Designed to overcome the security challenges for enterprise-wide fabrics by providing switch-to-switch and host-to-switch authentication. The focus of FC-SP is protecting data in transit throughout the Fibre Channel network.
Fibre Channel zoning The partitioning of a Fibre Channel fabric into smaller subsets for security purposes.
Firewall Allows for the segmentation of networks into different physical subnetworks, thereby
helping limit the potential damage that could spread from one subnet to another. This term comes from firewalls in buildings, which limit the spread of a fire. A firewall may be a piece of software or hardware that acts as a barrier between the internal (trusted) network and the external (untrusted) network, such as
the Internet.
Gatekeeper Can be thought of as the “traffic cop” of the WAN. For example, because bandwidth on a WAN typically is somewhat limited, a gatekeeper can monitor the available bandwidth. Then, when there is not enough bandwidth to support another voice call, the gatekeeper can deny future call attempts.
Gateway Can forward calls between different types of networks. For example, you could
place a call from an IP phone in your office, through a gateway to the PSTN, to call your home.
Hashing Used to provide data integrity. Hashes are based on one-way mathematical
functions that can be easy to compute but extremely challenging to reverse. The way that hashing works in practice is that data of an arbitrary length is input into the hash function and is processed through the function, resulting in a fixed-length hash. The resultant fixed-length hash is called either the digest or fingerprint.
Heap overflow A type of buffer overflow that occurs in the heap data area. Memory on
the heap is dynamically allocated by the application at runtime and typically contains program data. A heap overflow is not as likely to result in a condition permitting remote code execution as a buffer overflow.
HMAC Keyed Hash Message Authentication Code. An HMAC in cryptographic terms is a
type of message authentication code calculated by using a cryptographic hash function along with a secret key. This may be used to simultaneously verify both the data’s integrity and the message’s authenticity. An iterative cryptographic hash function such as MD5 or SHA-1 may be used to calculate the HMAC. When these are used, the resulting MAC algorithm is called HMAC-MD5 or HMAC-SHA-1, for instance. The cryptographic strength of the underlying hash function, along with the key’s size and quality and the hash output length in bits, define the cryptographic strength of the HMAC.
No comments:
Post a Comment