Once an Event Rule is triggered and assuming all conditions are met, EFT Server launches one or more user-definable Actions, such as executing a command, sending an e-mail, offloading a file, or a combination of multiple actions.
Active Directory. A Microsoft implementation of LDAP directory services used to provide central authentication and authorization services for Windows-based computers.
ActiveX Data Objects. A language-neutral object model that exposes data raised by an underlying OLE DB Provider.
List of well-defined instructions that tell a computer the procedure and order of steps to perform a specific task.
Auditing and Reporting Module. Captures the transactions passing through EFT Server and provides an interface in EFT Administrator where you can use preconfigured or your own custom reports to query, filter, and view transaction data.
Applicability Statement 2. A specification for data exchange, to perform the task of sending and receiving data via a secure connection. AS2 is also referred to as EDIINT AS2 or EDI over the Internet AS2.
Name by which trading partners identify themselves to each other when transferring files via the AS2 protocol.
A receipt returned to the sender on a different communication session than the sender's original message session.
Base Distinguished Name. Specifies the necessary domain components of the LDAP server.
Certificates are digital identification documents that allow both servers and clients to authenticate each other. A certificate file has a .crt extension.
Algorithm for performing encryption. See SSL.
Group of tightly coupled computers that work together closely so that they can be viewed as though they are a single computer. A failover cluster has redundant nodes that are used to provide service when system components fail.
Component Object Model. A programmatic interface that allows you to control EFT Server from your own custom applications using any COM-enabled programming language.
EFT Server's Commands can execute programs, scripts, or batch files with or without command line arguments, providing administrators almost limitless extensibility. These Commands can be invoked directly by a user from an FTP client (if permitted by the EFT Server administrator) or as an automated action from EFT Server’s Event Rules.
Compensating controls may be considered when an entity cannot meet a requirement explicitly as stated, due to legitimate technical or documented business constraints but has sufficiently mitigated the risk associated with the requirement through implementation of other controls. Compensating controls must 1) meet the intent and rigor of the original stated PCI DSS requirement; 2) repel a compromise attempt with similar force; 3) be \"above and beyond\" other PCI DSS requirements (not simply in compliance with other PCI DSS requirements); and 4) be commensurate with the additional risk imposed by not adhering to the PCI DSS requirement.
Allows you narrow the trigger definition for an Event Rule. Conditions are optional; you do not have to define a condition on an Event Rule to make it trigger an action, but they allow more control over when an Action can take place.
Residual physical representation of data that has been in some way erased.
Distinguished Encoding Rules. A method for encoding a data object, such as an X.509 certificate, to be digitally signed or to have its signature verified.
Server designed to reside in the demilitarized zone to provide secured communications with EFT Server behind intranet firewalls without requiring any inbound firewall holes between the internal network and the DMZ.
Data Source Name. Data structure that contains the information about a database that an Open Database Connectivity (ODBC) driver needs to connect to it. Included in the DSN is information such as the name, directory, and driver of the database, and the ID and password of the user.
Data Security Standard. Represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information and provides an actionable framework for developing a robust account data security process, including preventing, detecting, and reacting to security incidents.
Business-to-Business Electronic Commerce.
Electronic Data Interchange. Transfer of data between companies using VANs or the Internet. An organization's EDI standard describes the mandatory information for a particular type of document, which information is optional, and the structure of the document. For example, an architectural firm may require a particular file-naming convention.
Encrypting File System. A file system driver with filesystem-level encryption available in Microsoft's Windows 2000 and later operating systems. The technology transparently allows files to be encrypted on NTFS file systems to protect confidential data from attackers with physical access to the computer. EFS is susceptible to brute-force attacks against user account passwords.
Enhanced File Transfer
Used to specify an action to occur when an event takes place and/or a condition is present; e.g., send an e-mail when a file is uploaded.
In EFT Administrator, you can define and manage physical folders and virtual folders.
File Transfer Protocol. Protocol used for exchanging files over any network that supports TCP/IP (such as the Internet or an intranet). FTP servers by default listen on port 21 for incoming connections from FTP clients.
File Transfer Protocol Secure (commonly referred to as FTP/SSL). A method by which software can perform secure file transfers, involving the use of a SSL/TLS layer below the standard FTP protocol to encrypt the control and/or data channels.
Digital certificate provider, owned and operated by VeriSign.
Gramm-Leach-Bliley Act. GLBA compliance is mandatory for financial services companies; a policy must be in place to protect financial information from foreseeable threats in security and data integrity.
Allows the administrator to define access permissions to files and folders. Just as User Setting Levels control access to EFT Server resources such as bandwidth allowances and connectivity privileges, Groups control access to folders. See virtual folders.
Health Insurance Portability and Accountability Act. Enacted by the U.S. Congress in 1996; requires the establishment of national standards for electronic health care transactions; addresses the security and privacy of health data.
High Security - The HS-PCI module helps to create a high-security, hardened EFT Server that achieves or exceeds corporate and/or industry security best practices for data transfer and storage.
High Security Payment Card Industry Module. Add-on to EFT Server to add high security features and facilitate ongoing compliance with PCI DSS v1.1.
HyperText Markup Language. Used to define the structure of a Web page. Compare to XML.
Hypertext Transfer Protocol. An application protocol that runs on top of the TCP/IP suite of protocols used for Internet/intranet communications, typically over port 80.
Secure HTTP connection. HTTP is used, but with TCP port 443 and an additional encryption/authentication layer between the HTTP and TCP.
Internet Engineering Task Force. Develops and promotes Internet standards, cooperating closely with the W3C and ISO/IEC standard bodies; dealing in particular with standards of the TCP/IP and Internet protocol suite.
Microsoft Internet Information Services. Provides Web infrastructure security.
An instance of the SQL Server 2000 database engine is one copy of the database software that operates as an operating system service.
There are two types of Certificate authorities (CAs): Root CAs and Intermediate CAs. A certificate signed by a Root CA is implicitly trusted by most Web browsers. A certificate signed by an Intermediate CA may not be implicitly trusted by most Web browsers. Intermediate CA certificates are sometimes called \"chained root certificates.\" An Intermediate CA signed certificate often costs significantly less than a Root CA signed certificate.
Internet Security and Acceleration Server. Microsoft Proxy Server; Firewalling & Security product based on Microsoft Windows.
IUSR_
Internet Server Web Application Manager. IWAM_
Lightweight Directory Access Protocol. An application protocol for querying and modifying directory services running over TCP/IP.
Denotes user names in the LDAP database. This allows you to specify the attribute from the queried list of users that denotes user names. Commonly used attributes are cn or uid.
Base Distinguished Name. Specifies necessary domain components of the LDAP server. Some LDAP systems, such as Sun ONE Server and Microsoft’s Active Directory server, require the organizational unit (\"ou\") that houses the users on that LDAP server to be included in the BaseDN to allow users to successfully authenticate. The organizational unit is the parent object that contains the user objects. For example, if the classObject that holds user accounts is person, the hierarchical parent node/container could be the organizational unit people. If the organizational unit is required by your LDAP server, prepend it to the distinguished name.
Port of the LDAP server. The default is port 389; port 636 for SSL connections.
EFT Server uses the User Filter to query the LDAP server for a list of users. The default setting is objectClass=person, which retrieves the users on the LDAP server that belong to the person ObjectClass.
Multiple Attachments. The ability to transfer multiple documents within a single AS2 message.
A secure, one-way hash algorithm used in conjunction with digital signature allowed in AS2. SHA-1 is recommended.
Message Disposition Notification. The Internet messaging format used to convey a receipt; MDN is used interchangeably with receipt.
Managed File Transfer. Provides control over network file transfers, including securing the data by encrypting the transmission channel or the data itself, managing trading partners and the way they are authenticated, automating transfers to ensure that service level agreements are met, monitoring and reporting file transfer activity for accountability, and passing data through the DMZ to a backend server so that no sensitive data resides in the DMZ.
The message integrity check (MIC), also called the message digest, is the digest output of the hash algorithm used by the digital signature.
Multipurpose Internet Mail Extensions. A specification for formatting non-ASCII messages so that they can be sent over the Internet. S/MIME supports encrypted messages.
Mode Z compression compresses files on the fly for file transfers, saving bandwidth and improving transfer times.
Microsoft SQL Server 2000 Desktop Engine, used by the Auditing and Reporting module.
National Center for Supercomputing Applications.
Non-repudiation of receipt (NRR) is a legal event that occurs only when the original sender has verified the signed receipt returned from the recipient of the message, and has verified that the returned message integrity check (MIC) inside the MDN matches the previously recorded value for the original message. That is, the sender of the message obtains undeniable proof that the recipient received the message and that the message was not altered in transit. NRR is established when both the original message and the receipt use digital signatures.
NT Lan Manager. A challenge/response form of authentication that was the default network authentication protocol in Windows NT 4.0.
Open Database Connectivity. A standard database access method used to access any data from any application, regardless of which database management system (DBMS) is handling the data.
Uses public-key cryptography and includes a system that binds the public keys to a user name.
One-Time Password. Intended to make it more difficult to gain unauthorized access. By constantly altering the password, as is done with a one-time password, this risk can be greatly reduced.
Primary Account Number. A unique sequence of numbers assigned to a cardholder account that identifies the issuer and type of financial transaction card.
Payment Card Industry. The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination, and implementation of security standards for account data protection.
Multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures.
Privacy Enhanced Mail. Base64 encoded DER certificate, enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.
Microsoft utility. Allows you to view a running count of anonymous and nonanonymous users and other IIS objects.
Directory you create on your hard drive from within the EFT Server.
Peer Notification Channel. The outbound-initiated two way socket connection used for communication, typically on port 44500 on the DMZ Server.
Post Office Protocol version 3. Used to retrieve e-mail from a remote server over TCP/IP. Compare to SMTP.
The server's private key decrypts the client's session. The private key has a .key extension and is part of the public-private key pair.
Special set of rules between a client program and a server program in a network.
A message encrypted with a recipient's public key cannot be decrypted by anyone except the recipient possessing the corresponding private key. See Private Key.
A public key BLOB contains the public key in plaintext form.
The functional message that is sent from a receiver to a sender to acknowledge receipt of an EDI/EC interchange. This message may be either synchronous or asynchronous.
Unsigned public key certificate or a self-signed certificate; part of a public key infrastructure scheme. The most common commercial variety is based on the ITU-T X.509 standard, which normally includes a digital signature from a certificate authority (CA).
Secured Multi Purpose Internet Mail Extensions. A format and protocol for adding cryptographic signature and/or encryption services to Internet MIME messages.
Storage Area Network. An architecture to attach remote computer storage devices such as disk arrays, tape libraries and optical jukeboxes to servers in such a way that, to the operating system, the devices appear as locally attached devices.
Allows internal users to send and receive large e-mail file attachments to recipients outside of your organization quickly, reliably, and securely, all without having to manually create or maintain FTP accounts on EFT Server.
In EFT Administrator, a Server contains the settings for one or more EFT Servers, either locally or remotely.
In EFT Administrator, Server Groups are at the top of EFT Server's setting hierarchy and allow you to group multiple Servers.
The client and the server use the session key to encrypt data; created by the client via the server’s public key. See Public Key.
Secure File Transfer Protocol. A network protocol designed by the IETF to provide secure file transfer and manipulation facilities over the secure shell (SSH) protocol.
Secure, one-way Hash Algorithm used in conjunction with digital signature; the recommended algorithm for AS2.
A receipt with a digital signature.
In EFT Administrator, a Site is similar to a virtual FTP server bound to one or more IP addresses.
Simple Mail Transfer Protocol. Simple text-based protocol used to send e-mail using TCP on port 25 (by default). (Compare to POP3.)
SQL Server is a relational database management system (RDBMS) produced by Microsoft.
Secure Sockets Layer, a protocol designed and implemented by Netscape Communications, provides for encryption of a session, authentication of a server, and optionally a client, and message authentication.
A receipt returned to the sender during the same HTTP session as the sender's original message.
Transmission Control Protocol/Internet Protocol. Uses the client/server model of communication in which a computer user (a client) requests and is provided a service (such as sending a Web page) by another computer (a server) in the network.
Transport Layer Security. SSL has been merged with other protocols and authentication methods into this new protocol.
Organizations that send or receive documents from each other. The trading partners agree on the specific information to be transmitted and how it should be used.
Uniform Naming Convention path. e.g., \\\\computername\\sharedfolder\\resource.
Uniform Resource Locator. An Internet address. See also URI.
Allows you to apply a setting configuration to an entire group of users. Every client account or user must be a member of a User Setting Level. User Setting Levels exist within a Site and consist of a group of settings used as a template. AKA Settings Level.
Value Added Network. Private network provider that leases communication lines to its subscribers. In the healthcare industry, a VAN is referred to as a \"Clearinghouse\" and has additional legal restrictions that govern protected healthcare information.
EFT Server's Virtual File System allows you to grant access to files and folders on your system based on user and Group permissions. See virtual folder.
Similar to a shortcut, a virtual folder points to an existing folder on your computer or another system.
Virtual Private Network. A communications network tunneled through another network and dedicated for a specific network.
World Wide Web Consortium
Browser-based file transfer client that allows users to transfer files to/from an EFT Server using a connected Web browser.
Web Services Description Language. An XML format for describing network services as a set of endpoints operating on messages containing either document-oriented or procedure-oriented information.
EFT Server's file integrity command. When an XCRC-enabled client performs a transfer, it can request EFT Server to do a checksum calculation on the file. If it matches the checksum on the client, then the transfer is deemed successful.
Extensible Markup Language. A general-purpose markup language used to store any amount of text/data enclosed by a user-defined start and end tag. Compare to HTML.