Glossary

This glossary provides terms and definitions for the IBM QRadar Network Security software and products.

The following cross-references are used in this glossary:

See refers you from a nonpreferred term to the preferred term or from an abbreviation to the spelled-out form.
See also refers you to a related or contrasting term.

For other terms and definitions, see the IBM Terminology website (opens in new window).

A

access: The ability to read, update, or otherwise use a resource. Access to protected resources is usually controlled by system software.
administrator: A person responsible for administrative tasks such as access authorization and content management. Administrators can also grant levels of authority to users.
agent: Any hardware component that is managed by the SiteProtector™ System. Hardware components include appliances, scanners, network sensors, server sensors, and desktop sensors.
alert: A message or other indication that signals an event or an impending event that meets a set of specified criteria. See also rule.
appliance: A hardware device with integrated software that is dedicated to a specific task or set of business requirements.
attack: Any attempt by an unauthorized person to compromise the operation of a software program or networked system.

C

certificate: In computer security, a digital document that binds a public key to the identity of the certificate owner, thereby enabling the certificate owner to be authenticated. A certificate is issued by a certificate authority and is digitally signed by that authority.
community: In SNMP, the relationship between an agent and one or more managers. The community describes which SNMP manager requests the SNMP agent should honor.

D

dashboard: An interface that integrates data from a variety of sources and provides a unified display of relevant and in-context information.
decrypt: To decipher data.
destination: Any point or location, such as a program, node, station, printer, or a particular terminal, to which information is to be sent.
DNS: See domain name server.
domain name server (DNS): An Internet service that translates domain names into IP addresses.

E

event: An occurrence of significance to a task or system. Events can include completion or failure of an operation, a user action, or the change in state of a process. See also alert.

F

filter: A device or program that separates data, signals, or material in accordance with specified criteria.
firewall: A network configuration, typically both hardware and software, that prevents unauthorized traffic into and out of a secure network.
firewall rule: A chain of statements matching specific criteria that define the types of traffic to block on a network.
firmware: Proprietary code that is usually delivered as microcode as part of an operating system.
fix pack: A cumulative collection of fixes that is released between scheduled refresh packs, manufacturing refreshes, or releases. A fix pack updates the system to a specific maintenance level.

G

gateway: A device or program used to connect networks or systems with different network architectures.

H

host: In TCP/IP, any system that has at least one IP address associated with it.

I

ICMP: See Internet Control Message Protocol.
interface: A shared boundary between independent systems. An interface can be a hardware component used to link two devices, a convention that supports communication between software systems, or a method for a user to communicate with the operating system, such as a keyboard.
Internet Control Message Protocol (ICMP): An Internet protocol that is used by a gateway to communicate with a source host, for example, to report an error in a datagram.
intrusion prevention: A set of policies and rules for detecting suspicious behavior in network traffic and for alerting system or network administrators.
intrusion prevention system (IPS): A system that attempts to deny potentially malicious activity. The denial mechanisms could involve filtering, tracking, or setting rate limits.
IPS: See intrusion prevention system.

L

local management interface: A graphical user interface that is used to manage a single, local appliance.

M

multicast: Transmission of the same data to a selected group of destinations.

N

netmask: See network mask.
network mask (netmask): A number that is the same as an Internet Protocol (IP) address. A network mask identifies which part of an address is to be used for an operation, such as making a TCP/IP connection.
network object: A group of predefined settings that can be shared among multiple network access policy rules to control traffic flow, communication, and access between hosts, segments, or subnets on a network.

P

packet: A unit of data transmitted over a network. Large chunks of information are broken up into packets before they are sent across the Internet.
PAM: See Protocol Analysis Module.
parameter (parm): A value or reference passed to a function, command, or program that serves as input or controls actions. The value is supplied by a user or by another program or process.
parm: See parameter.
passive authentication: A configuration option that automatically logs users into a system when they log on to a network using a directory service, such as Active Directory.
passphrase: A sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security.
password: In computer and network security, a specific string of characters used by a program, computer operator, or user to access the system and the information stored within it.
ping: The command that sends an Internet Control Message Protocol (ICMP) echo-request packet to a gateway, router, or host with the expectation of receiving a reply.
policy: A set of considerations that influence the behavior of a managed resource or a user.
portal: A single, secure point of access to diverse information, applications, and people that can be customized and personalized.
protection interface: An access point on a network appliance that is used to monitor, inspect, and block network traffic as it passes through the appliance.
protocol: A set of rules controlling the communication and transfer of data between two or more devices or systems in a communication network.
Protocol Analysis Module (PAM): A deep-pack inspection engine that stores handling specifications for a comprehensive list of vulnerability checks. PAM interprets the vulnerability checks, processes the results as security events, and then sends the security events to the appliance in X-Press Updates.
proxy server: A server that receives requests intended for another server and that acts on behalf of the client (as the client's proxy) to obtain the requested service. A proxy server is often used when the client and the server are incompatible for direct connection. For example, the client is unable to meet the security authentication requirements of the server but should be permitted some services.

R

response: The reaction of an appliance to an event. Responses include sending an email message to a responsible party, triggering an SNMP trap, creating a log of the activity, quarantining the activity, or using a custom (user-specified) action, such as running an application or running a command.
root: The user name for the system user with the most authority.
rule: A set of conditional statements that enable computer systems to identify relationships and run automated responses accordingly.

S

Secure Sockets Layer (SSL): A security protocol that provides communication privacy. With SSL, client/server applications can communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery.
security: The protection of data, system operations, and devices from accidental or intentional ruin, damage, or exposure.
security event: Any network occurrence or activity that may have an impact on the security of the network.
signature: A code in a policy that determines what an agent can detect.
Simple Network Management Protocol (SNMP): A set of protocols for monitoring systems and devices in complex networks. Information about managed devices is defined and stored in a Management Information Base (MIB). See also SNMP manager, SNMP trap.
snapshot: An image that is an exact copy of the original files or directories from which it was created.
SNMP: See Simple Network Management Protocol.
SNMP manager: A host that collects information from SNMP agents through the SNMP. See also Simple Network Management Protocol.
SNMP trap: An SNMP message sent from the SNMP agent to the SNMP manager. The message is initiated by the SNMP agent and is not a response to a message sent from the SNMP manager. See also Simple Network Management Protocol.
SSL: See Secure Sockets Layer.
syslog: A standard for transmitting and storing log messages from many sources to a centralized location to enhance system management.

T

TCP: See Transmission Control Protocol.
threat: A security issue, or a harmful act, such as the deployment of a virus or illegal network penetration.
traceroute: A utility that traces a packet from a computer to a remote destination, showing how many hops the packet required to reach the destination and how long each hop took.
traffic: In data communication, the quantity of data transmitted past a particular point in a path.
Transmission Control Protocol (TCP): A communication protocol used in the Internet and in any network that follows the Internet Engineering Task Force (IETF) standards for internetwork protocol. TCP provides a reliable host-to-host protocol in packet-switched communication networks and in interconnected systems of such networks.
transport protocol: A specification of the rules that govern the exchange of information between components of a transport network; for example, the User Datagram Protocol (UDP).
trap: In the Simple Network Management Protocol (SNMP), a message sent by a managed node (agent function) to a management station to report an exception condition.

U

UDP: See User Datagram Protocol.
User Datagram Protocol (UDP): An Internet protocol that provides unreliable, connectionless datagram service. It enables an application program on one machine or process to send a datagram to an application program on another machine or process.

V

vulnerability: A security exposure in an operating system, system software, or application software component.

W

web filter inspection object: A filter that is used to control the types of web pages that users can access on a network.

X

X-Press Update (XPU): A software update that is issued between major releases to protect a network against the latest security vulnerabilities and threats.
XPU: See X-Press Update.

Z

zero configuration networking: A set of techniques or technologies used by an application to automatically discover devices on a network and configure network settings.