Cisco IPS-4255-K9 Installation Guide - Page 374
Advanced Inspection and Prevention Security Services Module. The IPS plug-in module in the Cisco - rfc
UPC - 746320951096
View all Cisco IPS-4255-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 374 highlights
Glossary AIP SSM Advanced Inspection and Prevention Security Services Module. The IPS plug-in module in the Cisco ASA 5500 series adaptive security appliance. AIP-SSM is an IPS services module that monitors and performs real-time analysis of network traffic by looking for anomalies and misuse based on an extensive, embedded signature library. When AIP-SSM detects unauthorized activity, it can terminate the specific connection, permanently block the attacking host, log the incident, and send an alert to the device manager. See also adaptive security appliance. Alarm Channel The IPS software module that processes all signature events generated by the inspectors. Its primary function is to generate alerts for each event it receives. alert Specifically, an IPS event type; it is written to the Event Store as an evidsAlert. In general, an alert is an IPS message that indicates a network exploit in progress or a potential security problem occurrence. Also known as an alarm. Analysis Engine The IPS software module that handles sensor configuration. It maps the interfaces and also the signature and alarm channel policy to the configured interfaces. It performs packet analysis and alert detection. The Analysis Engine functionality is provided by the SensorApp process. anomaly detection AD. The sensor component that creates a baseline of normal network traffic and then uses this baseline to detect worm-infected hosts. API Application Programming Interface. The means by which an application program talks to communications software. Standardized APIs allow application programs to be developed independently of the underlying method of communication. Computer application programs run a set of standard software interrupts, calls, and data formats to initiate contact with other devices (for example, network services, mainframe communications programs, or other program-to-program communications). Typically, APIs make it easier for software developers to create links that an application needs to communicate with the operating system or with the network. application Any program (process) designed to run in the Cisco IPS environment. application image Full IPS image stored on a permanent storage device used for operating the sensor. application instance A specific application running on a specific piece of hardware in the IPS environment. An application instance is addressable by its name and the IP address of its host computer. application partition The bootable disk or compact-flash partition that contains the IPS software image. ARC Attack Response Controller. Formerly known as Network Access Controller (NAC). A component of the IPS. A software module that provides block and unblock functionality where applicable. architecture The overall structure of a computer or communication system. The architecture influences the capabilities and limitations of the system. ARP Address Resolution Protocol. Internet protocol used to map an IP address to a MAC address. Defined in RFC 826. ASDM Adaptive Security Device Manager. A web-based application that lets you configure and manage your adaptive security device. ASN.1 Abstract Syntax Notation 1. Standard for data presentation. GL-2 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01