Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [Z] access control matrices access control process of HIPS endpoint agents consulting the security policy determining system state 2nd gathering data operation gathering operation data identifying access resource taking action ACLs (access control lists ) block signature action ad hoc networking aggregation switches AIC (application inspection and control) signatures alarm summarization alarms event responses false negatives false positives incident response plans true negatives true positives alerts 2nd false negatives false positives generating risk ratings true negatives true positives allow signature action analyzing network traffic via anomaly operations via atomic operations via normalizing operations via protocol decode operations via stateful operations anomaly operation method of network traffic analysis anomaly-based detection anomaly-based security policies anonymous delivery mechanisms antivirus software role in layered defense ARP (Address Resolution Protocol) ARPANET atomic alerts atomic operation method of network traffic analysis atomic rule-based security policies atomic signatures host-based network-based attacks automated response characteristics of CIH virus, characteristics of complexity of event correlation impact of lifecycle of application execution file resources memory resources network resources persistence process Loveletter virus, characteristics of mitigating at host level at network level Morris worm, characteristics of Nimda worm, characteristics of replacement login, example of signatures. [See signatures.] SQL Slammer worm, characteristics of authentication 802.1x role in layered defense Auto mode (software bypass) automated response to attacks automatic blocking automatic summarization |