click below
click below
Normal Size Small Size show me how
Chapter 7
Chapter 7 Terms
Term | Definition |
---|---|
anomaly-based monitoring | A monitoring technique used by an intrusion detection system (IDS) that creates a baseline of normal activities and compares actions against the baseline. Whenever there is a significant deviation from this baseline, an alarm is raised. |
application-aware firewall | A firewall that can identify the applications that send packets through the firewall and the make decisions about the applications. |
application-aware IDS | A specialized intrusion detection system (IDS) that is capable of using "contextual knowledge" in real time. |
application-aware proxy | A special proxy sever that knows the application protocols that it supports. |
behavior-based monitoring | A monitoring technique used by and IDS that uses the normal processes and actions as the standard and compares actions against it. |
content inspection | Searching incoming web content to match keywords. |
defense in depth | A defense that uses multiple types of security devices to protect a network. |
demilitarized zone (DMZ) | A separate network that rest outside the secure network perimeter: untrusted outside users can access the DMZ but cannot enter the secure network. |
firewall rules | A set of individual instructions to control the actions of a firewall. |
heuristic monitoring | A monitoring technique used by an intrusion detection system (IDS) that uses an algorithm to determine if a threat exists. |
host-based intrusion detection system (HIDS) | A software-based application that runs on a local host computer that can detect an attack as it occurs. |
intrusion detection system (IDS) | A device that detects an attack as it occurs. |
layered security | A defense that uses multiple types of security devices to protect a network. |
load balancer | A dedicated network device that can direct requests to different servers based on a variety of factors. |
malware inspection | Searching for malware in incoming web content. |
network access control (NAC) | A technique that examines the current state of a system or network device before it is allowed to connect to the network. |
network address translation (NAT) | A technique that allows private IP addresses to be used on the public Internet. |
network intrusion detection system (NIDS) | A technology that watches for attacks on the network and reports back to at central device. |
network intrusion prevention system (NIPS) | A technology that monitors network traffic to immediately react to block a malicious attack. |
protocol analyzer | Hardware or software that captures packets to decode and analyze their contents. |
proxy server | A computer or an application program that intercepts user requests from the internal secure network and then processes those requests on behalf of the users. |
remote access | Any combination of hardware and software that enables remote users to access a local internal network. |
reverse proxy | A computer or an application program that routes incoming requests to the correct server. |
router | A device that can forward packets across computer networks. |
signature-based monitoring | A monitoring technique used by an intrusion detection system (IDS) that examines network traffic to look for well-known patterns and compares the activities against a predefined signature. |
subnetting (subnet addressing) | A technique that uses IP addresses to divide a network into network, subnet, and host. |
switch | A device that connects all network segments and forwards only frames intended for that specific device or frames sent to all devices. |
Unified Threat Management (UTM) | Network hardware that provides multiple security functions. |
URL filtering | Restricting access to unapproved websites. |
virtual LAN (VLAN) | A technology that allows scattered users to be logically grouped together even though they may be attached to different switches. |
virtual private network (VPN) | A technology that enables use of an unsecured public network as if it were a secure private network. |
VPN concentrator | A device that aggregates VPN connections. |
web application firewall | A special type of application-aware firewall that looks at the applications using HTTP. |
web security gateway | A device that can block malicious content in real time as it appears (without first knowing the URL of a dangerous site). |