Cisco IPS-4255-K9 - Intrusion Protection Sys 4255 Installation Manual page 374

Glossary
Advanced Inspection and Prevention Security Services Module. The IPS plug-in module in the Cisco
AIP SSM
ASA 5500 series adaptive security appliance. AIP-SSM is an IPS services module that monitors and
performs real-time analysis of network traffic by looking for anomalies and misuse based on an
extensive, embedded signature library. When AIP-SSM detects unauthorized activity, it can terminate
the specific connection, permanently block the attacking host, log the incident, and send an alert to the
device manager. See also adaptive security appliance.
The IPS software module that processes all signature events generated by the inspectors. Its primary
Alarm Channel
function is to generate alerts for each event it receives.
Specifically, an IPS event type; it is written to the Event Store as an evidsAlert. In general, an alert is
alert
an IPS message that indicates a network exploit in progress or a potential security problem occurrence.
Also known as an alarm.
The IPS software module that handles sensor configuration. It maps the interfaces and also the
Analysis Engine
signature and alarm channel policy to the configured interfaces. It performs packet analysis and alert
detection. The Analysis Engine functionality is provided by the SensorApp process.
AD. The sensor component that creates a baseline of normal network traffic and then uses this baseline
anomaly detection
to detect worm-infected hosts.
Application Programming Interface. The means by which an application program talks to
API
communications software. Standardized APIs allow application programs to be developed
independently of the underlying method of communication. Computer application programs run a set
of standard software interrupts, calls, and data formats to initiate contact with other devices (for
example, network services, mainframe communications programs, or other program-to-program
communications). Typically, APIs make it easier for software developers to create links that an
application needs to communicate with the operating system or with the network.
Any program (process) designed to run in the Cisco IPS environment.
application
Full IPS image stored on a permanent storage device used for operating the sensor.
application image
A specific application running on a specific piece of hardware in the IPS environment. An application
application instance
instance is addressable by its name and the IP address of its host computer.
The bootable disk or compact-flash partition that contains the IPS software image.
application partition
Attack Response Controller. Formerly known as Network Access Controller (NAC). A component of
ARC
the IPS. A software module that provides block and unblock functionality where applicable.
The overall structure of a computer or communication system. The architecture influences the
architecture
capabilities and limitations of the system.
Address Resolution Protocol. Internet protocol used to map an IP address to a MAC address. Defined
ARP
in RFC 826.
Adaptive Security Device Manager. A web-based application that lets you configure and manage your
ASDM
adaptive security device.
Abstract Syntax Notation 1. Standard for data presentation.
ASN.1
Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0
GL-2
OL-18504-01