McAfee 6.1 - page 194

194

McAfee® Host Intrusion Prevention6.1 Pro duct Guide Glossary

severity level

One of four levels of risk assigned to signatures:

Information (blue) – a modification to the system configuration or an attempt to access sensitive system

components, but which are not generally evidence of an attack.

Low (yellow) – a modification to the system configuration or an attempt to access sensitive system

components, but are not identified as known attacks and are indicative of suspicious behavior on the part of

a user or application.

Medium (orange) – a known attack with low to medium risk, or highly suspicious behavior by a user or an

application.

High (red) – attack that poses a serious threat to security.

signature

The set of rules that describes security threats and instructions to a host or network. Each of the three types

of IPS signatures, host (HIPS), custom (HIPS), and network (NIPS), has an associated severity level indicating

the danger of the potential attack.

See also behavioral rule.

signature files

See DAT files.

silent installation

An installation method that installs a software package onto a computer silently, without need for user

intervention.

site

In the console tree, a logical collection of entities assembled for ease of management. Sites can contain

groups or computers, and can be organized by IP address range, IP subnet mask, location, department, and

others.

site administrator

A user account with read, write, and delete permissions, as well as rights to all operations for the specified

site (except those restricted to the global administrator), and for all groups and computers under it on the

console tree.

Compare to global reviewer, global administrator, site reviewer.

site reviewer

A user account with read-only permissions, that can view all settings in the software for the specified site,

but cannot change any settings.

Compare to global administrator, global reviewer, site administrator.

smurf attack

A denial-of-service attack that floods its target with replies to ICMP echo (ping) requests. A smurf attack

sends ping requests to Internet broadcast addresses, which forward the ping requests to as many as 255

hosts on a subnet. The return address of the ping request is spoofed to be the address of the attack target.

All hosts receiving ping requests reply to the attack target, flooding the target with replies.

snooping

Passively observing a network.

spoofing

Forging something, such as an IP address, to hide one’s location and identity.

state

Describes the manner in which a client is actually functioning (current state), or is functioning after its next

communication with the server (requested state). The console recognizes four different state: Normal,

Uninstalling, No connection, No license.

Status Monitor

See Agent Monitor.