Chapter 7
Honeynet
A monitored network or network segment that contains multiple honeypot systems.
Clipping Level
A predefined assessment level that triggers a predetermined response when surpassed.
Passive vulnerability scanner
A scanner that listens in on a network and identifies vulnerable versions of both server and client software.
Packet Sniffer
A software program or hardware appliance that can intercept, copy, and interpret network traffic.
intrusion detection system
A system capable of automatically detecting an intrusion into an organization's networks or host systems and notifying a designated authority.
fully distributed IDPS control strategy
An IDPS implementation approach in which all control functions are applied at the physical location of each IDPS component.
centralized IDPS control strategy
An IDPS implementation approach in which all control functions are implemented and managed in a central location.
Honeypot
An application that entices people who are illegally perusing the internal areas of a network by providing simulated rich content while the software notifies the administrator of the intrusion.
Pen register
An application that records information about outbound communications
Active vulnerability Scanner
An application that scans networks to identify exposed usernames and groups, open network shares, configuration problems, and other vulnerabilities in servers.
zero day vulnerability
An unknown or undisclosed vulnerability in an information asset or its protection systems that may be exploited and result in loss
Attack surface
The functions and features that a system exposes to unauthenticated users.
intrusion detection and prevention system
The general term for a system that can both detect and modify its configuration and environment to prevent intrusions.
Footprinting
The organized research and investigation of Internet addresses owned or controlled by a target organization.
Protocol stack verification
The process of examining and verifying network traffic for invalid data packets
Fingerprinting
The systematic survey of a targeted organization's Internet addresses collected during the footprinting phase to identify the network services offered by the hosts in that range.
Mirror port
a specially configured connection on a network device that can view all the traffic that moves through the device.
