Internet Security FAQ
What is a firewall?
A firewall is a device that serves as a barrier between networks controlling data traffic. Firewalls are most commonly placed between the organizationís network and the Internet. They can also be used internally between the corporate financial information and the rest of the company. Firewalls are additional security mechanisms that should be included in all networks, both wired and wireless, and personal devices. With the increased risks that are associated with wireless networks, it is important to include firewalls if possible.
What is a DMZ?
DMZ stands for "De-Militarized Zone". It refers to a network segment that is a "middle ground" along side two networks that are separated by a firewall. The DMZ is designed to allow public access, and is assumed to be much less secure than the firewall network. Put public services here. It is always assumed that machines in the DMZ are vulnerable to attack.
What is encryption?
Encryption is a means of protecting transmitted data to prevent anyone but the intended recipient from reading that data. A mathematical algorithm is performed with the data to convert it to a sequence that appears to be random (pseudo random) and can only be recognized and decoded by the receiver. There are several methods of encryption; some have already been compromised.
What is a VPN?
VPN stands for "Virtual Private Network". VPN's are implementations of secure communications established by building secure channels between two endpoints using authentication and encryption. These are sometimes called "secure tunnels".
What is IPSEC?
IPSEC stands for "Secure IP". It is the IETF's standard for creating secure IP communication channels. It consists of developing "security associations" between systems using the protocols of the AH (authentication header) and ESP (encapsulating security payload). IPSEC operates at the network layer. This means that normal applications should operate without changes. IPSEC implementations are allowed to vary. Authentication might involve manually configured keys, and DIFFIE-HELLMAN key exchanges. Encryption might involve TRIPLE-DES, etc. Make sure to check compatibility and standards compliance for interoperability. IPSEC is becoming the most popular method for building commercial VPN's.