click below
click below
Normal Size Small Size show me how
Chapter 7- Security
Term | Definition |
---|---|
Anomaly-based monitoring | A monitoring technique used by an intrusion detection system (IDS) that creates a baseline of normal activities and compares actions against the baseline. Whenever there is a significant deviation from this baseline, an alarm is raised. |
Application-aware firewall | A firewall that can identify the applications that send packets through the firewall and then make decisions about the applications. |
Application-aware IDS | A specialized intrusion detection system (IDS) that is capable of using "contextual knowledge" in real time. |
Application-aware proxy | A special proxy server that knows the application protocols that it supports. |
Behavior-based monitoring | A monitoring technique used by an IDS that uses the normal processes and actions as the standard and compares actions against it. |
Content inspection | Searching incoming web content to match keywords. |
Defense in depth | A defense that uses multiple types of security devices to protect a network. Also called layered security. |
Demilitarized zone | A separate network that rests outside the secure network perimeter: Untrusted outside users can access the DMZ, but can not access the secure network. |
Firewall rules | A set of individual instructions to control the actions of a firewall. |
Heuristic monitoring | A monitoring technique used by an intrusion detection system (IDS) that uses an algorithm to determine if a threat exists. |
Host-based intrusion detection system (HIDS) | A software-based application that runs on a local host computer that can detect an attack as it occurs. |
Intrusion detection system (IDS) | A device that detects an attack as it occurs. |
Layered security | A defense that uses multiple types of security devices to protect a network. Also called defense in depth. |
Load balancer | A dedicated network device that can direct requests to different servers based on a variety of factors. |
Malware inspection | Searching for malware in incoming web content. |
Network access control (NAC) | A technique that examines the current state of a system or network device before it is allowed to connect to the network. |
Network Address Translator (NAT) | A technique that allows private IP addresses to be used on the public internet. |
Network intrusion detection system (NIDS) | A technology that watches for attacks on the network and reports back to a central device. |
Network intrusion prevention system (NIPS) | A technology that monitors network traffic to immediately react to block a malicious attack. |
Protocol Analyzer | Hardware or software that captures packets to decode and analyze its contents. |
Proxy server | A computer system (or an application program) that intercepts internal user requests and then processes that request on behalf of the user. |
Remote access | Any combination of hardware and software that enables remote users to access a local internal network. |
Reverse proxy | A computer or an application program that routes incoming requests to the correct server. |
Router | A device that forwards data packets across computer networks. |
Signature-based monitoring | A monitoring technique used by an intrusion detection system (IDS) that examines network traffic to look for well-known patterns and compares the activities against a predefined signature. |
Subnetting (subnet addressing) | A technique that uses IP addresses to divide a network into network, subnet, and host. |
Switch | A device that connects network segments and forwards on frames intended for that specific device or frames sent to all devices. |
Unified Threat Management (UTM) | Network hardware that provides multiple security functions |
URL Filtering | Restricting access to unapproved websites. |
Virtual Lan (VLAN) | A technology that allows scattered users to be logically grouped together even though they may be attached to different switches. |
Virtual Private Network (VPN) | A technology that enables use of an unsecured public network as if it were a secure private network. |
VPN Concentrator | A device that aggregates VPN connections. |
Web application firewall | A special type of application-aware firewall that looks at the applications using HTTP. |
Web security gateway | A device that can block malicious content in real time as it appears. |