hit counter script

The Tls Alg - D-Link DFL-260E User Manual

Network security firewall netdefendos version 2.27.03
Hide thumbs Also See for DFL-260E:
Table of Contents

Advertisement

6.2.10. The TLS ALG

6.2.10. The TLS ALG
Overview
Transport Layer Security (TLS) is a protocol that provides secure communications over the public
Internet between two end points through the use of cryptography as well as providing endpoint
authentication.
Typically in a TLS client/server scenario, only the identity of the server is authenticated before
encrypted communication begins. TLS is very often encountered when a web browser connects with
a server that uses TLS such as when a customer accesses online banking facilities. This is
sometimes referred to as an HTTPS connection and is often indicated by a padlock icon appearing in
the browser's navigation bar.
TLS can provide a convenient and simple solution for secure access by clients to servers and avoids
many of the complexities of other types of VPN solutions such as using IPsec. Most web browsers
support TLS and users can therefore easily have secure server access without requiring additional
software.
The Relationship with SSL
TLS is a successor to the Secure Sockets Layer (SSL) but the differences are slight. Therefore, for
most purposes, TLS and SSL can be regarded as equivalent. In the context of the TLS ALG, we can
say that the NetDefend Firewall is providing SSL termination since it is acting as an SSL end-point.
Regarding the SSL and TLS standards supported, NetDefendOS provides termination support for
SSL 3.0 as well as TLS 1.0, with RFC 2246 defining the TLS 1.0 support (with NetDefendOS
supporting the server side part of RFC 2246).
TLS is Certificate Based
TLS security is based on the use of digital certificates which are present on the server side and sent
to a client at the beginning of a TLS session in order to establish the server's identity and then be the
basis for encryption. Certificates which are Certificate Authority (CA) signed can be used on the
server in which case a client's web browser will automatically recognize the validity of the
certificate.
Self-signed certificates can be used instead of CA signed certificates on the server. With self-signed
certificates, the client's web browser will alert the user that the certificate's authenticity is not
recognized and the user will have to explicitly tell the browser to accept the certificate and continue.
the communication between "external" phones and the Gatekeeper to make sure that it
is possible for internal phones to call the external phones that are registered with the
gatekeeper.
294
Chapter 6. Security Mechanisms

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents