Cisco IPS-4255-K9 Installation Guide - Page 390
Deals with specific protocols, such as DNS, FTP, H255, HTTP, IDENT, MS RPC, MS SQL, NTP, P2P, RPC, SMB
UPC - 746320951096
View all Cisco IPS-4255-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 390 highlights
Glossary sensing interface The interface on the sensor that monitors the desired network segment. The sensing interface is in promiscuous mode; it has no IP address and is not visible on the monitored segment. sensor The sensor is the intrusion detection engine. It analyzes network traffic searching for signs of unauthorized activity. SensorApp A component of the IPS. Performs packet capture and analysis. SensorApp analyzes network traffic for malicious content. Packets flow through a pipeline of processors fed by a producer designed to collect packets from the network interfaces on the sensor. SensorApp is the standalone executable that runs Analysis Engine. Service engine Deals with specific protocols, such as DNS, FTP, H255, HTTP, IDENT, MS RPC, MS SQL, NTP, P2P, RPC, SMB, SNMP, SSH, and TNS. service pack Used for the release of defect fixes and for the support of new signature engines. Service packs contain all of the defect fixes since the last base version (minor or major) and any new defects fixes. session command Command used on routers and switches to provide either Telnet or console access to a module in the router or switch. SFP Small Form-factor Pluggable. Often refers to a fiber optic transceiver that adapts optical cabling to fiber interfaces. See GBIC for more information. shun command Enables a dynamic response to an attacking host by preventing new connections and disallowing packets from any existing connection. It is used by ARC when blocking with a PIX Firewall. Signature Analysis A processor in the IPS. Dispatches packets to the inspectors that are not stream-based and that are Processor configured for interest in the packet in process. signature A signature distills network information and compares it against a rule set that indicates typical intrusion activity. signature engine A component of the sensor that supports many signatures in a certain category. An engine is composed of a parser and an inspector. Each engine has a set of legal parameters that have allowable ranges or sets of values. signature engine update Executable file with its own versioning scheme that contains binary code to support new signature updates. Signature Event Action Filter Subtracts actions based on the signature event signature ID, addresses, and risk rating. The input to the Signature Event Action Filter is the signature event with actions possibly added by the Signature Event Action Override. Signature Event Action Handler Performs the requested actions. The output from Signature Event Action Handler is the actions being performed and possibly an evIdsAlert written to the Event Store. Signature Event Action Override Adds actions based on the risk rating value. Signature Event Action Override applies to all signatures that fall into the range of the configured risk rating threshold. Each Signature Event Action Override is independent and has a separate configuration value for each action type. Signature Event Action Processor Processes event actions. Event actions can be associated with an event risk rating threshold that must be surpassed for the actions to take place. GL-18 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01