A situation in which a signature is fired correctly, but the source of the traffic is nonmalicious.
benign trigger
Basic Input/Output System The program that starts the sensor and communicates between the devices
BIOS
in the sensor and the system.
The ability of the sensor to direct a network device to deny entry to all packets from a specified network
block
host or network.
The interface on the network device that the sensor manages.
block interface
BackOrifice 2000. A windows back door Trojan that runs over TCP and UDP.
BO2K
Bridge Protocol Data Unit. Spanning-Tree Protocol hello packet that is sent out at configurable
Bpdu
intervals to exchange information among bridges in the network.
Mode that lets packets continue to flow through the sensor even if the sensor fails. Bypass mode is only
bypass mode
applicable to inline-paired interfaces.
C
certification authority. Entity that issues digital certificates (especially X.509 certificates) and vouches
CA
for the binding between the data items in a certificate. Sensors use self-signed certificates.
Certificate for one CA issued by another CA.
CA certificate
Digital representation of user or device attributes, including a public key, that is signed with an
certificate
authoritative private key.
A script that captures a large amount of information including the IPS processes list, log files, OS
cidDump
information, directory listings, package information, and configuration files.
Cisco Intrusion Detection Event Exchange. Specifies the extensions to SDEE that are used by Cisco
CIDEE
IPS systems. The CIDEE standard specifies all possible extensions that may be supported by Cisco IPS
systems.
The header that is attached to each packet in the IPS system. It contains packet classification, packet
CIDS header
length, checksum results, timestamp, and the receive interface.
Cisco system software that provides common functionality, scalability, and security for all products
Cisco IOS
under the CiscoFusion architecture. Cisco IOS allows centralized, integrated, and automated
installation and management of internetworks while supporting a wide variety of protocols, media,
services, and platforms.
The secret binary data used to convert between clear text and cipher text. When the same cipher key is
cipher key
used for both encryption and decryption, it is called symmetric. When it is used for either encryption
or decryption (but not both), it is called asymmetric.
command-line interface. A shell provided with the sensor used for configuring and controlling the
CLI
sensor applications.
The interface on the sensor that communicates with the IPS manager and other network devices. This
command and
control interface
interface has an assigned IP address.
78-16124-01
Installing Cisco Intrusion Prevention System Appliances and Modules 5.0
Glossary
GL-3