Community VLAN Ports belonging to a community VLAN can communicate with one another, but not with ports in other community VLANs.

Confidentiality Data confidentiality is provided by encrypting data. If a third party intercepts
the encrypted data, he or she cannot interpret it.

Context-Based Access Control (CBAC) Represents a significant advance over ACLs in that it provides stateful packet filtering capability. CBAC provides the capacity to monitor several attributes in TCP connections, UDP sessions, and Internet Control Message Protocol (ICMP). This monitoring is done in an effort to be sure that the only traffic allowed through a firewall ACL is the return traffic for a dialogue that was originated on the private side of the firewall.

Cryptographic hash This function is a transformation that takes an input and returns a
string, which is called the hash value. Cryptographic hash functions begin with the assumption that an adversary can deliberately try to find inputs with the same hash value. Creating a well-designed cryptographic hash involves a one-way operation in which there is no practical way to calculate a particular data input that will result in a desired hash value. This one-way nature
makes the hash very difficult to forge.

Cryptography The practice and study of encoding information to protect the original
contents. In modern terms this is considered the breach between mathematics and computer science, combining to provide a means of securing information both in computer systems and on networks.

Data diddling The process of changing data before it is stored in a computing system.

Data Encryption Standard (DES) Typically operates in block mode, where it encrypts data
in 64-bit blocks. Like other symmetric algorithms, DES uses the same algorithm and key for both encryption and decryption. DES has weathered nearly 35 years of cryptographic scrutiny. To this point, no significant flaws have been found. Adding to its appeal, DES may be easily implemented and accelerated in hardware.

Defense in Depth A design philosophy that uses a layered security approach to eliminate a
single point of failure and to provide overlapping protection.

Demilitarized zone (DMZ) Sometimes called a screened subnet. A segment of the overall
network that is cordoned off through the use of two firewalls. One of these firewalls sits between the DMZ and the Internet, and the other sits between the DMZ and the internal network. This configuration may also be referred to as creating a “perimeter” network.