GL-1
Installing Cisco Intrusion Prevention System Appliances and Modules 5.0
78-16124-01
G L O S S A R Y
Numerals
3DES
Triple Data Encryption Standard. A stronger version of DES, which is the default encryption method
for SSH version 1.5. Used when establishing an SSH session with the sensor. It can be used when the
sensor is managing a device.
A
aaa
authentication, authorization, and accounting. A Cisco IOS software and PIX Firewall command for
controlling how users can log in to a router or a PIX Firewall.
AAA
authentication, authorization, and accounting. Pronounced “triple a.”
ACE
Access Control Entry. An entry in the ACL that describes what action should be taken for a specified
address or protocol. The sensor adds/removes ACE to block hosts.
ACK
acknowledgement. Notification sent from one network device to another to acknowledge that some
event occurred (for example, the receipt of a message).
ACL
Access Control List. A list of ACEs that control the flow of data through a router. There are two ACLs
per router interface for inbound data and outbound data. Only one ACL per direction can be active at a
time. ACLs are identified by number or by name. ACLs can be standard, enhanced, or extended. You
can configure the sensor to manage ACLs.
action
The sensor’s response to an event. An action only happens if the event is not filtered. Possible actions
include TCP reset, block host, block connection, IP logging, and capturing the alert trigger packet.
active ACL
The ACL created and maintained by Network Access Controller and applied to the router block
interfaces.
AIC engine
Application Inspection and Control engine. Provides deep analysis of web traffic. It provides granular
control over HTTP sessions to prevent abuse of the HTTP protocol. It allows administrative control
over applications that try to tunnel over specified ports, such as instant messaging, and tunneling
applications, such as gotomypc. It can also inspect FTP traffic and control the commands being issued.
Alarm Channel
The IPS software module that processes all signature events generated by the inspectors. Its primary
function is to generate alerts for each event it receives.
alert
Specifically, an IPS event type; it is written to the Event Store as an evidsAlert. In general, an alert is
an IPS message that indicates a network exploit in progress or a potential security problem occurrence.
Also known as an alarm.
Содержание AIP-SSM-10
Страница 8: ...Contents viii Installing Cisco Intrusion Prevention System Appliances and Modules 5 0 78 16124 01 ...
Страница 188: ...Glossary GL 20 Installing Cisco Intrusion Prevention System Appliances and Modules 5 0 78 16124 01 ...
Страница 196: ...Index IN 8 Installing Cisco Intrusion Prevention System Appliances and Modules 5 0 78 16124 01 ...