SSi Service Strategies Inc.

Terminology

 
Home
Up
Information Request
Evaluation Request
Site Contents
Contact SSi
Glossary of Terms
Site search
Notices

 

 

SSi

Network Protection Terminology

Intrusion Detection Terminology

What is an Excluded Service?

The Excluded Services grid allows you to exclude those services you don’t want to trace between specific hosts and servers. This means that Sessionwall will trace all data on the network, except for excluded services.

What is a Rule?

A rule is a set of conditions that are applied to a session and result in a specific action being taken. The network administrator defines the conditions for the rules. Sessionwall provides policy folders which include rules for monitoring, blocking and alerting, for identifying intrusion attempts, for identifying URL and malicious applet controls, for identifying suspicious network activity, and for monitoring Web usage.

What are Monitor/Block/Alert Rules?

This folder contains general rules that can be customized to monitor and block sessions, and send alerts about specific events on the LAN.

What is an Event?

An event records the occurrence of a session or activity on the network that matches the conditions of a rule. You can see a list of logged and blocked events in the Tree Window.

What are Intrusion Attempt Rules?

These rules identify the occurrence of specific known intrusion patterns that are targeted to take over your server and include recommendations of appropriate actions. The user can change the default actions to block or invoke other responses.

What are URL Access Monitoring and Control Rules?

These are rules that monitor WWW activities. Sessionwall includes the ability to monitor Web access by URL, RSACi rating, and content. This means that you can monitor non-productive or inappropriate Web surfing and access to URLs in certain categories.

What are Malicious Applets and ActiveX Detection Rules?

These rules scan Web usage sessions and detect suspicious and malicious Java applets, Java scripts, plug-ins, and ActiveX applets that are downloaded when browsing Web pages.

What are Suspicious Network Activity Rules?

These rules identify low-level protocol attacks that typically either disable an end-users station or disrupt network usage by attacking the router. Such patterns include Land attack, MAC spoofing and TCP port scanning. These attacks are updated as they are discovered.

What is a Network Object?

Sessionwall network objects enable the administrator to create a rule for a specific or general set of clients and servers. The network object can be a specific IP address, a MAC address, a domain, all stations, all internal stations, all external stations, a group of stations, stations on a specific network, stations in a specific range of IP addresses, specific NT users, or a combination of network objects. You can also create an 'excluding' type of network object that will include all the defined network objects, except for specific network objects that are excluded.

What is a Rule Type?

In Sessionwall the rule type refers to the specific rule protocol (service) and its associated criteria that is used to identify an event when Sessionwall scans sessions e.g. matching specific text in the title or body of a message.

What is a Service?

In Sessionwall, a service is a combination of the protocol used (TCP/UDP) to send data, the port at which the protocol operates, and a selected Parser (e.g. HTML, SMTP and FTP).

What is an Action?

An action is a response that occurs when Sessionwall matches the conditions of a rule to a session.

What is the Rule Time?

The time at which the rule is effective e.g. always, or between 08:00 and 17:00.

What is the Rule Description?

A short description of the rule for reference purposes.

What are Eligible Users?

These are users that have been assigned a password by the network administrator that allows them to access Sessionwall and view specific data.

What are Options?

Options are additional features and parameters that can be used to enhance Sessionwall operation. In the Options dialog box you can define Helpers, Preferences, a Local Network Address and Advanced Parameters.

What are Helpers?

A Helper is a host application that can be activated from within Sessionwall using a defined command line to provide an extended view of an event being viewed in the View Window. For example, you can load HTML data from a host site through a helper, or you can connect directly to a Telnet or FTP site.

What are Preferences?

These are a list of options which the user can enable or disable to fine-tune Sessionwall operation e.g. detecting new client or server activity, or starting the Report Scheduler when Sessionwall is started.

What are Advanced Parameters?

Advanced Parameters allow the advanced users to set the value of certain parameters to improve Sessionwall functionality and effectiveness. For example, changing the frequency at which statistics are updated and new Sessionwall products are detected.

What are the Statistics?

Sessionwall provides statistics on the amount of data specific clients and servers transfer, the amount of data NT workstation users transfer, data on new network activity, recent activity and other services being used on the network.

What are Reports?

Sessionwall provides detailed reports on network activity in a variety of formats. You can then print the reports, save them to a specific location, sent as e-mail. The Sessionwall Report Viewer allows viewing of Sessionwall reports on machines that do not have Sessionwall installed.

What is a Snapshot?

A snapshot is a file in which "frozen data" is saved for the purpose of generating reports. This data includes information on the logged and blocked events. You can use a current or historical snapshot file to generate a report.

What is a Query?

A Query is a temporary report of the current status of the network.

What is a workspace?

The workspace includes a current picture of the network traffic, settings and definitions.

What is Sessionwall Enterprise?

Sessionwall Enterprise consists of a number of additional components that extend Sessionwall's surveillance, intrusion detection, and response capabilities by providing the ability to centrally manage multiple distributed Sessionwall stations, remotely manage remote Sessionwall stations, and consolidate selected information in a common relational database.

Sessionwall has been renamed eTrust Intrusion Detection and is now considered to be part of the eTrust suite of eBusiness security products. To learn more about eTrust Audit and its components and features, please visit our web site dedicated to eTrust by clicking on the button below.

 

  If you would like to request additional information on a subject or evaluate a product or service, please click on the appropriate button below.
   
 

 

 

Service Strategies Inc.

2392 Mount Vernon Rd

Dunwoody, GA 30338-3092

678-441-0020   800-662-1615

assist@ssimail.com
 
 

Copyright © 1998-2002 Service Strategies Inc. All rights reserved.
Revised: November 20, 2003.