Cisco Systems IPS4510K9 , T

Glossary

GL-21

Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2

OL-29168-01

String engine

A signature engine that provides regular expression-based pattern inspection and alert functionality for

multiple transport protocols, including TCP, UDP, and ICMP.

subsignature

A more granular representation of a general signature. It typically further defines a broad scope

signature.

surface mounting

Refers to attaching rubber feet to the bottom of a sensor when it is installed on a flat surface. The rubber

feet allow proper airflow around the sensor and they also absorb vibration so that the hard-disk drive is

less impacted.

switch

Network device that filters, forwards, and floods frames based on the destination address of each frame.

The switch operates at the data link layer of the OSI model.

SwitchApp

A component of the IPS. The IPS 4500 series sensors. have a built in switch that provides external

monitoring interfaces. The SwitchApp enables the InterfaceApp and sensor initialization scripts to

communicate with and control the switch.

SYN flood

Denial of Service attack that sends a host more TCP SYN packets (request to synchronize sequence

numbers, used when opening a connection) than the protocol implementation can handle.

system image

The full IPS application and recovery image used for reimaging an entire sensor.

TAC

A Cisco Technical Assistance Center. There are four TACs worldwide.

TACACS+

Terminal Access Controller Access Control System Plus. Proprietary Cisco enhancement to Terminal

Access Controller Access Control System (TACACS). Provides additional support for authentication,

authorization, and accounting.

target value rating

TVR. A weight associated with the perceived value of the target. Target value rating is a

user-configurable value (zero, low, medium, high, or mission critical) that identifies the importance of

a network asset (through its IP address).

TCP

Transmission Control Protocol. Connection-oriented transport layer protocol that provides reliable

full-duplex data transmission. TCP is part of the TCP/IP protocol stack.

TCPDUMP

The TCPDUMP utility is a free network protocol analyzer for UNIX and Windows. It lets you examine

data from a live network or from a capture file on disk. You can use different options for viewing

summary and detail information for each packet. For more information, see http://www.tcpdump.org/.

TCP reset interface

The interface on the IDSM2 that can send TCP resets. On most sensors the TCP resets are sent out on

the same sensing interface on which the packets are monitored, but on the IDSM2 the sensing interfaces

cannot be used for sending TCP resets. On the IDSM2 the TCP res et interface is designated as port 1

with Catalyst software, and is not visible to the user in Cisco IOS software. The TCP reset action is

only appropriate as an action selection on those signatures that are associated with a TCP-based service.

Telnet

Standard terminal emulation protocol in the TCP/IP protocol stack. Telnet is used for remote terminal

connection, enabling users to log in to remote systems and use resources as if they were connected to

a local system. Telnet is defined in RFC 854.