|
Attacks
|
Attacks attempt to exploit vulnerabilities in computer hardware
and software. Depending on the severity of the attack, it might disable
your system completely, allow an attacker to gain confidential information
stored on your system, or use your network to attack other networks.
|
|
Attack objects
|
A signature or protocol anomaly that is combined with context
information. Attack objects are used in Main rulebase rules to match
malicious traffic patterns. Each attack object detects a known attack
or protocol anomaly that can be used by an attacker to compromise
your network.
|
|
False positives
|
Any situation in which benign traffic causes an intrusion detection
service to generate an alert; also known as a false alert.
|
|
Protocol anomaly
|
A deviation from the RFC specifications that dictate how communications
between two entities should be implemented. Most legitimate traffic
does not deviate from the protocols; when anomalies are detected,
they are often a sign of malicious traffic and seen as a threat to
the system.
|
|
Rule
|
A user-defined match/action sequence. Rules are represented
graphically in the Security Policy Editor, where you can create, modify,
delete, and reorder them in a rulebase.
|
|
Rulebase
|
A set of rules that uses a specific detection mechanism to identify
and prevent attacks.
|
|
Severity
|
The designated threat level of an attack (critical, high, medium,
low, or informational). Attack objects use the severity setting that
matches the threat level of the attack they detect.
|
