8.7. Glossary
In the following table we can find the definition of some keywords that are necessary to better understand the documentation of OpenNAC Enterprise.
2FA |
Two-factor authentication, sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves. |
802.1x |
Is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN. |
Active Directory |
Is the Microsoft commercial name provided to Directory services, Active directory contains all the domain assets such as user, printers, groups… |
Administration Portal |
Main administration tool to be used by any Network or Security Engineer. You can carry out Administration, Operation, troubleshooting and monitoring for openNAC Technologies |
Apache HTTP Server |
Is a free and open-source cross-platform web server software, released under the terms of Apache License 2.0 |
API |
Is the acronym for Application Programming Interface, which is a software intermediary that allows two applications to talk to each other. |
Business Profiles |
OpenNAC has a event classification method, a business profiles includes one o many policies. This type of groups can be used to filter and create specific reports and queries. |
BYOD |
Bring your own device, is a policy that allows employees in an organization to use their personally owned devices for work-related activities. |
CA |
Certification authority, is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others to rely upon signatures or on assertions made about the private key that corresponds to the certified public key. A CA acts as a trusted third party—trusted. |
Captive Portal |
It is a user portal where: user devices can be registered, Guest access form is available, OpenNAC Agent can be downloaded. |
COA |
Radius Change of Authorization is a method used to change authorization status in a realm time and during a current session. |
Configuration Vars |
OpenNAC module where you include default parameters to be used. |
Configuration Wizads |
OpenNAC Technologies includes configuration wizards that provide a key benefit regarding Network access control technologies, this allows to Generate certificates, create a initial configuration and also Join to Active Directory among others. |
DHCP Server |
Is a network server that automatically provides and assigns IP addresses, default gateways and other network parameters to client devices. It relies on the standard protocol known as Dynamic Host Configuration Protocol or DHCP to respond to broadcast queries by clients. |
Digital Certificates |
Is a file or electronic password that proves the authenticity of a device, server, or user through the use of cryptography and the public key infrastructure (PKI). |
DNS Server |
Domain Name System, is the hierarchical and decentralized naming system used to identify computers reachable through the Internet or other Internet Protocol (IP) networks. |
Elasticsearch |
Is a search engine based on the Lucene library. It provides a distributed, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents. |
FreeRadius |
Is a modular, high performance free RADIUS suite developed and distributed under the GNU General Public License, version 2, and is free for download and use. The FreeRADIUS Suite includes a RADIUS server, a BSD-licensed RADIUS client library, a PAM library, an Apache module, and numerous additional RADIUS related utilities and development libraries. |
IOT |
The Internet of things describes physical objects (or groups of such objects) with sensors, processing ability, software, and other technologies that connect and exchange data with other devices and systems over the Internet or other communications networks. |
Kibana |
Is a source-available data visualization dashboard software for Elasticsearch. It provides visualization capabilities on top of the content indexed on an Elasticsearch cluster. Users can create bar, line and scatter plots, or pie charts and maps on top of large volumes of data. |
Layer2 |
Is referred to the Layer 2 of OSI Model. This layer is the protocol layer that transfers data between adjacent network nodes in a wide area network (WAN) or between nodes on the same local area network (LAN) segment. |
Layer3 |
Is referred to the Layer 3 of OSI Model. The network layer is responsible for packet forwarding including routing through intermediate routers, since it knows the address of neighboring network nodes, and it also manages quality of service (QoS), and recognizes and forwards local host domain messages to the Transport layer (layer 4). |
Layer4 |
Is referred to the Layer 4 of OSI Model. The transport layer is a conceptual division of methods in the layered architecture of protocols in the network stack in the Internet Protocol Suite and the Open Systems Interconnection (OSI). It provides services such as connection-oriented data stream support, reliability, flow control, and multiplexing. |
LDAP |
Is the protocol used to gain access to a directory services, LDAP contains all the domain assets such as user, printers, groups… |
Logstash |
Is a tool for managing events and logs. When used generically, the term encompasses a larger system of log collection, processing, storage and searching activities. |
MAB |
It is an access control technique that allows port-based access control by using an endpoint’s MAC address. An interface with MAB authentication configured can be dynamically enabled or disabled based on the connected endpoint’s MAC address. |
Malware |
Is an intrusive software that is designed to damage and destroy computers and computer systems. Malware is a contraction for “malicious software.” Examples of common malware includes viruses, worms, Trojan viruses, spyware, adware, and ransomware. |
MemCache |
It is an open source, distributed memory object caching system that alleviates database load to speed up dynamic Web applications. |
MFA |
Multi-factor Authentication is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber attack. |
MySQL |
Is a relational database management system (RDBMS) developed by Oracle that is based on structured query language (SQL). |
NAC |
Network access control is an approach to computer security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication and network security enforcement. |
NGFW |
Is a network security device that provides capabilities beyond a traditional, stateful firewall. While a traditional firewall typically provides stateful inspection of incoming and outgoing network traffic, a next-generation firewall includes additional features like application awareness and control, integrated intrusion prevention, and cloud-delivered threat intelligence. |
NMAP |
Is a free and open source tool used for vulnerability checking, port scanning and, of course, network mapping. |
ON Agent |
Is used to provided security analysis, Hardware and software inventory and VPN Client. |
ON Analytics |
Is one Role in openNAC technologies, this provide an Analysis Engine and reporting capabilities. Stores all tje events in different index which are searchable and easily filtered. |
ON Captive |
It is used to configure the Captive Portal workflows and themes. |
ON Core |
Is the main role in openNAC technologies, this provide for instance AAA Services and many others. |
ON NAC |
OpenNAC module that include Policy Engine and Business Profiles. |
ON Netconf/ON Backup |
OpenNAC module that include Network management tool such us macros, cron and devices backups. |
ON Sensor |
Is an OpenNAC technology role. This can deployed an in bound or out of bound, this collects and decoding network protocols and sends it to ON Analytics. This is based on Zeek IDS/IPS technologies. |
OTP |
One-time password systems provide a mechanism for logging on to a network or service using a unique password that can only be used once, as the name suggests. |
OVA |
Is a Open Source format to distribute and deploy Virtual Machines. |
P12 file |
A p12 file contains a digital certificate that uses PKCS#12 (Public Key Cryptography Standard #12) encryption. It is used as a portable format for transferring personal private keys and other sensitive information. |
PEAP |
The Protected Extensible Authentication Protocol, also known as Protected EAP, is a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel |
PEM file |
Privacy Enhanced Mail is a Base64 encoded DER certificate. PEM certificates are frequently used for web servers as they can easily be translated into readable data using a simple text editor. Generally when a PEM encoded file is opened in a text editor, it contains very distinct headers and footers. |
Plugins |
Is an application that, in a computer program, adds additional functionality or a new feature to the software. |
Policy Engine |
Is one of the main modules of ON Core where authentication, authorization and accounting happens. Additional capabilities are also included like tagging, registering and plugin calls. |
Project qualification |
Is the process carry out by openNAC Professional in order to define a clear design, scope of work and guarantee a success implementation projects. |
PSK |
Phase Shift Keying, a digital data modulation system in which binary data signals switch the phase of a radio frequency carrier |
Quarantine VLAN |
Is a VLAN where the users are sent by Policy or by Administrator instructions, this is a secure environment where the User devices can be isolated and managed properly without risk. Normally any device that is not compliance in terms of security is sent to this. |
Radius |
Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service. RADIUS was developed by Livingston Enterprises in 1991 as an access server authentication and accounting protocol. |
Registry VLAN |
Is a VLAN where the users register its devices in ON Core CMDB. |
Service VLAN |
Is a VLAN where the users are sent when authentication happens properly or when Security policy decides, this provide access to corporate network and only the set the resources defined by the policy. |
SIEM |
Security information and event management (SIEM) technology supports threat detection, compliance and security incident management through the collection and analysis (both near real time and historical) of security events, as well as a wide variety of other event and contextual data sources. |
Smart Card |
Chip card, or integrated circuit card (ICC or IC card) is a physical electronic authorization device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) chip. |
SNMP |
Simple Network Management Protocol is a protocol wildly used to carry out network devices management. |
SSID |
A service set identifier (SSID) is a sequence of characters that uniquely names a wireless local area network (WLAN). An SSID is sometimes referred to as a “network name”. This name allows stations to connect to the desired network when multiple independent networks operate in the same physical area. |
TCP |
Transmission Control Protocol, is a communication standard that enables application programs and computing devices to exchange messages over a network. It is designed to send packets across the internet and ensure the successful delivery of data and messages over networks. |
Traps SNMP |
Are SNMP messages that comes from Network devices such as Switches, AP, VPNs or others to notify changes to openNAC. |
UDP |
User Datagram Protocol is a communication protocol that facilitates the exchange of messages between computing devices in a network. It’s an alternative to the transmission control protocol (TCP). In a network that uses the Internet Protocol (IP), it is sometimes referred to as UDP/IP. |
UDS |
User Data source (UDS) is the name used by openNAC to provide identity repositories. |
VLAN |
Virtual Local Area Network is a logical subgroup within a local area network that is created through software rather than by manually moving cables in the wiring closet. It combines user stations and network devices into a single unit regardless of the physical LAN segment they are attached to. It also lets traffic flow more efficiently within populations of mutual interest. |
Wired AutoConfig |
Wired AutoConfig Service is a system service that provisions local area network (LAN) Ethernet adapters with the security and connectivity settings that are required for Institute of Electrical and Electronics Engineers (IEEE) 802.1X authenticated IEEE 802.3 wired access. |
Wireguard |
WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. |
WMI |
Windows Management Instrumentation (WMI) is the infrastructure for management data and operations on Windows-based operating systems. You can write WMI scripts or applications to automate administrative tasks on remote computers, but WMI also supplies management data to other parts of the operating system and products. |
Zeek |
Formerly BRO, is a free and open-source software network analysis framework. It can be used as a network intrusion detection system (NIDS) but with additional live analysis of network events. It is released under the BSD license. |