Glossary
GL-22
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2
OL-29168-01
terminal server
A router with multiple, low speed, asynchronous ports that are connected to othe r serial devices.
Terminal servers can be used to remotely manage network equipment, including sensors.
TFN
Tribe Flood Network. A common type of DoS attack that can take advantage of forged or rapidly
changing source IP addresses to allow attackers to thwart efforts to locate or filter the attacks.
TFN2K
Tribe Flood Network 2000. A common type of DoS attack that can take advantage of forged or rapidly
changing source IP addresses to allow attackers to thwart efforts to locate or filter the attacks.
TFTP
Trivial File Transfer Protocol. Simplified version of FTP that lets files be transferred from one
computer to another over a network, usually without the use of client authentication (for example,
username and password).
threat rating
TR. A threat rating is a value between 0 and 100 that represents a numerical decrease of the risk rating
of an attack based on the response action that depicts the threat of an alert on the monitored network.
three-way
handshake
Process whereby two protocol entities synchronize during connection establishment.
threshold
A value, either upper- or lower-bound that defines the maximum/minimum allowable condition before
an alarm is sent.
Time Processor
A processor in the IPS. Processes events stored in a time-slice calendar. Its primary task is to make stale
database entries expire and to calculate time-dependent statistics.
TLS
Transport Layer Security. The protocol used over stream transports to negotiate the identity of peers
and establish encrypted communications.
TNS
Transparent Network Substrate. Provides database applications with a single common interface to all
industry-standard network protocols. With TNS, database applications can connect to other database
applications across networks with different protocols.
topology
Physical arrangement of network nodes and media within an enterprise networking structure.
TPKT
Transport Packet. RFC 1006-defined method of demarking messages in a packet. The protocol uses ISO
transport services on top of TCP.
traceroute
Program available on many systems that traces the path a packet takes to a destination. It is used mostly
to debug routing problems between hosts. A traceroute protocol is also defined in R FC 1393.
traffic analysis
Inference of information from observable characteristics of data flow(s), even when the data is
encrypted or otherwise not directly available. Such charact eristics include the identities and locations
of the source(s) and destination(s), and the presence, amo unt, frequency, and duration of occurrence.
Traffic ICMP engine
Analyzes traffic from nonstandard protocols, such as TFN2K, LOKI, and DDOS.
trap
Message sent by an SNMP agent to an NMS, a console, or a terminal to indicate the occurrence of a
significant event, such as a specifically defined condition or a threshold that was reached.
Trojan engine
Analyzes traffic from nonstandard protocols, such as BO2K and TFN2K.
trunk
Physical and logical connection between two switches across which network traffic travels. A backbone
is composed of a number of trunks.