Glossary : A

AAA	Authentication, Authorization, and Accounting. Pronounced "triple-A."
AAL5-SNAP	ATM Adaptation Layer 5 Subnetwork Access Protocol.
AAL5-MUX	ATM Adaptation Layer 5 Multiplexing.
access control, access control rule	information entered into the configuration which allows you to specify what type of traffic to permit or deny into an the interface. By default, traffic that is not explicitly permitted is denied. Access control rules are composed of access control entries (ACEs).
ACE	access control entry. An entry in an ACL that specifies a source host or network and whether or not traffic from that host is permitted or denied. An ACE can also specify a destination host or network, and the type of traffic.
ACL	access control list. Information on a device that specifies which entities are permitted to access that device or the networks behind that device. Access control lists consist of one or more access control entries (ACE).
ACS	Cisco Secure Access Control Server. Cisco software that can implement a RADIUS server or a TACACS+ server. The ACS is used to store policy databases used by Easy VPN, NAC and other features to control access to the network.
address translation	The translation of a network address and/or port to another network address/or port. See also IP address, NAT, PAT, Static PAT.
ADSL	asymmetric digital subscriber line.
aggressive mode	A mode of establishing ISAKMP SAs that simplifies IKE authentication negotiation (phase 1) between two or more IPSec peers. Aggressive mode is faster than main mode, but is not as secure. See main mode, quick mode.
AES	Advanced Encryption Standard
AES-CCMP	Advanced Encryption Standard-Counter Mode with Cipher Block Chaining Message Authentication Code Protocol. AES-CCMP is required for Wi-Fi Protected Access 2 (WPA2) and IEEE 802.11i wireless LAN security.
AH	Authentication Header. This is an older IPSec protocol that is less important in most networks than ESP. AH provides authentication services but does not provide encryption services. It is provided to ensure compatibility with IPSec peers that do not support ESP, which provides both authentication and encryption.
AH-MD5-HMAC	Authentication Header with the MD5 (HMAC variant) hash algorithm.
AH-SHA-HMAC	Authentication Header with the SHA (HMAC variant) hash algorithm.
AHP	Authentication Header Protocol. A protocol that provides source host authentication, and data integrity. AHP does not provide secrecy.
algorithm	A logical sequence of steps for solving a problem. Security algorithms pertain to either data encryption or authentication. DES and 3DES are two examples of data encryption algorithms. Examples of encryption-decryption algorithms include block cipher, CBC, null cipher, and stream cipher. Authentication algorithms include hashes such as MD5 and SHA.
AMI	alternate mark inversion.
ARP	Address Resolution Protocol—A low-level TCP/IP protocol that maps a node hardware address (called a MAC address) to its IP address.
ASA	Adaptive Security Algorithm. Allows one-way (inside to outside) connections without an explicit configuration for each internal system and application.
asymmetric encryption	Also called public key systems, this approach allows anyone to obtain access to anyone else's public key and therefore send an encrypted message to that person using the public key.
asymmetric keys	A pair of mathematically related cryptographic keys. The public key encrypts information that only the private key can decrypt, and vice versa. Additionally, the private key signs data that only the public key can authenticate.
ATM	Asynchronous Transfer Mode. International standard for cell relay in which multiple service types (such as voice, video, and data) are conveyed in fixed-length (53-byte) cells. Fixed-length cells allow cell processing to occur in hardware, thereby reducing transit delays.
authenticate	To establish the truth of an identity.
authentication	In security, the verification of the identity of a person or process. Authentication establishes the integrity of a data stream, ensuring that it was not tampered with in transit, and providing confirmation of the data stream's origin.