Cisco IPS-4255-K9 - Intrusion Protection Sys 4255 Installation Manual page 387

Act of determining the OS or services available on a system from passive observation of network
passive
interactions.
fingerprinting
The sensor determines host operating systems by inspecting characteristics of the packets exchanged
Passive OS
Fingerprinting on the network.
An attempt to open connections through a firewall to a protected FTP server to a non-FTP port. This
PASV Port Spoof
happens when the firewall incorrectly interprets an FTP 227 passive command by opening an
unauthorized connection.
Port Address Translation. A more restricted translation scheme than NAT in which a single IP address
PAT
and different ports are used to represent the hosts of a network.
Release that addresses defects identified in the update (minor, major, or service pack) binaries after a
patch release
software release (service pack, minor, or major update) has been released.
Protection Against Wrapped Sequence. Protection against wrapped sequence numbers in high
PAWS
performance TCP networks. See
Peripheral Component Interface. The most common peripheral expansion bus used on Intel-based
PCI
computers.
protocol data unit. OSI term for packet. See also BPDU and packet.
PDU
Cisco Product Evolution Program. PEP is the UDI information that consists of the PID, the VID, and
PEP
the SN of your sensor. PEP provides hardware version and serial number visibility through electronic
query, product labels, and shipping items.
packed encoding rules. Instead of using a generic style of encoding that encodes all types in a uniform
PER
way, PER specializes the encoding based on the date type to generate much more compact
representations.
Policy Feature Card. An optional card on a Catalyst 6000 supervisor engine that supports VACL packet
PFC
filtering.
Product Identifier. The orderable product identifier that is one of the three parts of the UDI. The UDI
PID
is part of the PEP policy.
packet internet groper. Often used in IP networks to test the reachability of a network device. It works
ping
by sending ICMP echo request packets to the target host and listening for echo response replies.
Private Internet Exchange Firewall. A Cisco network security device that can be programmed to
PIX Firewall
block/enable addresses and ports between networks.
Public Key Infrastructure. Authentication of HTTP clients using the clients X.509 certificates.
PKI
Power-On Self Test. Set of hardware diagnostics that runs on a hardware device when that device is
POST
powered up.
Designates an ACL from which ARC should read the ACL entries, and where it places entries after all
Post-ACL
deny entries for the addresses being blocked.
Designates an ACL from which ARC should read the ACL entries, and where it places entries before
Pre-ACL
any deny entries for the addresses being blocked.
OL-18504-01
RFC 1323.
Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0
Glossary
GL-15