Sophos Client Firewall: glossary
A glossary of terms used with the Sophos Client Firewall.
| Term | Description |
|---|---|
| Checksum | Each version of an application has a unique checksum. The firewall can use this checksum to decide whether an application is allowed or not. |
| Destination unreachable attack | In a destination unreachable attack, forged destination unreachable messages are broadcast in reply to requests for a network resource. This can deny access to a server or network. |
| Fraggle attack | A fraggle attack involves the sending of large numbers of UDP echo (ping) messages to IP addresses with a spoofed source address. The supposed source address will then be flooded with large numbers of replies. |
| Group | A group of managed computers defined in the Sophos Enterprise Console. |
| ICMP | Internet Control Message Protocol is an extension of IP which carries network error, control and other messages (e.g. ping messages). See RFC 972. |
| Interactive mode | The Sophos Client Firewall works in two modes. In interactive mode, the firewall asks you what it should do when an attempt is made by a program to access the network or internet with a pop-up dialog. Non-interactive mode suppresses these dialogs. |
| IP spoofing | Faking the header of a packet so that the apparent source is not the real source. This hides the address of the sender, and can be used to execute a Denial of Service (DoS) attack on a third party. To use IP spoofing, an intruder finds the IP address of a trusted host, and then makes packets appear to come from that host. |
| IP tunneling | IP tunneling (or IP encapsulation) hides an IP datagram within other IP datagrams. This permits datagrams for one IP address to be redirected to another IP address. |
| Man in the middle attack | In a man in the middle attack, an intruder reads and edits messages between two parties without either being aware of the intrusion. |
| Non-interactive mode | The Sophos Client Firewall works in two modes. In non-interactive mode the firewall deals with traffic automatically using your rules. You must set these rules manually, or in interactive mode, before using non-interactive mode. |
| Policy | A group of settings applied to a group or groups of computers defined in the Sophos Enterprise Console. |
| Raw Socket | Raw socket, or rawsocket, is a network term for a communication process that gives access to the headers on incoming and outgoing packets. This can enable IP address spoofing. |
| Rollout | The deployment of a new or upgraded product or policy. |
| Smurf attack | A smurf attack involves the sending of large numbers of ICMP echo (ping) messages to IP addresses with a spoofed source address. The supposed source address will then be flooded with large numbers of replies. |
| Sophos Client Protection | Sophos Client Protection (SCP) consists of Sophos |
| Sophos Enterprise Console | Sophos Enterprise Console lets you deploy and manage Sophos Client Protection on the workstations from a central location. |
| Stateful inspection | Packet checking technology that allows the rule to query not just the source and destination of a packet, but whether the packet was part of an earlier communication. Stateful inspection can help to avoid threats from IP spoofing. It can also streamline the filtering process, as packets do not have to be re-checked by your rules. |
If you need more information or guidance, then please contact technical support.
- Article ID: 14822
- Created: 10 Apr 2006
- Last updated: 20 Oct 2008
