Intrusion Prevention Fundamentals

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [Z]

sample RFI questions

sandbox

scenarios for IPS deployment

     at branch offices

     at home office

     at large enterprises 2nd

     at medium educational institutions

     at medium financial enterprises

     at small offices

secondary policy groups, configuring

securing management communication

     device-to-device

     OOB

security policies

     anomaly-based

     atomic rule-based

     behavioral

     pattern-based

selecting

     location for IPS sensor placement

     management method

     NIPS management architecture

    sensors, criteria

         form factor

         interfaces

         processing capacity

sensors

     alerts, risk ratings

     Cisco Catalyst 6500 series IDSM-2

     Cisco IDS Network Module

     Cisco IOS IPS sensors

     Cisco IPS 4200 series appliance sensors

     Cisco product availability

     configuring

    inline mode

         failure of

         functionality

     installing

     large deployments

     promiscuous mode

    selection criteria

         form factor

         interfaces

         processing capacity

     small deployments

shared IPS/IDS capabilities

     alert generation

     initiating IP blocking

     IP logging

     logging attacker traffic

     logging traffic between attacker and victim

     logging victim traffic

     resetting TCP connections

shims

signature updates

signatures

     alerts

     allow signature action

     atomic signatures

         host-based

         network-based

     block signature action

     cabling

     characteristics of

     drop signature action

     event horizon

     event responses

     log signature action

     reset signature action

     stateful

         host-based

         network-based

         with anomaly-based triggering mechanism

     triggering mechanisms

         anomaly-based detection

         behavior-based detection

         pattern detection

     tuning

single packets, dropping

single-server management model

small IPS sensor deployments

small office IPS deployment

     HIPS implementation

     limiting factors

     NIPS implementation

     security policy goals

social engineering

software bypass

software updates

source IP addresses

     dropping all packets from

     spoofing

Spacefiller

spam

SPAN (Switch Port Analyzer), capturing network traffic

spyware

SQL Slammer worm

stack memory

standalone appliance sensors

stateful operation method of network traffic analysis

stateful signatures

     host-based

     network-based

summary alerts

suspicious activity, IPS response methods

     alerting actions

     blocking actions

     dropping actions

     logging actions

switch ports, role in layered defense

switches

     capturing network traffic

symbolic links

system call interception

system log analysis

system state conditions