Glossary
Glossary for Haltdos Product Documentation
A
Accelerator
A hardware addition to an existing computing device that increases the computer's processing speed and capabilities.
ACL - Access Control List
ACL Constrains the flow of traffic by individual IP address or by a range of IP addresses.
Access Rule
Forwarding rule that determines how clients on a source network access resources on a destination network.
ActiveSync
Enables you to configure Microsoft Exchange accounts on a mobile device.
Adaptive profiling
Technique of analyzing request and response traffic to generate customized security profiles for the web application. See also exception profiling.
Add-on
A piece of software that enhances another software application and usually cannot be run independently.
Address Mapping
Technique that allows different protocols to interoperate by translating addresses from one format to another.
APT - Advanced Persistent Threat
Malicious cyber attacks directed at a specific target, usually over a long period of time. APTs are often run by professional organizations, looking to steal information rather than just money.
AES 256-bit - (Advanced Encryption Standard 256-bit)
A specification for the encryption of electronic data. 256-bit refers to the key length and is the maximum value.
AWS - Amazon Web Services
Also known as: AWS Amazon's public cloud platform that lets you build, deploy, and manage applications across a global network of datacenters.
AMI - Amazon Machine Image
AWS template that contains configuration, application server, and applications required to launch an EC2 AWS Instance.
Android
Mobile device operating system. Compare to Apple iOS.
Anti-evasion
Protection against network attacks that combine several different known evasion methods to create a new technique that is delivered over several layers of the network simultaneously.
Anti-obfuscation
Protection against attacks that involve obfuscated code. Obfuscation may involve encrypting code, stripping out potentially revealing metadata, renaming useful class and variable names, or adding meaningless code to an application binary.
Antivirus
Antivirus software, abbreviated: AV. Used to prevent, detect and remove malicious software.
API - Application Programming Interface
A set of tools and procedures provided by the programmer of an application so that other programmers can control, exchange data with, or extend the functionality of an application.
APN - Access Point Name
Provided by an ISP for wireless WAN connections.
Apple iOS
Apple mobile operating system for devices such as iPhone and iPad. Compare to Android.
Appliance Device or piece of equipment.
Application layer
Layer 7 of the OSI reference model. This layer provides services to application processes (such as electronic mail, file transfer, and terminal emulation) that are outside of the OSI model.
Application Load Balancer
AWS feature that makes routing decisions at the application layer (HTTP/S), supports path-based routing, and can route requests to one or more ports on each EC2 instance or container instance in a VPC.
Application Rule
Firewall rule that allows you to block or throttle traffic for detected applications.
ARP - Address Resolution Protocol
Protocol for mapping IP addresses to physical addresses such as Ethernet or Token Ring.
ARP Spoofing
Type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer or server on the network.
ASCII
Referring to a standard 7-bit character system that includes the alphanumeric characters and printer control codes.
Authoritative
DNS Name server that gives answers in response to queries about names in a DNS zone.
Authority Zone
Associated with DNS. A section of the domain-name tree for which one name server is the authority.
Auto Scaling
Also known as Auto Scale, it is a web service designed to launch or terminate AWS instances automatically based on user-defined policies, schedules, and health checks.
Auto Scaling Group
A representation of multiple EC2 instances that share similar characteristics, and that are treated as a logical grouping for the purposes of instance scaling and management.
AS - Autonomous System
Collection of networks under a common administration sharing a common routing strategy. Autonomous systems are subdivided by areas. An autonomous system must be assigned a unique 16-bit number by the IANA.
AZ - Availability Zone
A distinct location within an AWS region that is insulated from failures in other Availability Zones, and provides inexpensive, low-latency network connectivity to other Availability Zones in the same region.
AWS Direct Connect
Enables you to use the Internet privately through AWS cloud services by linking your internal network to an AWS Direct Connect location. You can create virtual interfaces directly to the AWS cloud and to Amazon VPC, bypassing Internet service providers in your network path.
AWS IoT - AWS Internet of Things
A managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices.
AWS region
A named set of AWS resources in the same geographical area. A region comprises at least two Availability Zones.
AWS Management Console
A simple and intuitive web-based user interface to access and manage AWS.
Azure
Microsoft's public cloud platform that lets you build, deploy, and manage applications across a global network of datacenters.
Azure Resource Manager
That enables you to work with the resources in your solution as a group. Recommended for new deployments.
B
Back-end server
Part of the back-end process, that usually consists of server, application, and database. The back end is where the technical processes happen, as opposed to the front end, which is usually where the user's interaction occurs.
Backbone
Referring to the Internet, a central network that provides a pathway for other networks to communicate.
Balance-XOR
Operating mode for Ethernet bundles where the link is chosen by calculating the hash out of the source/destination MAC (Layer 2) combined with the IP addresses (Level 3).
Bandwidth
Rate of data transfer, usually expressed in multiples of bits per second (bps).
BIND - Berkeley Internet Name Domain
The standard TCP/IP naming service that links network names with IP addresses.
Block device Storage
Device that moves data in sequences of bytes or bits (blocks). Example: hard disk, CD-ROM drive, flash drive.
**Block device mapping **
Defines the block devices (instance store volumes and EBS volumes) to attach to an AWS instance.
Blocklist
Also known as: blacklist, block list, black list, it is the list of domains, users, or hosts that are denied access, especially refers to mail and web traffic. Sometimes known as blacklist. Compare to allow list or whitelist.
Blowfish
Licence-free symmetric encryption algorithm that can be used as a replacement for the DES and IDEA algorithms.
Botnet
A network of private computers infected with malicious software and controlled as a group without the owners knowledge, for example, to send spam messages. The word botnet is a combination of the words robot and network.
Bridging
The action taken by network equipment to create an aggregate network from either two or more communication networks, or two or more network segments. Bridging is distinct from routing, which allows multiple different networks to communicate independently while remaining separate.
Brute-force Protection
Protection against a brute-force attack, which consists of systematically checking all possible keys or passwords until the correct one is found. This type of attack uses a large number of attempts to gain access to a system.
BYOD - Bring Your Own Device
The practice of allowing employees or members of an organization to use their own computers, phones, or other devices for work.
Byte-Level Data Deduplication
Data deduplication method that analyzes data streams at the byte level by performing a byte-by-byte comparison of new data streams versus previously stored ones.
C
CAST
Licence-free symmetric encryption algorithm (key block cipher)
Certificate
A document or seal certifying the authenticity of something. A digital certificate certifies the ownership of a public key. This allows relying parties to rely upon signatures or on assertions made about the private key that corresponds to the certified public key.
Changelog
Log of configuration changes on the appliance. Can be found in the release notes of the product.
Checksum
The result of a mathematical operation that uses the binary representation of a group of data as its basis, usually to check the integrity of the data.
CIDR - Classless Inter-Domain Routing
Technique supported by BGP4 and based on route aggregation. CIDR allows routers to group routes together in order to cut down on the quantity of routing information carried by the core routers.
**CIFS - Common Internet File System **
Standard for sharing files across the Internet.
Class A|B|C|D Network
Classes of IP addresses as defined in the Internet Protocol hierarchy.
Classic Load Balancer
In AWS, a Classic Load Balancer makes routing decisions at either the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS), and supports either EC2-Classic or a VPC (virtual private cloud).
Clickjack
Also known as UI redressing, iframe overlay, it is a malicious technique where a user is tricked into clicking on a button or link on a website using hidden clickable elements inside an invisible iFrame.
Cloaking
A search engine optimization (SEO) technique in which the content presented to the search engine spider is different from that presented to the user's browser.
Cloud integration
AWS cloud integration allows the firewall to connect directly to the AWS service fabric to rewrite routes in AWS route tables and to retrieve information for the cloud element on the dashboard. Cloud integration also works with Azure.
Cloud Operating System
A computer operating system that is specially designed to run in a provider's datacenter and be delivered to the user over the Internet or another network. Windows Azure is an example of a cloud operating system or 'cloud layer' that runs on Windows Server 2008.
Cloud Portability
The ability to move applications and data from one cloud provider to another. This is the opposite of "vendor lock-in".
Cloud-based Encryption
A service offered by cloud storage providers whereby data is transformed using encryption algorithms and is then placed on a storage cloud.
CloudFormation
AWS management tool that lets you create, manage, and update a collection of AWS resources using templates and allowing Json code for template deployment.
CloudFormation
Host uploaded content and can be deployed in CloudFormation, an AWS feature.
CloudFront
An AWS content delivery service that helps you improve the performance, reliability, and availability of your websites and applications.
Cloudsourcing
Replacing traditional IT operations with lower-cost, outsourced cloud services.
CloudWatch
AWS management tool to monitor resources and applications. Aggregates data and metrics (cpu load, network throughput, disk io, etc), filters it, and provides alarm actions.
Collision domain
In Ethernet, the network area within which frames that have collided are propagated. Repeaters and hubs propagate collisions. LAN switches, bridges and routers do not.
Community String
Text string that acts as a password and is used to authenticate messages sent between a management station and a router containing an SNMP agent. The community string is sent in every packet between the manager and the agent.
Data Compression
The process of encoding digital information by using fewer bits.
Congestion
Traffic in excess of network capacity.
Connection Draining
AWS feature, lets you scale down EC2 instances to reduce sessions.
Connection Pool
A cache of database connections is maintained so those connections can be reused when future requests to the database are required. Connection pools are used to enhance the performance of executing commands on a database and also cuts down on the amount of time a user must wait to establish a connection to the database.
CDN - Content Delivery Network
A distributed system consisting of servers in discrete physical locations, configured in a way that clients can access the server closest to them on the network, thereby improving speeds.
CPU Emulation
Masks the virtualization environment, so payload can be detonated more effectively.
Cross Region Replication
Feature of S3 storage class in AWS. Once enabled, every object uploaded to a particular S3 bucket is automatically replicated to a designated destination bucket located in a different AWS region.
Cross-site Scripting
A type of computer security vulnerability, typically found in web applications, that enables attackers to inject client-side scripts into web pages viewed by users.
D
Data Center
A facility used to house computer systems and associated components, such as telecommunications and storage systems.
DLP - Data Loss Prevention
Data Leak Prevention Email filter using pre-defined patterns such as credit card number, social security number, driver's license or HIPAA medical terms, to block, quarantine or encrypt outbound messages.
**Data Truncation
Occurs when data or a data stream is stored in a location too short to hold its entire length. May occur automatically, such as when a long string is written to a smaller buffer, or deliberately, when only a portion of the data is wanted.
Datasheet
Document that summarizes the performance and other technical characteristics of a product, machine, component (e.g., an electronic component), material, a subsystem (e.g., a power supply) or software in sufficient detail to be used by a design engineer to integrate the component into a system.
DCE-RPC - Distributed Computing Environment Remote Procedure Call
Remote procedure call system that allows programmers to write distributed software without having to worry about the underlying network code.
DDoS - Distributed Denial of Service
A Distributed Denial of Service is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to users by temporarily or indefinitely disrupting services of a host connected to the Internet, using more than one, often thousands of, unique IP addresses.
Dedicated Host
An Internet hosting option where an organization leases an entire server, fully dedicated to their use. This is also an option in the public cloud. The price for a Dedicated Host varies by instance family, region, and payment option.
Dedicated Instance
Amazon EC2 instance that runs on single-tenant hardware dedicated to a single customer.
Dedicated Reserved Instance
An option you can purchase from a cloud vendor to guarantee that sufficient capacity will be available to launch Dedicated Instances into a virtual private cloud (VPC).
Defacement
An attack on a website that changes the visual appearance of the site or a web page.
DMZ - Demilitarized Zone
A physical or logical sub-network that contains and exposes an organization’s external-facing services to a larger and untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization’s local area network (LAN). An external network node has direct access only to equipment in the DMZ, rather than to any other part of the network.
Destination NAT
Changing the destination address/port in the IP header of a packet. Example: redirecting incoming packets with a destination of a public address/port to a private IP address/port inside the network.
Digital Signature
A mathematical scheme for demonstrating the authenticity of a digital message or document.
DNS - Domain Name System
Distributed database that translates domain names, like google.com, into unique IP address.
DNS Resolver Cache
A temporary database, maintained by a computer's operating system, that contains records of all recent visits and attempted visits to websites and other Internet domains.
DNS Record
Database record used to map a URL to an IP address.
Docker
Open-source software that automates the deployment of applications inside virtualized software containers.
Docker Image
A layered file system template that is the basis of a Docker container. Docker images can comprise specific operating systems or applications.
DoS Attack - Denial of Service attack, spoofing
A cyber-attack where the perpetrator seeks to make a computer or network resource unavailable to users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of Service attacks are typically accomplished by flooding the target with superfluous requests in an attempt to overload systems and prevent legitimate requests from being fulfilled. See also Distributed Denial of Service or DDoS.
Dynamic Path Selection
Term used in context with Traffic Intelligence (TI). Using dynamic path selection, the session is balanced depending on the amount of traffic.
Dynamic Routing
Routing that adjusts automatically to network topology or traffic changes. Also called adaptive routing.
DynamoDB
A fully managed Amazon NoSQL database service that provides fast and predictable performance with seamless scalability.
E
EC2 - Elastic Compute Cloud
Forms a central part of AWS by allowing users to rent virtual computers on which to run their own computer applications.
Edge Location
Used by the AWS service CloudFront. Feature that offers content to end users via geographically closer locations to improve their experience.
EGP - Exterior Gateway Protocol
Internet protocol for exchanging routing information between autonomous systems.
Elastic Beanstalk
A web service for deploying and managing applications in the AWS cloud without worrying about the infrastructure that runs those applications.
Elastic Computing
The ability to dynamically provision and deprovision computing and storage resources to stretch to the demands of peak usage, without the need to worry about capacity planning and engineering around uneven usage patterns.
Elastic IP Address
A static public IP address that belongs to an AWS account. Can be associated with an instance to make it accessible from the Internet. The Elastic IP is natted/mapped by AWS to the private IP.
Elastic Load Balancer
AWS web service that improves an application's availability by distributing incoming traffic between two or more EC2 instances.
Encrypt
To convert information or data into a cipher or code, especially to prevent unauthorized access. Antonym: unencrypt.
Envelope Encryption
The use of a master key and a data key to algorithmically protect data. The master key is used to encrypt and decrypt the data key and the data key is used to encrypt and decrypt the data itself.
Ethernet
Local area network technology that uses special twisted pair or fiber optical cables. As per the OSI model, Ethernet provides services up to and including the data link layer.
Evasion
Bypassing an information security device in order to deliver an exploit, attack, or other form of malware to a target network or system, without detection.
Exception Profiling
Technique of working with generated log files to refine security settings, customizing them to the web application.See also adaptive profiling.
Exploit
The use of software, data, or commands to 'exploit' a weakness in a computer system or program to carry out some form of malicious intent, such as a denial-of-service attack, Trojan horses, worms, or viruses.
F
False Positive
A result that indicates a given condition is present, when it is not.
Flooding
A Denial of Service (DoS) attack that is designed to bring a network or service down by flooding it with large amounts of traffic.
Flow Logs
AWS service that enables you to capture information about the IP traffic going to and from network interfaces in a VPC.
Forensics
Techniques of examining digital media with the aim of identifying, preserving, recovering, analyzing, and presenting facts and opinions about the digital information.
Forward Proxy
An intermediary for requests from clients under an administrator's control to areas that are not under the administrator's control. Sometimes called "proxy" without the word "forward".
Front End
The front end is responsible for collecting input in various forms from the user.
Front-end Server
The front-end server is an extension of the back-end server and is designed to provide scalability.
FTP - File Transfer Protocol
Standard network protocol used to transfer files between a client and server on a computer network.
FTP Proxy
Allows the proxy to control FTP traffic. When a client uploads or downloads files, the proxy identifies the traffic as FTP, allowing the appliance to control file transfers using TCP optimization and caching.
FTPS
Extension to FTP that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols.
Full Duplex
A communication system between two entities in which either entity can transmit simultaneously. Compare to half duplex.
G
Gb
A gigabit, or 10^9 bits.
GB
A gigabyte, or 10^9 bytes, or 8000 million bits.
GeoIP
Locating a computer's geographic location based on its IP address.
GHz - Giga Hertz
A unit of frequency equal to 10^9 hertz, which is defined as one cycle per second.
Google
Accounts Enforcement Integration of Google Accounts, for example in authentication processes.
Google App Engine
A service that enables developers to create and run web applications on Google's infrastructure and share their applications via a pay-as-you-go, consumption-based plan with no setup costs or recurring fees.
H
H.323
Standard that defines the protocols to provide audio-visual communication sessions on any packet network. H.323 addresses call signaling and control, multimedia transport and control, and bandwidth control for point-to-point and multi-point conferences.
HA - High Availability
Deployment method that ensures that the services running on the system are always available even if one system is down due to maintenance or a hardware fault.
HTTP - Hypertext Transfer Protocol
Protocol for submitting data over a network, commonly used to load website content in a web browser. HTTP referers HTTP header field that identifies the address of the webpage (i.e., the URI or IRI) that links to the resource being requested. (Originally a misspelling of referrer.)
HTTPS - Hypertext Transfer Protocol Secure
Consists of communication over HTTP within a connection encrypted by TLS or SSL. The main motivation is authentication of the visited website and protection of the privacy and integrity of the exchanged data.
Hypervisor
Computer software, firmware, or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called a "host machine". Each virtual machine is called a "guest machine".
I
IaaS - Infrastructure as a Service
Cloud infrastructure services in which a virtualized environment is delivered as a service by the cloud provider.
IAM - Identity and Access Management
The Identity and Access Management feature of cloud services (like AWS) that lets you control who can use the provider's services and resources (authentication) and what resources they can use in which ways (authorization).
Infrastructure
Services Infrastructure is the backbone of all of your business operations.
Instance
A "copy" of a virtual appliance/image/machine that is being installed, brought up, configured, etc. (for example, a Haltdos virtual WAF).
Intrusion
Detection System Network security feature that monitors local and forwarding firewall traffic for malicious activities.
IP Address - Internet Protocol address
A numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication.
IPv4, IPv6
The fourth and sixth versions, respectively, of the Internet Protocol (IP). Following are examples of notation for each type of address:
- IPv4: 192.0.2.235
- IPv6: 2001:0db8:0000:0042:0000:8a2e:0370:7334
ISDN - Integrated Services Digital Network
Communication protocol offered by telephone companies that permits telephone networks to carry data, voice, and other source traffic.
J
Jitter
Measure of the difference in packet delay, that is, the difference in the space between packet arrival times. Jitter can be remedied somewhat with a jitter buffer.
JSON - JavaScript Object Notation
An open, text-based data exchange format (like XML), that is human-readable and platform-independent. Data formatted according to the JSON standard is lightweight and can be parsed by JavaScript implementations.
K
Kb - Kilobit.
Kerberos
A network authentication protocol, designed to provide strong authentication for client/server applications by using secret-key cryptography. Available for free from the Massachusetts Institute of Technology, also available in commercial products.
L
Launch
Configuration AWS template that an Auto Scaling group uses to launch EC2 instances. Contains AMI, instance type, key pair, security groups, and block device mapping.
Layer 4
The transport layer from the ISO/OSI model, which provides end-to-end or host-to-host communication services for applications within a layered architecture of network components and protocols.
LDAP - Lightweight Directory Access Protocol
Application protocol used to manage and access the distributed directory information service.
LDAPS - LDAP over SSL
Connection protocol used between application and Network Directory or Domain Controller. LDAPS communication is encrypted and secure.
Legacy
Latest maintenance release for the previous major firmware version.
Link Aggregation
Link Aggregation, LAG Operating mode for Ethernet bundles that uses the LACPDU protocol to negotiate automatic bundling links.
Link Bonding
Also known as Multiport link aggregation, it allows you to aggregate multiple physical network links into a single logical link. You can use link aggregation to achieve multi-gigabit capacity to services and servers.
M
Mac OS
Macintosh Operating System. Formerly known as Mac OS X.
Mail Server
A server that receives, stores, sends, and processes emails.
Malicious Site
An Internet site that attempts to install malware onto your device, usually to steal your personal information or to disrupt the operation of your system.
Mb - Megabit
MBPS
A unit of measure used to describe the rate of data transmission equal to one millions bits per second.
MHz - Megahertz
A unit of frequency equal to 10^6 hertz, which is defined as one cycle per second.
Microsoft SharePoint
A web application platform in the Microsoft Office server suite, mainly used for document management and storage.
MIME
Type Two-part identifier for file formats and format contents transmitted over the Internet.
MOS - Mean Opinion Score
Measure representing the overall quality of a system or stimulus, calculated by taking the arithmetic mean of individual values of quality. Often used for, but not limited to, video, audio and audiovisual quality.
MTU - Maximum Transmission Unit
A specification in a data link protocol that defines the maximum number of bytes that can be carried in any one packet on that link.
Multilayer Switch
Switch that filters and forwards packets based on MAC addresses and network addresses. A subset of LAN switch.
Multiplexing
Scheme that allows multiple logical signals to be transmitted simultaneously across a single physical channel.
Multitenancy
The existence of multiple clients sharing resources (services or applications) on distinct physical hardware. Due to the on-demand nature of cloud, most services are multitenant.
N
Name Server
Server connected to a network that resolves network names into network addresses.
NAT - Network Address Translation
The process of modifying IP address information in IP packet headers while in transit across a traffic routing device. The simplest type of NAT provides a one to one translation of IP addresses.
NAT Instance
A NAT device, configured by a user, that performs network address translation in a VPC public subnet to secure inbound Internet traffic.
NetBIOS - Network Basic Input/Output System
API used by applications on an IBM LAN to request services from lower-level network processes. These services might include session establishment and termination, and information transfer.
Network Layer
Layer 3 of the OSI reference model. This layer provides connectivity and path selection between two end systems. The network layer is the layer at which routing occurs.
NTP - Network Time Protocol
Networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks.
Non-stub Area
Resource-intensive OSPF area that carries a default route, static routes, intra-area routes, interarea routes, and external routes. The only OSPF areas that can have virtual links configured across them and that can contain an ASBR.
NoSQL
Nonrelational database systems that are highly available, scalable, and optimized for high performance. Instead of the relational model, NoSQL databases (like Amazon DynamoDB) use alternate models for data management, such as keyvalue pairs or document storage.