click below
click below
Normal Size Small Size show me how
Ch. 7 Key Terms
Networking Security Chapter 7 Terms
Term | Definition |
---|---|
Anomaly-based monitoring | A monitoring technique used by an intrusion detection system that creates a baseline of normal activities and compares actions against the baseline Whenever there is a significant deviation from this baseline, an alarm is raised. |
Application-aware firewall | A firewall that can identify the applications that send packets through the firewall and then make decisions about the applications. |
Application-aware IDS | A specialized intrusion detection system that is capable of using "contextual knowledge" in real time. |
Application-aware IPS | An intrusion prevention system that knows information such as the applications that are running as well as the underlying operating system. |
Application-aware proxy | A special proxy server that knows the application protocols that it supports. |
Behavior-based monitoring | A monitoring technique used by an IDS that uses the normal processes and actions as the standard and compares actions against it. |
Content inspection | Searching incoming web content to match keywords. |
Defense in depth | A defense that uses multiple types of security devices to protect a network. Also called layerd security. |
Demilitarized zone | A separate network that rests outside the secure network perimeter: untrusted outside users can access the DMZ but cannot enter the secure network. |
Firewall rules | A set of individual instructions to control the actions of a firewall. |
Heuristic monitoring | A monitoring technique used by an intrustion detection system (IDS) that uses an algorithm to determine if a threat exists. |
Host-based IDS (HIDS) | A software based application that runs on a local host computer that can detect an attack as it occurs. |
Intrusion detection system (IDS) | A device that detects an attack as it occurs. |
Layered security | A defense that uses multiple types of security devices to protect a network. Also called defense in depth. |
Load balancer | A dedicated network device that can direct requests to different servers based on a variety of factors. |
Malware inspection | Searching for malware in incoming web content |
Network access control (NAC) | A technique that examines the current state of a system or network device before it is allowed to connect to the network. |
Network address translation (NAT) | A technique that allows private IP addresses to be used on the public internet. |
Network intrusion detection system (NIDS) | A technology that watches for attacks on the network and reports back to a central device. |
Network intrusion prevention system (NIPS) | A technology that monitors network traffic to immediately react to block a malicious attack. |
Protocol analyzer | Hardware or software that captures packets to decode and analyze their contents. |
Proxy server | A computer or application program that intercepts user requests from the internal secure network and then processes those requests on hahalf of the suers. |
Remote access | Any computer or an application program that intercepts user requests from the internal secure network and then processes those requests on behalf of the suers. |
Remote access | Any combination of hardware and software that enables remote users access a local internal network. |
Reverse proxy | A computer or an application program that routes incoming requests to the correct server. |
Router | A device that can forward packets across computer networks. |
Signature-based monitoring | A monitoring technique used by an intrusion detection system that examines network traffic to look for well known patterns and compares the activities against a predefined signature |
subletting | A technique that uses IP addresses to divide a network into network, subnet, and host. |
Switch | A device that connects network segments and forwards only frames intended for that specific device or frames sent to all devices. |
Unified Thread Management (UTM) | Network hardware that provides multiple security functions. |
URL filtering | Restricting access to unapproved websites. |
Virtual LAN (VLAN) | A technology that allows scattered users to be logically grouped together even though they may be attached to differed switches. |
Virtual private network (VPN) | A technology that enables use of an unsecured public network as if it were a secure private network |
VPN concentrator | A device that aggregates VPN connections |
Web application firewall | A special type of application-aware firewall that looks at the applications using HTTP. |
Web security gateway | A device that can block malicious content in real time as it appears (without first knowing the URL of the dangerous site). |