Cisco IPS-4255-K9 - Intrusion Protection Sys 4255 Installation Manual page 390

Glossary
The interface on the sensor that monitors the desired network segment. The sensing interface is in
sensing interface
promiscuous mode; it has no IP address and is not visible on the monitored segment.
The sensor is the intrusion detection engine. It analyzes network traffic searching for signs of
sensor
unauthorized activity.
A component of the IPS. Performs packet capture and analysis. SensorApp analyzes network traffic for
SensorApp
malicious content. Packets flow through a pipeline of processors fed by a producer designed to collect
packets from the network interfaces on the sensor. SensorApp is the standalone executable that runs
Analysis Engine.
Deals with specific protocols, such as DNS, FTP, H255, HTTP, IDENT, MS RPC, MS SQL, NTP, P2P,
Service engine
RPC, SMB, SNMP, SSH, and TNS.
Used for the release of defect fixes and for the support of new signature engines. Service packs contain
service pack
all of the defect fixes since the last base version (minor or major) and any new defects fixes.
Command used on routers and switches to provide either Telnet or console access to a module in the
session command
router or switch.
Small Form-factor Pluggable. Often refers to a fiber optic transceiver that adapts optical cabling to fiber
SFP
interfaces. See GBIC for more information.
Enables a dynamic response to an attacking host by preventing new connections and disallowing
shun command
packets from any existing connection. It is used by ARC when blocking with a PIX Firewall.
A processor in the IPS. Dispatches packets to the inspectors that are not stream-based and that are
Signature Analysis
configured for interest in the packet in process.
Processor
A signature distills network information and compares it against a rule set that indicates typical
signature
intrusion activity.
A component of the sensor that supports many signatures in a certain category. An engine is composed
signature engine
of a parser and an inspector. Each engine has a set of legal parameters that have allowable ranges or
sets of values.
Executable file with its own versioning scheme that contains binary code to support new signature
signature engine
updates.
update
Subtracts actions based on the signature event signature ID, addresses, and risk rating. The input to the
Signature Event
Action Filter Signature Event Action Filter is the signature event with actions possibly added by the Signature Event
Action Override.
Performs the requested actions. The output from Signature Event Action Handler is the actions being
Signature Event
Action Handler performed and possibly an evIdsAlert written to the Event Store.
Adds actions based on the risk rating value. Signature Event Action Override applies to all signatures
Signature Event
Action Override that fall into the range of the configured risk rating threshold. Each Signature Event Action Override is
independent and has a separate configuration value for each action type.
Processes event actions. Event actions can be associated with an event risk rating threshold that must
Signature Event
Action Processor be surpassed for the actions to take place.
Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0
GL-18
OL-18504-01