Version 5.2 Sourcefire 3D System User Guide 265
access list
to
CLI
Glossary
users, applications, ports, and URLs. The access control rule action determines
how the system handles traffic that meets the rule’s conditions. Other rule
settings determine how (and whether) the connection is logged, and whether an
intrusion policy or file policy inspects matching traffic.
access list A list of IP addresses, configured in the system policy, that represents the hosts
that can access an appliance. By default, anyone can access the web interface of
an appliance using port 443 (HTTPS), as well as the command line using port 22
(SSH). You can also add SNMP access using port 161.
advanced malware
protection
Abbreviated AMP, the Sourcefire 3D System’s network-based malware detection
and malware cloud lookup feature. Compare this functionality with FireAMP,
Sourcefire’s endpoint-based AMP tool that requires a FireAMP subscription.
advanced setting A preprocessor or other intrusion policy feature that requires specific expertise to
configure. Advanced settings typically require little or no modification and are not
common to every deployment.
alert A notification that the system has generated a specific event. You can alert based
on intrusion events (including their impact flags), discovery events, malware
events, correlation policy violations, health status changes, and connections
logged by specific access control rules. In most cases, you can alert via email,
syslog, or SNMP trap.
appliance A Defense Center or managed device. An appliance can be physical or virtual.
application A detected network asset, communications method, or HTTP content against
which you can write access control rules. The system detects three types of
application: application protocol, client application, and web application.
application control A feature that, as part of access control, allows you to specify which application
traffic can traverse your network.
application protocol A type of application that represents application protocol traffic detected during
communications between server and client applications on hosts; for example,
SSH or HTTP.
apply The action you take to have a policy, or changes to that policy, take effect. You
apply most policies from the Defense Center to its managed devices; however,
you activate and deactivate correlation policies because they do not involve
changes to the configuration of managed devices.
bypass mode A characteristic of an inline set that allows traffic to continue flowing if the
sensing interfaces in the set fail for any reason.
CLI See command line interface.
To Next Page
Loading...