Cisco IPS-4240-K9 - Intrusion Protection Sys 4240 Installation Manual page 176

Glossary
Management Center for IDS Sensors. A web-based IDS manager that can manage configurations for
IDS MC
up to 300 sensors.
All packets entering or leaving the network must pass through the sensor.
inline mode
Refers to the logical grouping of sensing interfaces. Multiple sensing interfaces can be assigned to a
interface group
logical interface group. Signature parameters are tuned on a per-logical interface group basis.
A security service that monitors and analyzes system events to find and provide real-time or near
intrusion detection
system real-time warning of attempts to access system resources in an unauthorized manner.
32-bit address assigned to hosts using TCP/IP. An IP address belongs to one of five classes (A, B, C,
IP address
D, or E) and is written as 4 octets separated by periods (dotted decimal format). Each address consists
of a network number, an optional subnetwork number, and a host number. The network and subnetwork
numbers together are used for routing, and the host number is used to address an individual host within
the network or subnetwork. A subnet mask is used to extract network and subnetwork information from
the IP address.
IP spoofing attack occurs when an attacker outside your network pretends to be a trusted user either by
IP spoofing
using an IP address that is within the range of IP addresses for your network or by using an authorized
external IP address that you trust and to which you want to provide access to specified resources on
your network. Should an attacker get access to your IPSec security parameters, that attacker can
masquerade as the remote user authorized to connect to the corporate network.
A log of the binary packets to and from a designated address. Iplogs are created when the log Event
iplog
Action is selected for a signature. Iplogs are stored in a libpcap format, which can be read by WireShark
and TCPDUMP.
IP version 6. Replacement for the current version of IP (version 4). IPv6 includes support for flow ID
IPv6
in the packet header, which can be used to identify flows. Formerly called IPng (next generation).
L
See L2P.
Layer 2 Processor
Layer 2 Processor. Processes layer 2-related events. It also identifies malformed packets and removes
L2P
them from the processing path.
A component of the IPS.
Logger
Gathers actions that have occurred in a log file. Logging of security information is performed on two
logging
levels: logging of events (such as IPS commands, errors, and alerts), and logging of individual IP
session information.
Remote access, back door Trojan, ICMP tunneling software. When the computer is infected, the
LOKI
malicious code creates an ICMP tunnel that can be used to send small payload ICMP replies
Installing Cisco Intrusion Prevention System Appliances and Modules 5.0
GL-8
78-16124-01