DefensePro User Guide
Glossary
336
Document ID: RDWR-DP-V0602_UG1201
DDoS
Distributed Denial of Server attack on a DNS server. A typical attack
involves numerous compromised zombie systems (botnets) sending
spoofed domain-name requests to DNS servers, which process the
“legitimate” request and send replies to the spoofed victims.
When the DNS server is configured to provide recursion, the DNS server,
if the requested domain name isn’t available locally, will query the root
name servers for the IP address. The traffic then traverses the internet
backbone, affecting the Internet Service Provider and any upstream
provider to reach the intended target.
Radware’s adaptive behavior-based DoS Protection learns the
characteristics of DNS traffic and re-establishes normal traffic behavior
baselines. An embedded decision engine, based on fuzzy logic, constantly
analyzes DNS traffic and detects when deviations from the normal
baselines occur. Upon detection, the system performs an in-depth
analysis of the suspicious DNS packets in order to identify abnormal
appearances of parameters in the packet headers and payload.
Deep Packet Inspection Inspection of the packet's payload as opposed to only its header. This
enables the security device to perform inspection at the application level.
DoS
Denial of Service is an attack intended to consume system resources and
create a temporary loss of service.
Exploit
An exploit is a program or technique that takes advantage of a software
vulnerability.
The program can be used for breaking security, or otherwise attacking a
host over the network.
Heuristic analysis
Heuristic analysis is behavior-based analysis, targeted to provide a filter
blocking the abnormal phenomena.
Heuristic analysis is the ability of a virus scanner to identify a potential
virus by analyzing the behavior of the program, rather than looking for a
known virus signature.
Intrusion
An intrusion is an attempted or successful access to system resources in
any unauthorized manner.
Intrusion Detection
System (IDS)
Radware’s Intrusion Detection System (IDS) applies the latest security or
attack expertise to filter out potentially destructive/malicious events from
a much larger amount of legitimate activity.
There are two system-monitoring approaches:
•
NIDS—network-based IDS—monitors all network traffic passing on
the segment where the agent is installed, acting upon suspicious
anomalies or signature-based activity.
•
HIDS—host-based IDS—is confined to the local host and monitor
activity in detail, such as, command execution, file access, or system
calls.
Organizations generally choose a combination of these approaches,
based on known vulnerabilities.
Intrusion Prevention
A security service that scans, detects and prevents real-time attempts to
compromise system security.
Intrusion prevention
Intrusion prevention is a security service that scans, detects and
prevents real-time attempts aimed at compromising system security.
Term
Definition
Summary of Contents for DefensePro 6.02
Page 1: ...DefensePro User Guide Software Version 6 02 Document ID RDWR DP V0602_UG1201 January 2012 ...
Page 2: ...DefensePro User Guide 2 Document ID RDWR DP V0602_UG1201 ...
Page 20: ...DefensePro User Guide 20 Document ID RDWR DP V0602_UG1201 ...
Page 28: ...DefensePro User Guide Table of Contents 28 Document ID RDWR DP V0602_UG1201 ...
Page 116: ...DefensePro User Guide Device Network Configuration 116 Document ID RDWR DP V0602_UG1201 ...
Page 302: ...DefensePro User Guide Real Time Security Reporting 302 Document ID RDWR DP V0602_UG1201 ...
Page 308: ...DefensePro User Guide Administering DefensePro 308 Document ID RDWR DP V0602_UG1201 ...
Page 324: ...DefensePro User Guide Troubleshooting 324 Document ID RDWR DP V0602_UG1201 ...