McAfee® Host Intrusion Prevention 6.1 Product Guide

Glossary

severity level

One of four levels of risk assigned to signatures:

Information (blue) – a modification to the system configuration or an attempt to access sensitive system components, but which are not generally evidence of an attack.

Low (yellow) – a modification to the system configuration or an attempt to access sensitive system components, but are not identified as known attacks and are indicative of suspicious behavior on the part of a user or application.

Medium (orange) – a known attack with low to medium risk, or highly suspicious behavior by a user or an application.

High (red) – attack that poses a serious threat to security.

signature

The set of rules that describes security threats and instructions to a host or network. Each of the three types of IPS signatures, host (HIPS), custom (HIPS), and network (NIPS), has an associated severity level indicating the danger of the potential attack.

See also behavioral rule.

signature files See DAT files.

silent installation

An installation method that installs a software package onto a computer silently, without need for user intervention.

site

In the console tree, a logical collection of entities assembled for ease of management. Sites can contain groups or computers, and can be organized by IP address range, IP subnet mask, location, department, and others.

site administrator

A user account with read, write, and delete permissions, as well as rights to all operations for the specified site (except those restricted to the global administrator), and for all groups and computers under it on the console tree.

Compare to global reviewer, global administrator, site reviewer.

site reviewer

A user account with read-only permissions, that can view all settings in the software for the specified site, but cannot change any settings.

Compare to global administrator, global reviewer, site administrator.

smurf attack

A denial-of-service attack that floods its target with replies to ICMP echo (ping) requests. A smurf attack sends ping requests to Internet broadcast addresses, which forward the ping requests to as many as 255 hosts on a subnet. The return address of the ping request is spoofed to be the address of the attack target. All hosts receiving ping requests reply to the attack target, flooding the target with replies.

snooping

Passively observing a network.

spoofing

Forging something, such as an IP address, to hide one’s location and identity.

state

Describes the manner in which a client is actually functioning (current state), or is functioning after its next

communication with the server (requested state). The console recognizes four different state: Normal, Uninstalling, No connection, No license.

Status Monitor

See Agent Monitor.

194

Page 193 Page 195
Page 194
Image 194
McAfee 6.1 manual 194, Severity level
Page 193 Page 195
Top Page Image Contents