Filter
Top Products
Glossary
GL-19
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
session command
Command used on routers and switches to provide either Telnet or console access to a module in the
router or switch.
SFP
Small Form-factor Pluggable. Often refers to a fiber optic transceiver that adapts optical cabling to fiber
interfaces. See GBIC for more information.
shared secret
A piece of data known only to the parties involved in a secure communication. The shared secret can
be a password, a passphrase, a big number, or an array of randomly chosen bytes.
shun command
Enables a dynamic response to an attacking host by preventing new connections and disallowing
packets from any existing connection. It is used by ARC when blocking with a PIX Firewall.
Signature Analysis
Processor
A processor in the IPS. Dispatches packets to the inspectors that are not stream-based and that are
configured for interest in the packet in process.
signature
A signature distills network information and compares it against a rule set that indicates typical
intrusion activity.
signature engine
A component of the sensor that supports many signatures in a certain category. An engine is composed
of a parser and an inspector. Each engine has a set of legal parameters that have allowable ranges or
sets of values.
signature engine
update
Executable file with its own versioning scheme that contains binary code to support new signature
updates.
Signature Event
Action Filter
Subtracts actions based on the signature event signature ID, addresses, and risk rating. The input to the
Signature Event Action Filter is the signature event with actions possibly added by the Signature Event
Action Override.
Signature Event
Action Handler
Performs the requested actions. The output from Signature Event Action Handler is the actions being
performed and possibly an evIdsAlert written to the Event Store.
Signature Event
Action Override
Adds actions based on the risk rating value. Signature Event Action Override applies to all signatures
that fall into the range of the configured risk rating threshold. Each Signature Event Action Override is
independent and has a separate configuration value for each action type.
Signature Event
Action Processor
Processes event actions. Event actions can be associated with an event risk rating threshold that must
be surpassed for the actions to take place.
signature fidelity
rating
SFR. A weight associated with how well a signature might perform in the absence of specific
knowledge of the target. The signature fidelity rating is configured per signature and indicates how
accurately the signature detects the event or condition it describes.
signature update
Executable file that contains a set of rules designed to recognize malicious network activities, such as
worms, DDOS, viruses, and so forth. Signature updates are released independently, are dependent on a
required signature engine version, and have their own versioning scheme.
Slave Dispatch
Processor
A processor in the IPS. Process found on dual CPU systems.
SMB
Server Message Block. File-system protocol used in LAN manager and similar NOSs to package data
and exchange information with other systems.
SMTP
Simple Mail Transfer Protocol. Internet protocol providing e-mail services.