Term
|
Definition
| A monitoring technique used by an intrusion detection system (IDS) that creates a baseline of normal activities and compares actions against the baseline. Whenever there is a significant deviation from this baseline, an alarm is raised. |
|
|
Term
|
Definition
| firewall A firewall that can identify the applications that send packets through the firewall and then make decisions about the applications. |
|
|
Term
|
Definition
| A specialized intrusion detection system (IDS) that is capable of using |
|
|
Term
|
Definition
| An intrusion prevention system (IPS) that knows information such as the applications that are running as well as the underlying operating systems. |
|
|
Term
|
Definition
| A special proxy server that knows the application protocols that it supports. |
|
|
Term
| behavior-based monitoring |
|
Definition
| A monitoring technique used by an IDS that uses the normal processes and actions as the standard and compares actions against it. |
|
|
Term
|
Definition
| Searching incoming web content to match keywords. |
|
|
Term
|
Definition
| A defense that uses multiple types of security devices to protect a network. Also called layered security. |
|
|
Term
|
Definition
| A separate network that rests outside the secure network perimeter: untrusted outside users can access the DMZ but cannot enter the secure network. |
|
|
Term
|
Definition
| A set of individual instructions to control the actions of a firewall. |
|
|
Term
|
Definition
| A monitoring technique used by an intrusion detection system (IDS) that uses an algorithm to determine if a threat exists. |
|
|
Term
| host-based intrusion detection system (HIDS) |
|
Definition
| A software-based application that runs on a local host computer that can detect an attack as it occurs. |
|
|
Term
| intrusion detection system (IDS) |
|
Definition
| A device that detects an attack as it occurs. |
|
|
Term
|
Definition
| A defense that uses multiple types of security devices to protect a network. Also called defense in depth. |
|
|
Term
|
Definition
| A dedicated network device that can direct requests to different servers based on a variety of factors. |
|
|
Term
|
Definition
| Searching for malware in incoming web content. |
|
|
Term
| network access control (NAC) |
|
Definition
| A technique that examines the current state of a system or network device before it is allowed to connect to the network. |
|
|
Term
| network address translation (NAT) |
|
Definition
| A technique that allows private IP addresses to be used on the public Internet. |
|
|
Term
| network intrusion detection system (NIDS) |
|
Definition
| A technology that watches for attacks on the network and reports back to a central device. |
|
|
Term
| Network intrusion prevention system (NIPS) |
|
Definition
| A technology that monitors network traffic to immediately react to block a malicious attack. |
|
|
Term
|
Definition
| Hardware or software that captures packets to decode and analyze their contents. |
|
|
Term
|
Definition
| A computer or an application program that intercepts user requests from the internal secure network and then processes those requests on behalf of the users. |
|
|
Term
|
Definition
| Any combination of hardware and software that enables remote users to access a local internal network. |
|
|
Term
|
Definition
| A computer or an application program that routes incoming requests to the correct server. |
|
|
Term
|
Definition
| A device that can forward packets across computer networks. |
|
|
Term
| signature-based monitoring |
|
Definition
| A monitoring technique used by an intrusion detection system (IDS) that examines network traffic to look for well-known patterns and compares the activities against a predefined signature. |
|
|
Term
| subnetting (subnet addressing) |
|
Definition
| A technique that uses IP addresses to divide a network into network, subnet, and host. |
|
|
Term
|
Definition
| A device that connects network segments and forwards only frames intended for that specific device or frames sent to all devices. |
|
|
Term
| Unified Threat Management (UTM) |
|
Definition
| Network hardware that provides multiple security functions. URL filtering Restricting access to unapproved websites. |
|
|
Term
|
Definition
| A technology that allows scattered users to be logically grouped together even though they may be attached to different switches. |
|
|
Term
| virtual private network (VPN) |
|
Definition
| A technology that enables use of an unsecured public network as if it were a secure private network. |
|
|
Term
|
Definition
| A device that aggregates VPN connections. |
|
|
Term
|
Definition
| A special type of application-aware firewall that looks at the applications using HTTP. |
|
|
Term
|
Definition
| A device that can block malicious content in real time as it appears (without first knowing the URL of a dangerous site). |
|
|
