming from the Internet meets certain requirements, its IP address will be substituted by the IP address of the local host where the service is running and the packet is sent to this host.



The NAT technology enables connection from local networks to the Internet using a single IP address. All hosts within the local network can access the Internet directly as if they were on a public network (certain limitations are applied). Services running on local hosts can be mapped to the public IP address.

Network mask



Network masks divide IP addresses into two parts (network address and address of a particular host within the network). Mask have the same form as IP addresses (i.e. 255.255.255.0), however, its value is needed to be understood as a 32-bit number with certain number of ones on the left end and zeros as the rest. The mask cannot have an arbitrary value. The primary function of a subnet mask is to define the number of IP hosts that participate in an IP subnet. Computers in the same IP subnet should not require a router for network communication.

Network adapter

The equipment that connects hosts to a traffic medium. It can be represented by an Ethernet adapter, TokenRing adapter, by a modem, etc. Network adapters are used by hosts to send and receive packets. They are also referred to throughout this document as a network interface.

P2P network

Peer-to-Peer (P2P) networks are worldwide distributd systems where each node can be used both as a client and a server. These networks are used for sharing of big volumes of data (this sharing is mostly illegal). DirectConnect and Kazaa are the most popular ones.

Packet

Basic data unit transmitted via computer networks. Packets consist of a header which include essential data (i.e. source and destination IP address, protocol type, etc.) and of the data body,. Data transmitted via networks is divided into small segments, or packets. If an error is detected in any packet or a packet is lost, it is not necessary to repeat the entire transmission process, only the particular packet will be re-sent.

POP3

Post Office Protocol is a protocol that enables users to download messages from a server to their local computer. It is suitable for clients who don't have a permanent connection to the Internet. Contrary to IMAP protocol, POP3 does not allow users to manage email from multiple locations because all operations to messages have to be made on a client's computer. POP3 enables access only to the INBOX folder and it does not support public and shared folders.

Port



16-bit number (1—65535) used by TCP and UDP protocols to identify applications (services) at the host. More than one application can be run at a host simultaneously (i.e. WWW server, mail client, FTP client, etc.) Each application is identified by a port number. Ports from 1 to 1023 are determined and they are used by standard (e.g. system) services (i.e. 80 = WWW). Ports greater than 1024 are free for use by any application (usually by clients as source ports or by nonstandard server applications).

PPTP

Microsoft's proprietary protocol used for design of virtual private networks (see chapters concerning VPN).

Private IP addresses

Local networks which do not belong to the Internet (private networks) use reserved ranges of IP addresses (private addresses). These addresses cannot be used in the Internet. This implies that IP ranges for local networks cannot collide with IP addresses used in the Internet.

The following IP ranges are reserved for private networks:



  • 10.0.0.0/255.0.0.0



  • 172.16.0.0/255.240.0.0



  • 192.168.0.0/255.255.0.0



Protocol inspector

WinRoute's plug-in (partial program), which is able to monitor communication using application protocols (e.g. HTTP, FTP, MMS, etc.). Protocol inspection is used to check proper syntax of corresponding protocols (mistakes might indicate an intrusion attempt), to ensure its proper functionality while passing through the firewall (e.g. FTP in the active mode, when data connection to a client is established by a server) and to filter traffic by the corresponding protocol (e.g. limited access to Web pages classified by URLs, anti-virus check of downloaded objects, etc.).

Unless traffic rules are set to follow a different policy, each protocol inspector is automatically applied to all connections of the relevant protocol that are processed through WinRoute.

Proxy server

Common Internet connection type. Proxy servers connect clients and destination servers.

A proxy server works as an application and it is adapted for several application protocols (i.e. HTTP, FTP, Gopher, etc.). It is primarily used to facilitate Internet communication for private networks and to monitor and control Web traffic.

Routing table



The information used by routers when making packet forwarding decisions. Packets are routed according to the packet's destination IP address. The routing table can be viewed in Windows operating systems using the route print command.

Script

A code that is run on the Web page by a client (Web browser). Scripts are used for generating of dynamic elements on Web pages. However, they can be misused for ads, exploiting of user information, etc. Modern Web browsers usually support several script languages, such as JavaScript and Visual Basic Script (VBScript).

SPAM

Unwanted, usually advertisement email.

SMTP

Simple Mail Transfer Protocol is used for sending email between mail servers. The SMTP envelope identifies the sender/recipient of an email.

Spoofing

Spoofing is a technique where source IP address in a packet is faked to make recipients suppose that packets are coming from trustworthy IP addresses.

SSL

SSL is a protocol used to secure and encrypt network communication. SSL was originally designed by Netscape in order to ensure secure transfer of Web pages over HTTP protocol. Nowadays, it is used by most standard Internet protocols (SMTP, POP3, IMAP, LDAP, etc.).

Communication between the client and server operates as follows: the client generates a symmetric key and encrypts it with the public server key (obtained from the server certificate). The server decrypts it with its private key (kept solely by the server). Thus the symmetric key is known only to the server and client.

TCP

Transmission Control Protocol is a transmission protocol which ensures reliable and sequentional data delivery. It establishes so called virtual connections and provides tools for error correction and data stream control. It is used by most of applications protocols which require reliable transmission of all data, such as HTTP, FTP, SMTP, IMAP, etc.

TCP protocol uses the folowing special control information — so called flags:





  • SYN (Synchronize) — connection initiation ( first packet in each connection)



  • ACK (Acknowledgement) — acknowledgement of received data



  • RST (Reset) — request on termination of a current connection and on initiation of a new one



  • URG (Urgent) — urgent packet



  • PSH (Push) — request on immediate transmission of the data to upper TCP/IP layers



  • FIN (Finalize) — connection finalization



TCP/IP

Name used for all traffic protocols used in the Internet (i.e. for IP, ICMP, TCP, UDP, etc.). TCP/IP does not stand for any particular protocol!

TLS

Transport Layer Security. New version of SSL protocol. TLS is standardized by IETF and accepted by all significant software providers (i.e. Microsoft Corporation).

UDP

User Datagram Protokol is a transmission protocol which transfers data through individual messages (so called datagrams). It does not establish new connections nor it provides reliable and sequentional data delivery, nor it enables error correction or data stream control. It is used for transfer of small-sized data (i.e. DNS queries) or for transmissions where speed is preferred from reliability (i.e. realtime audio and video files transmission).

VPN

Virtual Private Network, VPN represents secure interconnection of private networks (i.e. of individual offices of an organization) via the Internet. Traffic between both networks (so called tunnel) is encrypted. This protects networks from tapping. VPN incorporates special tunneling protocols, such as Microsoft's IPSec and PPTP (Point-to-Point Tunnelling Protocol).

WinRoute contains a proprietary VPN implemetation called Kerio VPN.


Ñîäåðæàíèå ðàçäåëà