( click here to skip navigation links )
 
NC State University College of Engineering
-( Eos )-  
News Guide Labs Software Help About
 
     
 

Remote Access Glossary

Remote Access Home

    
 
         
     

$DISPLAY: Variable that tells the X Window System where to display newly created windows.

3DES: Triple DES is a symmetric strong encryption algorithm, or cipher, that is compliant with the OpenPGP standard.

AFS: Andrew File System is a distributed file system created in the Carnegie Mellon University Andrew Project, and, later, a software product of Transarc Corporation, IBM, and OpenAFS. AFS distributes, stores, and joins files on networked computers. This distributed file system software makes it possible for users to access information located on any computer in a network.

Blowfish: A symmetric block cipher that was designed in 1993 by Bruce Schneier as a fast, free alternative to existing encryption algorithms.

cipher: An encryption algorithm.

compression: A mathematical algorithm to allow the storing of data in a format that requires less space than usual.

encryption: The translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it (from http://www.webopedia.com/TERM/e/encryption.html).

firewall: Any one of several mechanisms used to control and watch access to and from a network for the purpose of protecting it. A firewall acts as a gateway through which all traffic to and from the protected network and/or systems passes. Firewalls help to place limitations on the amount and type of communication that takes place between the protected network and another network (from http://www.faqs.org/rfcs/fyi/fyi8.html).

ftp: Internet file transfer protocol for transferring files from one computer to another.

Kerberos: Kerberos was developed as part of MIT's Project Athena. Kerberos is a network authentication protocol that provides a mechanism for mutual authentication between a client and a server, or between one server and another, before a network connection is opened between them. The protocol assumes that initial transactions between clients and servers take place on an open network, where most computers are not physically secure, and packets traveling along the wire can be monitored and modified at will. The assumed environment, in other words, is very much like today's Internet. Kerberos solves this problem by using symmetric secret-key cryptography.

localhost (127.0.0.1): Localhost, or the loop back IP address 127.0.0.1, is traditionally assigned to the local host, meaning that the operating system (OS) will route information destined for localhost to the port on the same machine and will never even reach a NIC. In fact, a NIC is not required to have a localhost.

NAT, masquerading, port forwarding: A popular form of firewalling goes under the technical name of NAT, Network Address Translation, also commonly referred to by its two subcomponents, masquerading and port forwarding. A masquerading firewall allows internal, behind-the-firewall users to get onto the public net while hiding their true network addresses. It does this by "masquerading" or re-writing each private network packet with a public header; the header allows it to be routed on the Internet. Insiders can see the outside world, but outsiders cannot see in. Thus, internal machines can be more loosely secured, and the firewall is more easily guarded as the single point of entry. Port-forwarding does, in a certain sense, the inverse of masquerading. It allows outsiders to see one specific service (port) on an internal machine without seeing any other internal machines (or ports on that machine). Again, the service machine can be somewhat more lightly protected, as the firewall offers the first line of defense (from http://linas.org/linux/vpn.html).

network interface card (NIC): an expansion board you insert into a computer so the computer can be connected to a network. Most NICs are designed for a particular type of network, protocol, and media, although some can serve multiple networks (from http://www.webopedia.com/TERM/N/network_interface_card_NIC.html).

PGP (Pretty Good Privacy): A cryptographic product family first created by Phil Zimmermann in 1991 that enables people to securely exchange messages and to secure files, disk volumes, and network connections with both privacy and strong authentication. OpenPGP is the open source non-proprietary protocol for encrypting email using public key cryptography based on PGP,

public-key encryption: A cryptographic system that uses two keys: a public key known to everyone and a private or secret key known only to the recipient of the message. When John wants to send a secure message to Jane, he uses Jane's public key to encrypt the message. Jane then uses her private key to decrypt it. An important element to the public key system is that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. Moreover, it is virtually impossible to deduce the private key if you know the public key. Public-key systems, such as PGP (Pretty Good Privacy), are becoming popular for transmitting information via the Internet. They are extremely secure and relatively simple to use. The only difficulty with public-key systems is that you need to know the recipient's public key to encrypt a message for him or her. Public key cryptography was invented in 1976 by Whitfield Diffie and Martin Hellman. For this reason, it is sometime called Diffie-Hellman encryption. It is also called asymmetric encryption because it uses two keys instead of one key, or symmetric encryption (from http://www.webopedia.com/TERM/e/public_key_cryptography.html).

rcp: Program that copies files between machines. It mimics the usage of the Unix copy command, cp.

scp: Secure CoPy is a program to copy files between hosts on a network. It uses ssh for authentication and data transfer, thus gaining the features of strong authentication and secure encrypted communications. Replacement for ftp and rcp.

sftp: Secure file transfer program similar to ftp, but performs all operations over an encrypted ssh transport, thus gaining the features of public key encryption and compression.

ssh: Developed by SSH Communications Security Ltd., Secure Shell is a program to log into another computer over a network, execute commands on a remote machine, and move files from one machine to another. It provides strong authentication and secure encrypted communications between two hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can be forwarded over the secure channel. It is a replacement for rlogin, rsh, rcp, rdist and telnet. SSH protects a network from attacks such as IP spoofing, IP source routing, and DNS spoofing. By using ssh's slogin (instead of rlogin), the user initiates an entire login session, including transmission of password, that is encrypted; therefore it is almost impossible for an outsider to collect passwords.

ssh tunneling: The process of taking any networkable connection between two hosts and channeling the information through the SSH session by encapsulating the private data inside of ordinary (usually encrypted) TCP/IP SSH packets. These connections may be arbitrary TCP/IP ports, X11 connections, or even email, allowing for features like encryption and compression for normally unsecure communication.

symmetric encryption: A type of encryption where the same key is used to encrypt and decrypt the message. (from http://www.webopedia.com/TERM/s/symmetric_encryption.html)

TCP/IP Transmission Control Protocol/Internet Protocol the formal rules (protocol) that the Internet uses to support such services as file transfer and mail.

telnet Internet standard protocol that runs on top of TCP/IP and acts as a terminal emulator for a remote login session.

VPN (Virtual Private Networking): A methodology for creating a network of secure links over a public IP infrastructure. These can also be used in order to allow secure access to a given private network from outside of the network.

X11 a network protocol and subroutine library used to create graphic images and windows.

X11 forwarding: The method in which the connection to the X11 display forwards any X11 programs started from the interactive session (or command) to the remote host through an encrypted channel. Thus, the connection to the real X server is made from the local system. This is set up automatically during authentication, so the user should not have to set $DISPLAY variable manually.

X Window System A specification for device-independent windowing operations on bitmap display devices, developed initially by MIT's Project Athena and now a de facto standard supported by the X Consortium. X uses a client-server protocol, the X protocol. The server is the computer or X terminal with the screen, keyboard, mouse and server program, and the clients are application programs. Clients may run on the same computer as the server or on a different computer, communicating over Ethernet via TCP/IP protocols. X clients often run on what people usually think of as their server (e.g., a file server), but in X, it is the screen, keyboard, etc., that are being "served out" to the applications.




    
         

< to Top]

< Home News Guide Labs Software Help About

 

Information Technology and Engineering Computer Services (ITECS)
College of Engineering, North Carolina State University, Raleigh, NC 27695
Comments to eoshelp@ncsu.edu. URL: http://www.eos.ncsu.edu/

 [ ENGR Template ]

 

This support page is for students, faculty, and
staff at North Carolina State University.