|
| SSi |
Network Protection Terminology
|
Intrusion
Detection Terminology
What is an
Excluded Service?
The Excluded Services grid allows you to exclude those
services you dont want to trace between specific hosts and servers. This means that
Sessionwall will trace all data on the network, except for excluded services.
What is a Rule?
A rule is a set of conditions that are applied to a session
and result in a specific action being taken. The network administrator defines the
conditions for the rules. Sessionwall provides policy folders which include rules for
monitoring, blocking and alerting, for identifying intrusion attempts, for identifying URL
and malicious applet controls, for identifying suspicious network activity, and for
monitoring Web usage.
What are
Monitor/Block/Alert Rules?
This folder contains general rules that can be customized to
monitor and block sessions, and send alerts about specific events on the LAN.
What is an Event?
An event records the occurrence of a session or activity on
the network that matches the conditions of a rule. You can see a list of logged and
blocked events in the Tree Window.
What are
Intrusion Attempt Rules?
These rules identify the occurrence of specific known
intrusion patterns that are targeted to take over your server and include recommendations
of appropriate actions. The user can change the default actions to block or invoke other
responses.
What are URL Access
Monitoring and Control Rules?
These are rules that monitor WWW activities. Sessionwall
includes the ability to monitor Web access by URL, RSACi rating, and content. This means
that you can monitor non-productive or inappropriate Web surfing and access to URLs in
certain categories.
What are
Malicious Applets and ActiveX Detection Rules?
These rules scan Web usage sessions and detect suspicious
and malicious Java applets, Java scripts, plug-ins, and ActiveX applets that are
downloaded when browsing Web pages.
What are
Suspicious Network Activity Rules?
These rules identify low-level protocol attacks that
typically either disable an end-users station or disrupt network usage by attacking the
router. Such patterns include Land attack, MAC spoofing and TCP port scanning. These
attacks are updated as they are discovered.
What is a
Network Object?
Sessionwall network objects enable the administrator to
create a rule for a specific or general set of clients and servers. The network object can
be a specific IP address, a MAC address, a domain, all stations, all internal stations,
all external stations, a group of stations, stations on a specific network, stations in a
specific range of IP addresses, specific NT users, or a combination of network objects.
You can also create an 'excluding' type of network object that will include all the
defined network objects, except for specific network objects that are excluded.
What is a Rule Type?
In Sessionwall the rule type refers to the specific rule
protocol (service) and its associated criteria that is used to identify an event when
Sessionwall scans sessions e.g. matching specific text in the title or body of a message.
What is a Service?
In Sessionwall, a service is a combination of the protocol
used (TCP/UDP) to send data, the port at which the protocol operates, and a selected
Parser (e.g. HTML, SMTP and FTP).
What is an Action?
An action is a response that occurs when Sessionwall matches
the conditions of a rule to a session.
What is the Rule
Time?
The time at which the rule is effective e.g. always, or
between 08:00 and 17:00.
What is the
Rule Description?
A short description of the rule for reference purposes.
What are
Eligible Users?
These are users that have been assigned a password by the
network administrator that allows them to access Sessionwall and view specific data.
What are Options?
Options are additional features and parameters that can be
used to enhance Sessionwall operation. In the Options dialog box you can define Helpers,
Preferences, a Local Network Address and Advanced Parameters.
What are Helpers?
A Helper is a host application that can be activated from
within Sessionwall using a defined command line to provide an extended view of an event
being viewed in the View Window. For example, you can load HTML data from a host site
through a helper, or you can connect directly to a Telnet or FTP site.
What are
Preferences?
These are a list of options which the user can enable or
disable to fine-tune Sessionwall operation e.g. detecting new client or server activity,
or starting the Report Scheduler when Sessionwall is started.
What are
Advanced Parameters?
Advanced Parameters allow the advanced users to set the
value of certain parameters to improve Sessionwall functionality and effectiveness. For
example, changing the frequency at which statistics are updated and new Sessionwall
products are detected.
What are the
Statistics?
Sessionwall provides statistics on the amount of data
specific clients and servers transfer, the amount of data NT workstation users transfer,
data on new network activity, recent activity and other services being used on the
network.
What are Reports?
Sessionwall provides detailed reports on network activity in
a variety of formats. You can then print the reports, save them to a specific location,
sent as e-mail. The Sessionwall Report Viewer allows viewing of Sessionwall reports on
machines that do not have Sessionwall installed.
What is a Snapshot?
A snapshot is a file in which "frozen data" is
saved for the purpose of generating reports. This data includes information on the logged
and blocked events. You can use a current or historical snapshot file to generate a
report.
What is a Query?
A Query is a temporary report of the current status of the
network.
What is a workspace?
The workspace includes a current picture of the network
traffic, settings and definitions.
What is Sessionwall
Enterprise?
Sessionwall Enterprise consists of a number of additional
components that extend Sessionwall's surveillance, intrusion detection, and response
capabilities by providing the ability to centrally manage multiple distributed Sessionwall
stations, remotely manage remote Sessionwall stations, and consolidate selected
information in a common relational database.
Sessionwall has been
renamed
eTrust Intrusion Detection
and is now considered to be part of the eTrust suite of eBusiness security
products. To learn more about eTrust
Audit and its components and features,
please
visit our web site dedicated to eTrust by clicking on the
button below.
 |