click below
click below
Normal Size Small Size show me how
Chapter 7
Term | Definition |
---|---|
anomaly-based monitoring | a monitoring technique used by an intrusion detection system that creates a baseline of normal activities and compares actions against the baseline |
application-aware firewall | a firewall that can identify the applications that send packets through the firewall and then make decisions about the applications |
application-aware IDS | a specialized intrusion detection system capable of using "contextual knowledge" in real time |
application-aware IPS | intrusion prevention system that knows info such as the applications running and the underlying OS |
application-aware proxy | special proxy server that knows the application protocols that it supports |
behavior based monitoring | a monitoring technique used by an IDS that uses the normal process and actions as the standard and compares actions against it |
content inspection | searching incoming web content to match keywords |
defense in depth | defense that uses multiple types of security devices to protect a network |
DMZ | a separate network that rests outside the secure network perimeter |
firewall rules | set of individual instructions to control the actions of a firewall |
heuristic monitoring | monitoring technique used by an intrusion detection system that uses an algorithm to determine if a threat exists |
HIDS | software-based app that runs on a local host computer that can detect an attack as it occurs |
IDS | device that detects an attack as it occurs |
layered security | defense that uses multiple types of security devices to protect a network |
load balancer | dedicated network device that can direct requests to different servers based on a variety of factors |
malware inspection | searching for malware in incoming web content |
NAC | technique that examines the current state of a system or network device before it is allowed to connect to the network |
NAT | a technique that allows a private ip addresses to be used on the public internet |
NIDS | tech that watches for attacks on the network and reports back to a central device |
NIPS | tech that monitors network traffic to immediately react to block a malicious attack |
protocol analyzer | hardware or software that captures packets to decode and analyze their contents |
proxy server | a computer or app program that intercepts user requests from the internal secure network and then processes those requests on behalf of the users |
remote access | any combination of hardware and software that enables remote users to access a local internal network |
reverse proxy | a computer or an app program that routes incoming requests to the correct server |
router | device that can forward packets across computer networks |
signature-based monitoring | monitoring technique used by an intrusion detection system that examins net traffic to look for well-known patterns and compares the activities against a predefined signature |
Subnetting | technique that uses IP addresses to divide a network into network, subnet, and host |
switch | dvice that connects network segments and forwards only frames intended for that specific device or frames sent to all devices |
UTM | network hardware that provides multiple security functions |
URL filtering | Restricting access to unapproved websites |
VLAN | tech that allows scattered users to be logically grouped together even though they may be attached to different switches |
VPN | tech that enables use of an unsecured public network as if it were a secure private nertwork |
VPN connector | device that aggregates VPN connections |
web app firewall | a special type of application-aware firewall that looks at the apps using html |
web security gateway | device that can block malicious content in real time as it appears |