ACLs
Access Control Lists. A feature of managed switches that only permits
devices meeting defined access control criteria to access a switch
port.
action
Policy actions are performed if a device fails a policy rule. Some
examples of policy actions are quarantining a device, sending an email,
issuing a ticket to an operator, sending an SNMP trap, or moving a
device to a production VLAN.
address
IP address. The unique 32-bit number assigned to each computer
connected to the Internet (or other managed TCP/IP network), and used
by the TCP/IP protocol to route data packets to their destinations. The
number is usually written in "dotted quad" notation (e.g.
192.168.100.40).
administrator
Administrators of Lockdown appliances perform the service of adding
control points, adding authentication servers, tracking devices,
creating and editing user accounts, creating system policy, maintaining
the system, and more. A global administrator (the first user created
during initial quick deployment) is responsible for overseeing all
companies and appliance data, while regular administrators can be
created per company or per group.
agent
Software that is installed on an end-user's device that assists
Lockdown appliances in auditing and gathering data about the device.
End-users may be required to download an agent via policy, if
configured. See
Lockdown Agent
aggregate report
The latest results for all audit tests ever run against a device.
Baselines can be created from aggregate reports only.
API
Application Programming Interface. The Lockdown API allows data to be
programmatically imported and exported from the appliance, and some
operators of the appliance to be executed via scripts (HTTPS operator
authentication required). Documentation provided via the System >
API section of the Lockdown Web interface.
appliance
Network appliance. This term is used to describe any hardware product
in the Lockdown product line.
application
A program that helps a user accomplish a specific task, such as a Web
browser or word processing program. Applications are characterized as
having an interactive, often graphical user interface. Application
programs are distinguished from the computer operating system and
services, which control the computer and run the application programs.
audit
The combined process of scanning and testing a device for security
problems and vulnerabilities (via test sets), and evaluating policy
(i.e. health checks) for pass/fail conditions. The health check
component of an audit is currently configured in policy, where an
“audit finished” policy trigger can be used to evaluate the results of
an executed test set. Results of an audit are stored in a report
database, and viewable in the Reports section of the Lockdown Web
interface.
audit engine
Audit engines are the internal software on Lockdown appliances that
drive the device auditing process.
authentication
The process of identifying a network device or user. Lockdown Enforcer
can attempt to identify devices and/or the end-users via an external
RADIUS, LDAP, Windows Domain, or Novell server. Once a device or user
has authenticated, Lockdown Enforcer can quarantine, allow, or deny
access based on the access policy definition. External authentication
servers may be configured in the Environ > Auth. Servers section of
the Lockdown Web Interface.
baseline
An audit result for a device that is saved as a baseline by the
appliance operator. Baselines are characteristically deemed as
acceptable results for a given device or devices, and are used for
future comparisons. Baselines can be used in health checks as
vulnerability "whitelists," and can be also used in operator reports to
visually compare what audit results have changed since the baseline
was created. Any device that has an audit result can have a baseline
created for it using the Reports > Devices section of the Lockdown
Web interface.
black list
Devices that are black listed in Enforcer policy are sent to a
quarantine zone immediately with no further processing. This behavior
is typically associated with devices that belong to the “Always in
Quarantine” device group, and is configurable in policy.
CLI
Command-line interface
client
The computer in a client/server architecture that requests files or
services. The client may request file transfer, remote logins, printing,
or other available services often across a network or the Internet.
control point
The point in a network where Lockdown Enforcer intercepts connecting
devices and allows or disallows network access based on policy
compliance. This term is typically used to refer to a switch that is
managed by Lockdown Enforcer.
CVE
Common Vulnerabilities and Exposures.
database
Any program that manages data, and is used to store, retrieve, and
sort information.
detection
During the operation of Lockdown Enforcer, detection refers to the
point where a device connects to an Enforcer-managed network for the
first time.
device
Any piece of hardware on a network that has an IP address. This can be
a workstation, server, router, switch, etc.
discovery
The act of scanning a network for new devices.
DHCP
Dynamic Host Configuration Protocol. A DHCP server assigns and manages
IP addresses for devices connecting to a network. Lockdown Enforcer
features a DHCP enforcement mode, where it acts as a DHCP relay between
the device and production DHCP server.
DMZ
A DMZ (Demilitarized Zone) is set up in order to allow hosting of
Internet services like HTTP and email servers, while controlling access
to a private network. A DMZ might be placed between the Internet and a
firewall.
DNS
Domain Name System. The distributed name/address mechanism used in the
Internet that translates an IP address into a domain name. For
example, a numeric address like 200.210.120.254 can become something
like example.com.
domain
The unique name or address that identifies an Internet site (e.g.
"example.com"). The IP address is translated into the domain name by
the domain name server. A given machine may have more than one domain
name, but a given domain name points to only one machine at a time.
enterprise
A network for a large business enterprise. This network may consist of
several local area networks and a central management system.
environ
Environment, as in Network Environment.
ESSID
Extended Service Set ID
firewall
A system or combination of systems that enforces a boundary between
two or more networks. A firewall prevents outsiders from accessing your
own private data resources and controls what outside resources its own
users have access to. Basically, a firewall filters all network
packets to determine whether to forward them toward their destination.
FQDN
Fully Qualified Domain Name. Example: www.example.com
frame
The storage space which contains the hardware for the main hub of a
network.
gateway
page
A Web page that an end-user is presented with after their device has
been placed in quarantine, and they try to access an unapproved
Web-based resource. The purpose of the gateway page is to inform the
user why they are in quarantine, and what they need to do. Gateway page
templates can be configured using the Environ > Gateway Pages
section of the Lockdown Web interface. Additional content (such as
specific quarantine reasons) can be configured as part of policy rules.
global
Applies to an entire program or system.
health
check
Used to evaluate the results of tests run against a device, and return
a pass or fail result. Health checks are configurable on the Policy
section of the Lockdown Web Interface.
health report
A report generated by a health check, typically when the health check
is violated within the audit results of a device. This is viewable in
the Reports section of the Lockdown Web interface.
health
standard
A set of one or more health checks. Health standards are used to
evaluate the results of tests run against a device, and return a pass
or fail result. Health standards are configurable on the Policy section
of the Lockdown Web Interface.
HTTP
HyperText Transport Protocol. A set of rules for exchanging files
(text, graphic images, sound, video, and other multimedia files) on the
World Wide Web. Requires an HTTP client program on one end, and an
HTTP server program on the other end. HTTP is the most important
application protocol used in the World Wide Web. HTTP uses TCP port 80
by default, but may be any port number.
HTTPS
HyperText Transmission Protocol, Secure. Instead of using plain-text
communication like the HTTP protocol, HTTPS encrypts data using SSL
(Secure Socket Layer) prior to sending it. The default TCP port of
HTTPS is 443.
iNAC
Intelligent Network Access Control
Internet
The largest computer network in the world, consisting of thousands of
inter-connected computer networks spanning multiple countries.
IP
Internet Protocol. Protocol used to route data packets from a source
to a destination over the Internet and/or managed IP networks. The most
common Internet protocol in use is IPv4, which provides 32-bit
addresses commonly displayed in a dotted-quad format (e.g.
192.168.15.20).
job
– A job is a device audit or collection of device audits that is
performed by a Lockdown appliance. A job can be scheduled, or executed
on demand.
LAN
– Local Area Network. A computer network that connects devices in
close physical proximity to each other (such as within a single office
or building). A LAN is defined by its primary point of
inter-connection, which is typically a switch or router that handles all
network traffic, and provides an Internet uplink. Lockdown Enforcer
enables network access control to be performed at the switch.
Layer 2
Refers to the data link layer in the OSI network communication model.
This layer is involves moving electronic data across a physical network
connection, and handling connections and disconnections.
Layer 3
Refers to the network layer in the OSI communication model. This layer
handles the IP address of the device, and routing to neighboring
devices.
LDAP
Lightweight Directory Access Protocol. LDAP defines a protocol for
updating and searching directories running over TCP/IP, and is
typically used for authenticating users. Lockdown Enforcer is capable
of interfacing with LDAP authentication servers to implement LDAP user
authentication at the control point.
license
When a device is licensed (or tracked) by a Lockdown appliance, it is
fingerprinted in the system for historical tracking, and can be
manually groups, configured, and audited.
load
Load is the amount of resources being consumed on the appliance during
operation. This can include memory usage and processor usage.
LOC
Lockdown Operations Center. This is the in-house operation that
identifies new vulnerabilities, creates new LOCsets, and makes them
available for download to Lockdown appliances. The Lockdown Operations
Center also includes the secure servers that are used to serve
locksets, serve software updates, and provide product activation.
Lockdown
Lockdown Networks product family dedicated to network access control
and vulnerability assessment.
Lockdown
Commander
A Lockdown Commander is a centralized enterprise management appliance
that provides an easy to use security platform with comprehensive
reporting and remediation on network, server, and workstation devices.
Lockdown
Enforcer
Lockdown Enforcer is a dynamic network access control appliance that
addresses the threat that devices on a network pose to each other.
Lockdown Enforcer provides policy-based access control by interfacing
with your networks switch and denying access to devices that do not
conform to administrator-defined rules.
Lockdown
Sentry
Lockdown appliance that extends the power of Lockdown Enforcer by
providing a point of presence on remote networks to deliver
cost-effective access control and policy enforcement to secure the
smallest of facilities.
Lockdown Web Interface
The Web-based user interface of a Lockdown appliance. This is where
the appliance is configured, operated, and administered, and status
reports are viewed. The Lockdown Web Interface is initially set up by a
global administrator, and that user has the ability to grant interface
access to other users with varying levels of privileges.
LOCset
LOCsets are update packages that are downloaded to Lockdown
appliances. These contain updates to the vulnerability database and the
test database internal to Lockdown appliances. LOCsets are separate
and distinct from software updates. LOCsets are products that are
provided at no additional cost for Lockdown appliances that are
currently under service agreements.
MAC
Media Access Control address. The physical address of a device
connected to a network, expressed as a 48-bit hexadecimal number.
machine
A device which performs a task and is operated mechanically,
electrically, or electronically. In computer terminology, "machine"
refers to the computer itself.
network
A group of interconnected devices, including the hardware and software
used to connect them.
node
A wireless node is any device connected to a wireless network. This
can be a WAP (wireless access point), client, ad hoc client, etc.
operator
A user of a Lockdown appliance has a defined username and password
account, and can log into the appliance via the Lockdown Web Interface.
ops –
Operations
OS –
Operating System. The main control program of a computer that schedules
tasks, manages storage, and handles communication with peripherals.
Common operating systems include Microsoft Windows, Apple Mac OS X,
Linux, and Unix.
policy
– Policy consists of one or more rule sets that define how to evaluate
devices for network access. There is only one policy on a Lockdown
Enforcer appliance, and it covers all devices connected to all enforced
switch ports.
port
(1) An IP port is a number used by Internet transport protocols to
distinguish among multiple simultaneous connections to a single
destination host. Higher-level applications that use TCP/IP have ports
with pre-assigned numbers (e.g. http on port 80). Many of these
applications have ports that reside in the 1-1024 range, which are
known as privileged ports. Other application processes are given port
numbers dynamically for each connection. When a server program or
service using TCP/IP is initially is started, it becomes bound to its
designated port number. Client programs then connect to that port to
access the service or program.
(2) A switch port is a singular, physical input on a network switch
that network devices plug into. This is accompanied by a logical
software channel identified by a unique port number.
port group
A defined group of ports on a switch, configurable in the Lockdown Web
interface. Port groups are often used in policy to determine what
rules should apply to what devices. Port groups can be manually created
by Enforcer appliance operators, or created automatically as an
Enforcer appliance connects to switch for the first time.
production
Production VLAN. These are VLANs that devices connect to during
regular operation, and are the VLANs that Lockdown Enforcer protects.
Devices are only allowed on production VLANs if they comply with
policy.
quarantine
A VLAN created by Lockdown Enforcer that has restricted access to the
rest of the network. When a device is placed in quarantine, Enforcer
acts as a proxy and/or filter to give the device access to resources
that are allowed by policy. Depending on the topology of the network,
the quarantine VLAN may provide the device with implicit access to
other quarantined devices, to specific resources that are also on the
quarantine VLAN, and even to the Internet.
RADIUS
Remote Authentication Dial In User Service. Lockdown Enforcer is
capable of interfacing with RADIUS authentication servers to implement
RADIUS user authentication at the control point.
realm
A network domain to which an end-user must authenticate.
registry
The Windows registry is a database which stores OS options and
settings for Microsoft Windows. This includes information about
hardware, installed software, system policies, system settings,
variables, and more. Registry entries are referred to as "keys".
remediation
The process of revising existing programs to become compliant to
determined criteria. Remediation occurs when a user of a Lockdown
appliance fixes a device vulnerability using the information in a
vulnerability report (generated for that device by the appliance).
report
The results of a network audit that are presented to the user via the
Lockdown Web Interface.
restart
To physically turn off and then turn on a Lockdown appliance.
root
The top-level administrative user account on a computer system or
appliance. Root users have the highest level of authorization and
privileges over a given system.
router
A system responsible for making decisions about which paths network
(or Internet) traffic should follow. To do this, it uses a routing
protocol to gain information about the network, and algorithms to
choose the best route. Routers are also called "gateways" in Internet
terminology.
rule
A rule is a subcomponent of policy that defines what actions should be
performed if certain conditions are met. The logical portion of a rule
consists of one or more conditions, which are specific device
evaluations that can return true or false.
rule set
A set of rules that define the process a device must go through before
it can access the network. This can include authentication and/or an
immediate audit. If an immediate audit is required, then audit policy
is invoked to determine whether or not the device is allowed on the
network. Rule sets are configurable in the Policy section of the
Lockdown Web Interface.
scheduler
The part of the Lockdown Web Interface that allows you to schedule
audits over a period of time.
server
A type of computer system that provides one or more network services
such as data storage and data transfer. Common examples are Web
servers, database servers, and email servers.
severity
The severity of a vulnerability. This is color coded within a
vulnerability report using one of four colors: White (no threat), Blue
(little threat), Yellow (moderate threat), and Red (high threat).
shutdown
The state and point in time when a Lockdown appliance is turned off.
SNMP
Simple Network Management Protocol. This protocol is designed to
support monitoring of network-attached devices for any conditions that
warrant administrative attention.
socket
A data-exchange path between two computer processes, on the same
device or on different devices. On a TCP/IP network, a socket address
on a device is the TCP/UDP port number plus the IP network address.
software
updates
The package of files required to convert a Lockdown appliance from one
version of software to a later version. Software updates are separate
and distinct from LOCsets. Software updates are provided at no
additional cost for Lockdown appliances that are currently under
service agreements.
SSID
Service Set ID. The configured name of a wireless local access network
(WLAN).
SSL
Secure Sockets Layer. A protocol to enable encrypted, authenticated
data exchange across the Internet. SSL is used mostly commonly in data
exchange between Web browsers and Web servers. URLs that begin with
"https" indicate that an SSL connection will be used.
startup
The state and point in time when a Lockdown appliance is turned on.
switch
A network switch is a computer networking device that intelligently
connects network segments and other devices to each other. As network
traffic comes into a switch, the switch stores the originating MAC
address and the originating port in the switch's MAC address table. The
switch then selectively transmits the data based on the destination
MAC address. Managed switches allow the data handling capabilities of
the switch to be modified. Virtual LANs (VLANs) can be used in managed
switches to reduce the size of the broadcast domains and at the same
time increase security.
test
Audit tests are small programs that determine if a particular target
has a particular vulnerability. Some tests are proprietary, while
others come from the Internet security community. Tests are viewable in
the Audits > Test Sets section of the Lockdown Web interface, and
updated via LOCsets.
ticket
An action item that is assigned to a user for the purpose of
remediating a specific vulnerability. Tickets are tied to specific
audit tests that failed against a specific device, and the contents of a
ticket are generated from the Lockdown appliance's internal
vulnerability database.
topology
The map or plan of the network. The physical topology describes how
the wires or cables are laid out, and the logical topology describes
how the information flows. Topology of a computer network shows the
pattern in which the computers are interconnected.
tracked
When a device is licensed (or tracked) by a Lockdown appliance, it is
fingerprinted in the system for historical tracking, and can be
manually grouped, configured, and audited.
URL
Universal Resource Locator. The address of a computer or a document on
the Internet that consists of a communications protocol followed by a
colon and two slashes (e.g http://), the identifier of a computer (e.g
www.lockdownnetworks.com) and often a directory path to a file.
user
End-user. A person who operates a device on the network that is not a
Lockdown appliance.
VA
Vulnerability Assessment
VLAN
Virtual LAN. Group of devices on one or more LANs that are configured
(using management software) so that they can communicate as if they
were attached to the same LAN, when in fact they are located on
different LAN segments. Because VLANs are based on logical instead of
physical connections, they are extremely flexible. Lockdown Enforcer
uses VLAN-based enforcement by intercepting devices as they connect to a
"production" VLAN, and sending them to "quarantine" VLANs if they do
not comply with policy
VMPS
VLAN Management Policy Server, or VLAN Membership Policy Server. VMPS
is software that maps device information to VLANs, and is found on
Cisco switches such as the Catalyst 6500.
vuln
vulnerability
vulnerability
A weakness in a computer system that could be exploited by a threat to
gain unauthorized access to information or disrupt critical
processing.
WAP
Wireless Access Point
Web
The World Wide Web (WWW). A multi-media system for browsing Internet
sites, accessible by Web browser applications such as Microsoft
Internet Explorer and Mozilla. Web sites are hosted by Web servers,
which use the http protocol to serve Web sites via TCP/IP port 80 (or
https on port 443).
WEP
Wireless Equivalent Privacy. Designed to provide authorization control
for 802.11 WLAN systems using a key string.
white list
Devices that are white listed in Enforcer policy are sent to a
production zone immediately with no further processing. This behavior
is typically associated with devices that belong to the “Always in
Production” device group, and is configurable in policy.
WLAN
Wireless Local Access Network
workstation
A terminal or personal computer that is actively used by one or more
humans.
