Version 5.2 Sourcefire 3D System User Guide 274
policy
to
reputation (IP address)
Glossary
policy A mechanism for applying settings, most often to an appliance. See access
control policy, correlation policy, file policy, health policy, intrusion policy, network
discovery policy, and system policy.
preprocessor A feature that normalizes traffic inspected by an intrusion policy and that helps
identify network layer and transport layer protocol anomalies by identifying
inappropriate header options, defragmenting IP datagrams, providing TCP stateful
inspection and stream reassembly, and validating checksums. Preprocessors can
also render specific types of packet data in a format that the system can analyze;
these preprocessors are called data normalization preprocessors, or application
layer protocol preprocessors. Normalizing application layer protocol encoding
allows the system to effectively apply the same content-related intrusion rules to
packets whose data is represented differently and obtain meaningful results.
Preprocessors generate preprocessor rules whenever packets trigger
preprocessor options that you configure.
preprocessor rule An intrusion rule associated with a preprocessor or with the portscan flow
detector. You must enable preprocessor rules if you want them to generate
events. Preprocessor rules have a preprocessor-specific GID (generator ID).
protected network Your organization’s internal network that is protected from users of other
networks by a device such as a firewall. Many of the intrusion rules delivered with
the Sourcefire 3D System use variables to define the protected network and the
unprotected (or outside) network.
Protection license A license for Series 3 and virtual devices that allows you to perform intrusion
detection and prevention, file control, and Security Intelligence filtering. Without a
license, Series 2 devices automatically have Protection capabilities, with the
exception of Security Intelligence.
RADIUS
authentication
Remote Authentication Dial In User Service, a service used to authenticate,
authorize, and account for user access to network resources. You can create an
external authentication object to allow Sourcefire 3D System users to
authenticate through a RADIUS server.
remediation An action that mitigates potential attacks on your system. You can configure
remediations and, within a correlation policy, associate them with correlation
rules and compliance white lists so that when they trigger, the Defense Center
launches the remediation. This can not only automatically mitigate attacks when
you are not immediately available to address them, but can also ensure that your
system remains compliant with your organization’s security policy. The Defense
Center ships with predefined remediation modules, and you also can use a
flexible API to create custom remediations.
reputation (IP
address)
See Security Intelligence.
To Next Page
Loading...