click below
click below
Normal Size Small Size show me how
Chapter 7 Terms
Terms for Chapter 7
Term | Definition |
---|---|
anomaly based monitoring | a monitoring technique used by an intrusion detection system that creates a baseline of normal activies and compares actions against the baseline. Whenever there is a significant deviation from this baseline an alarm is raised |
application aware firewall | a firewall that can identify the applications that send packets through the firewall and then make decisions about the applications |
application aware IDS | a specialized intrusion detection system that is capable of using contextual knowledge in real time |
application aware IPS | an intrusion prevention system that knows information such as the applications that are running as well as the underlying operating systems |
application aware proxy | a special proxy server that knows the application protocols that it supports |
behavior based monitoring | a monitoring technique used by an IDS that uses the normal processes and actions as the standard and compares actions against it |
content inspection | searching incoming web content to match keywords |
defense in depth | a defense that uses multiple types of security devies to protect a networks |
demilitarized zone | a seperate network that rests outside the secure network perimeter, untrusted outside users can acess the DMZ but cannot enter the secure network |
firewall rules | a set of individual instructions to control the actions of a firewall |
heuristic monitoring | a monitoring technique used by an intrusion detection system that uses an algorithm to determine if a threat exists |
host based intrusion detection system | a software based application that runs on a local host computer that can detect an attack as it occurrs |
intrusion detection system | a device that detects an attack as it occurs |
layered security | a defense that uses multiple types of security devices to protect a network |
load balancer | a dedicated network device that can direct requests to different servers based on a variety of factors |
malware inspection | searching for malware in incoming web content |
network access control | a technique that examines the current state of a system or network device before it is allowed to connect to the network |
network address translation | a technique that allows private IP addresses to be used on the public internet |
network intrustion detection system | a technology that watches for attacks on the network and reports back to a central device |
network intrusion prevention system | a technology that monitors network traffic to immediately react to block a malicious attack |
protocol analyzer | hardware or software that captures packets to decode and analyze their contents |
proxy server | a computer or an application program that intercepts user requests from the internal secure network and then processes those requests on behalf of the users |
remote access | any combination of hardware and software that enables remote users to access a local internal network |
reverse proxy | a computer or an application program that routes incoming requests to the correct server |
router | a device that can forward packets across computer networks |
signature based monitoring | a monitoring technique used by an intrusion detection system that examines network traffic to look for well known patterns and compares the activities against a predefined signature |
subnetting | a technique that uses IP addresses to divide a network into network, subnet and host |
unified threat management | network hardware that provides multiple security functions |
URL filtering | restricting access to unapproved websites |
virtual LAN | a technology that allows scattered users to be logically grouped together even though they may be attached to different switches |
virtual private network | a technology that enables use of an unsecured public network as if it were a secure private network |
VPN concentrator | a device that aggregates VPN connections |
web application firewall | a special type of application aware firewall that looks at the applications using HTTP |
web security gateway | a device that can block malicious content in real time as it appears |