|
|
|
Switch Configuration Protocol. Cisco control protocol that runs directly over the Ethernet.
|
|
Simple Certificate Enrollment Protocol. The Cisco Systems PKI communication protocol that leverages existing technology by using PKCS#7 and PKCS#10. SCEP is the evolution of the enrollment protocol.
|
|
Security Device Event Exchange. A product-independent standard for communicating security device events. It adds extensibility features that are needed for communicating events generated by various types of security devices.
|
|
Accepts requests for events from remote clients.
|
|
Protocol that provides a secure remote connection to a router through a Transmission Control Protocol (TCP) application.
|
|
You can partition a single adaptive security appliance into multiple virtual devices, known as security contexts. Each context is an independent device, with its own security policy, interfaces, and administrators. Multiple contexts are similar to having multiple standalone devices. Many features are supported in multiple context mode, including routing tables, firewall features, IPS, and management.
|
|
Monitoring Center for Security. Provides event collection, viewing, and reporting capability for network devices. Used with the IDS MC.
|
|
The interface on the sensor that monitors the desired network segment. The sensing interface is in promiscuous mode; it has no IP address and is not visible on the monitored segment.
|
|
The sensor is the intrusion detection engine. It analyzes network traffic searching for signs of unauthorized activity.
|
|
A component of the IPS. Performs packet capture and analysis. SensorApp analyzes network traffic for malicious content. Packets flow through a pipeline of processors fed by a producer designed to collect packets from the network interfaces on the sensor. SensorApp is the standalone executable that runs Analysis Engine.
|
|
Deals with specific protocols, such as DNS, FTP, H255, HTTP, IDENT, MS RPC, MS SQL, NTP, P2P, RPC, SMB, SNMP, SSH, and TNS.
|
|
Used for the release of defect fixes and for the support of new signature engines. Service packs contain all of the defect fixes since the last base version (minor or major) and any new defects fixes.
|
|
Command used on routers and switches to provide either Telnet or console access to a module in the router or switch.
|
|
Small Form-factor Pluggable. Often refers to a fiber optic transceiver that adapts optical cabling to fiber interfaces. See GBIC for more information.
|
|
Enables a dynamic response to an attacking host by preventing new connections and disallowing packets from any existing connection. It is used by ARC when blocking with a PIX Firewall.
|
Signature Analysis Processor
|
A processor in the IPS. Dispatches packets to the inspectors that are not stream-based and that are configured for interest in the packet in process.
|
|
A signature distills network information and compares it against a rule set that indicates typical intrusion activity.
|
|
A component of the sensor that supports many signatures in a certain category. An engine is composed of a parser and an inspector. Each engine has a set of legal parameters that have allowable ranges or sets of values.
|
|
Executable file with its own versioning scheme that contains binary code to support new signature updates.
|
Signature Event Action Filter
|
Subtracts actions based on the signature event signature ID, addresses, and risk rating. The input to the Signature Event Action Filter is the signature event with actions possibly added by the Signature Event Action Override.
|
Signature Event Action Handler
|
Performs the requested actions. The output from Signature Event Action Handler is the actions being performed and possibly an evIdsAlert written to the Event Store.
|
Signature Event Action Override
|
Adds actions based on the risk rating value. Signature Event Action Override applies to all signatures that fall into the range of the configured risk rating threshold. Each Signature Event Action Override is independent and has a separate configuration value for each action type.
|
Signature Event Action Processor
|
Processes event actions. Event actions can be associated with an event risk rating threshold that must be surpassed for the actions to take place.
|
signature fidelity rating
|
SFR. A weight associated with how well a signature might perform in the absence of specific knowledge of the target. The signature fidelity rating is configured per signature and indicates how accurately the signature detects the event or condition it describes.
|
|
Executable file that contains a set of rules designed to recognize malicious network activities, such as worms, DDOS, viruses, and so forth. Signature updates are released independently, are dependent on a required signature engine version, and have their own versioning scheme.
|
|
A processor in the IPS. Process found on dual CPU systems.
|
|
Server Message Block. File-system protocol used in LAN manager and similar NOSs to package data and exchange information with other systems.
|
|
Simple Mail Transfer Protocol. Internet protocol providing e-mail services.
|
|
Serial Number. Part of the UDI. The SN is the serial number of your Cisco product.
|
|
Subnetwork Access Protocol. Internet protocol that operates between a network entity in the subnetwork and a network entity in the end system. SNAP specifies a standard method of encapsulating IP datagrams and ARP messages on IEEE networks. The SNAP entity in the end system makes use of the services of the subnetwork and performs three key functions: data transfer, connection management, and QoS selection.
|
|
|
|
Simple Network Management Protocol. Network management protocol used almost exclusively in TCP/IP networks. SNMP provides a means to monitor and control network devices, and to manage configurations, statistics collection, performance, and security.
|
|
SNMP Version 2. Version 2 of the network management protocol. SNMP2 supports centralized and distributed network management strategies, and includes improvements in the SMI, protocol operations, management architecture, and security.
|
|
Passes traffic through the IPS system without inspection.
|
|
Address of a network device that is sending data.
|
|
Switched Port Analyzer. Feature of the Catalyst 5000 switch that extends the monitoring abilities of existing network analyzers into a switched Ethernet environment. SPAN mirrors the traffic at one switched segment onto a predefined SPAN port. A network analyzer attached to the SPAN port can monitor traffic from any other Catalyst switched port.
|
|
Loop-free subset of a network topology.
|
|
Structured Query Language. International standard language for defining and accessing relational databases.
|
|
Type of RAM that retains its contents for as long as power is supplied. SRAM does not require constant refreshing, like DRAM.
|
|
Secure Shell. A utility that uses strong authentication and secure communications to log in to another computer over a network.
|
|
Secure Socket Layer. Encryption technology for the Internet used to provide secure transactions, such as the transmission of credit card numbers for e-commerce.
|
|
A DDoS tool that relies on the ICMP protocol.
|
|
Stateful searches of HTTP strings.
|
|
A processor in the IPS. Keeps track of system statistics such as packet counts and packet arrival rates.
|
Stream Reassembly Processor
|
A processor in the IPS. Reorders TCP streams to ensure the arrival order of the packets at the various stream-based inspectors. It is also responsible for normalization of the TCP stream. The normalizer engine lets you enable or disable alert and deny actions.
|
|
A signature engine that provides regular expression-based pattern inspection and alert functionality for multiple transport protocols, including TCP, UDP, and ICMP.
|
|
A more granular representation of a general signature. It typically further defines a broad scope signature.
|
|
Refers to attaching rubber feet to the bottom of a sensor when it is installed on a flat surface. The rubber feet allow proper airflow around the sensor and they also absorb vibration so that the hard-disk drive is less impacted.
|
|
Network device that filters, forwards, and floods frames based on the destination address of each frame. The switch operates at the data link layer of the OSI model.
|
|
Denial of Service attack that sends a host more TCP SYN packets (request to synchronize sequence numbers, used when opening a connection) than the protocol implementation can handle.
|
|
The full IPS application and recovery image used for reimaging an entire sensor.
|