Forum-Breadcrumbs - Du bist hier:Knowledge BaseSecurity - Don't let perfect the enemy of good: Sophos Firewall [XG/XGS, Cyberoam]Glossary of Technical terms
Bitte Anmelden, um Beiträge und Themen zu erstellen.
Glossary of Technical terms
#1 · 27. April 2022, 18:55
Zitat von mpca am 27. April 2022, 18:55 Uhrhttps://support.sophos.com/support/s/article/KB-000034650?language=en_US
A
Abbreviation Name Definition Acceptance Criteria The list of minimal criteria by which a story may be judged as successfully completed. Action Center A pane on the Dashboard that shows the actions that are currently required. Active Directory synchronization event An event that occurs during synchronization with Active Directory. Active sub-estate A sub-estate displayed in the Groups pane. AD Sync A Sophos tool that lets administrators map users and groups from Active Directory to the Sophos Cloud Console. ACE / TAO Adaptive Communication Environment / The ACE ORB Library components of CORBA used in RMS. TAO is a real-time C++ implementation of CORBA base upon ACE. Additional policy A policy created by the user. All policies except for the base policy are additional policies. ASLR Address Space Layout Randomization A computer security technique involved in protection from buffer overflow attacks. Advanced Content Control List editor An editor that enables a user to create a custom Content Control List that consists of a score, maximum count, regular expression, and a trigger score that must be reached before the Content Control List is matched. AES Advanced Encryption Standard A 128-bit block data encryption technique used by the U.S. government to protect classified information and is implemented in software and hardware throughout the world to encrypt sensitive data. APT Advanced Persistent Threat An advanced persistent threat is a type of targeted attack. APTs are characterized by an attacker who has the time and resources to plan an infiltration into a network. APTs are persistent in that the attackers may remain on a network for some time. Adware Adware displays advertising, for example, pop-up messages, which affects user productivity and system efficiency. Agent/Agent software The Sophos Cloud agent software installed on endpoint computers or servers. Agent software installer The installer for agent software on endpoint computers or servers. ALPC Advanced Local Procedure Call An internal, undocumented inter-process communication facility provided by the Microsoft Windows NT kernel for lightweight IPC between processes on the same computer. It provides a high-speed scalable communication mechanism required to efficiently implement User-Mode Driver Framework (UMDF), whose user-mode parts require an efficient communication channel with UMDF's components in the executive. ALPC Section Advanced Local Procedure Call Section Security and convenience wrapper of a plain section. See Section. ALPC Section View Advanced Local Procedure Call Section View Security and convenience wrapper of a plain section view. See Section View. Alpha An early phase in software development. See: Technical Preview Annoying The second-lowest level of bug severity (3). Annoying is when:
- There is a defect in functionality with a reasonable workaround.
- There is a major cosmetic or typographical issue.
- There is acceptable performance degradation.
Application control A function in Sophos Central that detects and blocks applications that are not a security threat, but unsuitable for office use. Application manager A dialog box that allows or creates new rules for applications that have been blocked by Sophos Client Firewall. Application rule A rule that applies only to packets of data transferred over the network to or from a particular application. Associated user The user who is associated with a device protected by Sophos Central. Authorization manager The module that authorizes adware and PUAs, suspicious files, and applications that exhibits suspicious behavior and buffer overflows. Automatic Cleanup Cleanup that is performed without any intervention or acceptance by the customer. Automatic Protection Deployment of security software (installation and policy enforcement) on all the computers in an Active Directory container as soon as they are synchronized with Enterprise Console.
Abbreviation Name Definition Base policy The default policy. This applies to all users, although other policies can override it. Beta Coordinated activity to widely test an upcoming product release in customer environments outside of Sophos and gain feedback from customers. Blocked A status showing that applications (including hidden processes), connections, protocols, ICMP messages, and so on have been refused network access. Buffer overflow detection Detects buffer overflow attacks. Bug When functionality does not behave as the pod and the Product Owner agreed that it would. Changes (or dislikes) to agree upon functionality are new stories, not bugs. Business Impact Reflects the pain experienced by users of the system. Options are: Unusable (1), Painful (2), Annoying (3), Polish (4). BRD Business Requirements Document See PRD.
Abbreviation Name Definition Category A specific tag that is used to classify SophosLabs Content Control Lists according to their type, regulation that defines their contents, or region they apply to. CEEMEA Central & Eastern Europe, Middle East and Africa Combination of DACH and NEEMEA Checksum Each version of an application has a unique checksum. The firewall can use this checksum to decide whether an application is allowed or not. Clean up Remove threats from a device. Client Communication Port Unnamed port used by a client to communicate with the server. Also known as client port. CC Code Complete The point in a Feature or Program at which the team declares that all development and testing activities – such as unit testing, system testing and dogfood – have been carried out, and the product meets the quality criteria for release. Code Freeze The staged delivery to QA at which all planned features are available for verification. CnC / C&C / C2 Command and Control Command-and-control servers, also called C&C or C2, are used by attackers to maintain communications with compromised systems within a target network. CORBA Common Object Request Broker Architecture Low level layer in RMS communication involved with SEC-MAC Endpoint connectivity. Connection Request A request constructed for - or constructed by if the parameter is left NULL - the connect functions (NtConnectPort, NtAlpcConnectPort) to be used to establish a connection. Connection requests may have connection details in data (LPC) or in message attributes forms (LPC and ALPC) accompanying them. They are received by the listen functions (NtListenPort, NtAlpcSendWaitReceivePort). Connection Requests have the type LPC_CONNECTION_REQUEST. Content Control List (CCL) A set of conditions that specify file content, for example, credit or debit card numbers, or bank account details near to other forms of personally identifiable information. There are two types of Content Control List: SophosLabs Content Control List and custom Content Control List. Content Rule A rule that contains one or more Content Control Lists and specifies the action that is taken if the user attempts to transfer data that matches all the Content Control Lists in the rule to the specified destination. Controlled Application A non-malicious application that is prevented from running on your computer by your organization’s security policy. Because it undermines productivity or network performance. Controlled Data Files that meet data control conditions. Controlled Device A device that is subject to device control. Critical level A value that triggers the change of an item’s security status to Critical. Crossgress rules Rules between subnets on the same UTM (a Sophos Original). Custom Content Control List A Content Control List that has been created by a Sophos customer. There are two ways to create a custom Content Control List: create a simple list of search terms with a specified search condition, such as any of these terms, or use an advanced Content Control List editor. Custom rule A rule created by the user to specify the circumstances under which an application is allowed to run. CET Customer Environment Test All kinds of tests that are not carried out on a test machine but in a customer(-like) environment: See Dogfood, Beta.
Abbreviation Name Definition Egress rules Rules which govern traffic from the protected Redux subnet to the rest of Sophos and the internet. Endpoint (computer) A desktop (workstation) or server computer capable of running endpoint software. Endpoint (software) A group of security software components which combine to defend an endpoint computer from threats. EC Engineering Complete The point in a Program at which the team declares that all engineering related activities (Development, QA, Documentation, Translation etc.) is complete. Epics Clusters of related functionality that can easily be bundled together and expressed simply. Before starting work, epics must be decomposed into stories. Estate / IT Estate The company IT environment, including computers, network etc. ETW Event Tracing for Windows Event Tracing for Windows (ETW) provides a mechanism to trace and log events that are raised by user-mode applications and kernel-mode drivers. ETW is implemented in the Windows operating system and provides developers a fast, reliable, and versatile set of event tracing features. Exclusions Files, drives or processes that are not included in scanning. Exempt device A device that is explicitly excluded from device control. Expression / Regular Expression A search string that uses special characters to match a text pattern in a file. Data control uses Perl 5 regular expression syntax. Extensive scanning Scanning every part of every file.
Abbreviation Name Definition Feature Usually used to refer to an Engineering project to deliver new functionality or modifications to a product, with defined business justification, objectives and success criteria. A Feature may form part of a wider program of work (see Program) or it may be self-contained and delivered in isolation. FC Feature Complete The point at which the team declares that all new functionality has been successfully developed, integrated and tested, but is not yet ready for release. Remaining work may include Test Passes, System Testing or Dogfood. File matching rule A rule that specifies the action that is taken if the user attempts to transfer a file with the specified file name or of the specified file type to the specified destination, for example, block the transfer of databases to removable storage devices. Firewall event A situation that occurs when an unknown application, or the operating system, on one computer tries to communicate with another computer over a network connection in a way that was not specifically requested by the applications running on the other computer. Firewall policy The settings issued by the management console which the firewall uses to monitor the computer's connection to the internet and other networks. FCS First Customer Ship The point at which all deployment preparations have been completed, and the completed product is first released to customers. Fraggle attack A fraggle attack involves the sending of large numbers of UDP echo (ping) messages to IP addresses with a spoofed source address. The supposed source address will then be flooded with large numbers of replies. FS Functional Specification A document that describes what the behaviour of the software system will be, but without going into the technical details of how that behaviour will be implemented. The functional specification is created by the Engineering team in response to the Product Requirements Document (PRD) in order to describe how the requirements will be fulfilled.
Abbreviation Name Definition General Availability The point at which the product is made available to all customers through their standard update mechanisms. GES Global Escalation Services Support Escalation team (level 3). Global rules Rules that are applied to all network connections and applications which do not already have a rule. They take lower priority than the rules set on the LAN page. They also take lower priority than application rules (unless the user specifies otherwise). Group A group of users or managed computers. Group A, B, C release This refers to different stages of the Staged release process. Group A is the first group of customers to which software is released. Providing there are no blocking issues reported from the field, the release will then be rolled out to Group B followed by Group C.
Abbreviation Name Definition Hardening Regression testing time between the end of the sprint and the actual production deployment of the latest release. Health Indicator Generic term for icons depicting security status of a dashboard section or item, or the overall health status of the network. Hidden process An application sometimes launches a hidden process to perform some network access for it. Malicious applications may use this technique to evade firewalls: they launch a trusted application to access the network rather than doing so themselves. High-priority global rule A rule that is applied before any other global or application rule. HIPS Host Intrusion Prevention System A security technology that protects computers from suspicious files, unidentified viruses, and suspicious behavior. Hotfix A version of a product containing an important bug fix that is made available to specific customers, or specific product lines only.
Abbreviation Name Definition JSON JavaScript Object Notation JavaScript Object Notation (JSON) is a lightweight, text-based, language-independent data interchange format.
Abbreviation Name Definition KBA Knowledge Base Article Articles stored in a Knowledge base; can be anything from how-to articles to notifications.
Abbreviation Name Definition Learning Dialog A dialog box that asks the user to choose whether to allow or block network activity when an unknown application requests network access. Legacy updating policy An updating policy that existed before the upgrade of Sophos Enterprise Console from version 3.x to version 4.0, and that is still being used after the upgrade until a new updating policy is applied to the group or groups. LP Live Protection A feature within Sophos Antivirus that gives the endpoint the ability to lookup files in real-time in order to check if they are malicious. Lockdown The process of securing a server; securing a server so that no changes can be made. Log cleanup settings The settings that control when records are deleted. Log viewer A form where users can view details from the event database, such as connections that have been allowed or blocked, the system log and any alerts that have been raised. Low delta (warehouse) A low delta warehouse contains a frozen version of a package, for example Endpoint Security and Control 10.2, that receives only threat engine and IDE updates for its entire lifetime, barring any vulnerabilities we might find.
Abbreviation Name Definition Malicious traffic Communications with a remote server that may attempt to take control of the computer. MTD Malicious Traffic Detection Sophos Malicious Traffic Detection is a component that will monitor HTTP traffic for signs of connectivity to known bad URLs such as Command and Control servers. If this traffic is detected then it is an early indicator that a new piece of malware may be present and as such can aid in the detection and collection of samples to enable the Sophos Labs to write specific detection. MITM, MitM, MIM, MiM or MITMA Man in the middle attack / man-in-the-middle attack In cryptography and computer security, a man-in-the-middle attack is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. Managed computer A computer that has Remote Management System (RMS) installed and on which the central Sophos console can report and install and update software. Management console The central console which is a graphical user interface (GUI) component that enables you to protect and manage computers. For Enterprise Console, it may not be the same server that has the management server component installed. Management server The central server that handles updating and communications with networked computers. For Enterprise Console, it may not be the same server that has the management console component installed. Match Equal the content that is defined in a Content Control List. Maximum count The maximum number of matches for a regular expression that can be counted towards the total score. Member server A server computer that belongs to a domain, and is not a domain controller. Message Queue A port's container holding messages waiting to be processed (received). MessageId Unique identifier for a message in the system. It is given to a request before it's sent (NtRequestPort, NtRequestWaitReplyPort, NtAlpcSendWaitReceivePort) and is used throughout a conversation. MDM Mobile Device Management The Sophos component that provides management features like corporate email access, Lock, Wipe, Locate. MTR Managed Threat Response Sophos Managed Threat Response (MTR) provides 24/7 threat hunting, detection, and response. It is delivered by an expert team as a fully-managed service.
Abbreviation Name Definition NSG Network Security Group Sophos Network Security Group is formerly Astaro. NFRD Non-functional Requirements Document A document describing one or more non-functional or technical requirements for a product, such as localization requirements, supported OS platforms, performance, scalability. Non-interactive mode The Sophos Client Firewall works in two modes. In non-interactive mode the firewall deals with traffic automatically using your rules. You must set these rules manually, or in interactive mode, before using non-interactive mode. NEEMEA Northern (Nordics) and Eastern Europe, the Middle East & Africa Northern (Nordics) meaning Northern Europe. Used by Sophos when discussing regions.
Abbreviation Name Definition On-access scan A scan that intercepts files as they are accessed (copied, moved, saved, or opened), and grants access to the files only if they do not pose a threat to your computer or are authorized for use. On-demand scan A scan that you initiate. An on-demand scan can be used to scan anything from a single file to entire computer.
Abbreviation Name Definition Painful Second highest level of bug severity (2). Painful is when:
- There is a defect in functionality with a painful workaround.
- Produces data or results that are misleading to the user.
- There is performance degradation that is acceptable but does not meet stated requirements.
Phase Stages into which a Feature or Program are subdivided, often with defined entry/exit criteria and deliverables. Phase 1 The Concept phase in the 4 phase Engineering framework. In this phase the business case and rough estimates (costs) are assessed to decide whether there is sufficient justification to proceed. Phase 2 The Planning phase in the 4 phase Engineering framework. In this phase the baseline scope is established and the project plan is established. Required resources are committed and the the costs that the team will be incurring are defined. Phase 3 The Implementation (Development and Testing) phase in the 4 phase Engineering framework. In this phase the agreed product functionality is developed and tested. Phase 4 The Deployment phase in the 4 phase Engineering framework. In this phase deployment of the product is carried out so that it is available for installation on customer production sites. Pod Small group of engineers (developer + QA) working together to complete a set of stories in a given Sprint. The team is self-organizing and empowered to do what it takes to meet their criteria. They work cooperatively with their Product Owner to negotiate story requirements and make sure the story is completed with high quality. Policy A group of settings applied to a group or groups of computers defined in the Sophos Enterprise Console. Polish Lowest level of bug severity (4). Polish is when:
- There is a minor cosmetic issue.
- There is an easy workaround.
- There is functionality that is not intuitive.
PUA Potentially Unwanted Application A potentially unwanted application is an application that is not inherently malicious but is generally considered unsuitable for the majority of business networks. Pricelist Effective Date This refers to the date when most of the changes included on the price list become effective. Take note that price list often includes changes with different effective dates. These dates are always indicated in the SKU tab in the Pricelist. Pricelist Release Date This refers to the date when the Price List is published on Sophos.net; the partner portal release date typically trails the release date by a week, but that may vary by region. Primary configuration The firewall configuration used for the corporate network that the user connects to for their day-to-day business. Process settings The settings that specify whether modified or hidden processes should be allowed network access. Product Owner Person responsible for developing stories, prioritizing them, creating acceptance criteria, and negotiating with the pods for a given area of the product. PRD Product Requirements Document A document describing one or more business or marketing requirements for new functionality / features of a product that is to be delivered by the engineering team. Program An engineering program is the activity to co-ordinate the development and delivery of multiple Features, including tracking progress, managing common milestones, risks and inter-dependencies between Features. Project Inception The process by which the business takes an idea and really examines what the proposal is, why we are doing it, and why it is worth time for the business that the project be taken on by engineering. Protect see Deployment
Abbreviation Name Definition Quantity The volume of the Content Control List key data type that must be found in a file before the Content Control List is matched. Quantity key The key type of data defined in a Content Control List, to which the quantity setting is applied. For example, for a Content Control List containing credit or debit card numbers, the quantity specifies how many credit or debit card numbers must be found in a file before the Content Control List is matched. QM Quarantine Manager The module that enables you to view and deal with items that have been quarantined.
Abbreviation Name Definition Raw Socket Raw socket, or rawsocket, is a network term for a communication process that gives access to the headers on incoming and outgoing packets. This can enable IP address spoofing. Real-time protection Sophos Feature/process: Scans files as users attempt to access them, and denies access unless the file is clean. Redux Subnet A subnet protected by a UTM. In the Protected group on the UTM. This is also known as Redux segment. Region The scope of a SophosLabs Content Control List. The region either specifies the country the Content Control List applies to (for country-specific Content Control Lists) or shows global (for global Content Control Lists that apply to all countries). Regular expression A search string that uses special characters to match a text pattern in a file. Data control uses Perl 5 regular expression syntax. Release Sequencing Laying out the epics over the next several sprints in order to coordinate between different product owners and pods what work will be worked on when. RMS Remote Management System A component of Sophos Endpoint Security and Control that is responsible for sending and receiving messages from the central console or Message Relay server. Reply (LPC and ALPC Research) A message that is sent to answer a request or another reply. Replies already have a MessageId. Replies have the type LPC_REPLY. Request (LPC and ALPC Research) A message that has no 'conversation history' and has a MessageId of 0 when sent. Requests have the type LPC_REQUEST. Role-based administration Allows full administration of the Enterprise Console to delegate and limit control to other users. For more information see Best practice: designing sub-estates and role-based administration.
Abbreviation Name Definition UTM Unified Threat Management A category of security appliances which integrates a range of security features into a single appliance. Unusable Highest level of bug severity. Unusable is when:
- The defect causes data loss, corruption, or distortion.
- The system is not functional.
- There is no workaround.
- There is incorrect functionality, which could cause an incorrect business decision to be made.
- There is considerable performance degradation.
- There is a possibility for significant monetary loss.
UCD Use Case Diagram A use case diagram at its simplest is a representation of a user's interaction with the system that shows the relationship between the user and the different use cases in which the user is involved. UAC User Account Control User Account Control is a security component that was introduced with Microsoft's Windows Vista and Windows Server 2008 operating systems and allows an administrator to enter credentials during a non-administrator's user session to perform occasional administrative tasks. Utilization Saturation and Errors The Utilization Saturation and Errors (USE) Method is a methodology for analyzing the performance of any system. It directs the construction of a checklist, which for server analysis can be used for quickly identifying resource bottlenecks or errors.
Abbreviation Name Definition Virus data files (also known as Detection data or Threat data files) Virus data is the name given to the group of files (largely written in VDL) that are used by the threat detection engine and include .IDEs, .VDBs, and some xml files. Virus (threat) data files are loaded into memory (RAM) and used by the threat detection engine. In Sophos Anti-Virus for Windows the virus data mainly consists of the following files: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\vdl*.* (depending on the version of Windows). VDL Virus Description Language Sophos's proprietary computer programming language specifically written to define the process required to identify and clean up computer malware, detecting items such as PUAs, and in Application Control. Virus identities are written in VDL by the expert analysts in SophosLabs. IDE Virus identity file A file that enables Sophos Anti-Virus to detect and disinfect a particular virus, worm, Trojan, or item of spyware. See also: Identity File. VoIP Voice over IP A category of controlled applications that includes Voice over IP client applications.
Abbreviation Name Definition Warehouse A warehouse is a store of programs and data published by Sophos. Warehouses are stored in a repository, which is a particular location on a server. One repository can contain multiple warehouses. Web Control A feature that allows you to set and enforce web access policies for your organization, and to view reports on web browsing usage. Web Gateway Protects your network against risky or inappropriate web browsing. It can also prevent loss of confidential data, trust certain networks, and report on all your users’ web browsing. WE Western Europe A term used by Sophos when discussing regions: Western Europe specifically means: France, Spain, Italy, Portugal, Benelux WAN Wide Area Network The network which connects UTMs. This is also known as Redux transit network. This is currently shared with Green. Windows Firewall Windows Firewall is a software component of Microsoft Windows that provides firewall and packet filtering functions that then either blocks it or allows it to pass through to your computer. For more information see: Windows Firewall: frequently asked questions. Working mode The setting that determines whether the firewall applies actions with input from the user (interactive mode) or automatically (the non-interactive modes). Workgroup A workgroup is Microsoft's terminology for a peer-to-peer Windows computer network. For a comparison of a Workgroup to a domain network see Microsoft TechNet: Workgroups compared with domains.
https://support.sophos.com/support/s/article/KB-000034650?language=en_US
A
Abbreviation | Name | Definition |
---|---|---|
Acceptance Criteria | The list of minimal criteria by which a story may be judged as successfully completed. | |
Action Center | A pane on the Dashboard that shows the actions that are currently required. | |
Active Directory synchronization event | An event that occurs during synchronization with Active Directory. | |
Active sub-estate | A sub-estate displayed in the Groups pane. | |
AD Sync | A Sophos tool that lets administrators map users and groups from Active Directory to the Sophos Cloud Console. | |
ACE / TAO | Adaptive Communication Environment / The ACE ORB | Library components of CORBA used in RMS. TAO is a real-time C++ implementation of CORBA base upon ACE. |
Additional policy | A policy created by the user. All policies except for the base policy are additional policies. | |
ASLR | Address Space Layout Randomization | A computer security technique involved in protection from buffer overflow attacks. |
Advanced Content Control List editor | An editor that enables a user to create a custom Content Control List that consists of a score, maximum count, regular expression, and a trigger score that must be reached before the Content Control List is matched. | |
AES | Advanced Encryption Standard | A 128-bit block data encryption technique used by the U.S. government to protect classified information and is implemented in software and hardware throughout the world to encrypt sensitive data. |
APT | Advanced Persistent Threat | An advanced persistent threat is a type of targeted attack. APTs are characterized by an attacker who has the time and resources to plan an infiltration into a network. APTs are persistent in that the attackers may remain on a network for some time. |
Adware | Adware displays advertising, for example, pop-up messages, which affects user productivity and system efficiency. | |
Agent/Agent software | The Sophos Cloud agent software installed on endpoint computers or servers. | |
Agent software installer | The installer for agent software on endpoint computers or servers. | |
ALPC | Advanced Local Procedure Call | An internal, undocumented inter-process communication facility provided by the Microsoft Windows NT kernel for lightweight IPC between processes on the same computer. It provides a high-speed scalable communication mechanism required to efficiently implement User-Mode Driver Framework (UMDF), whose user-mode parts require an efficient communication channel with UMDF's components in the executive. |
ALPC Section | Advanced Local Procedure Call Section | Security and convenience wrapper of a plain section. See Section. |
ALPC Section View | Advanced Local Procedure Call Section View | Security and convenience wrapper of a plain section view. See Section View. |
Alpha | An early phase in software development. See: Technical Preview | |
Annoying | The second-lowest level of bug severity (3). Annoying is when:
|
|
Application control | A function in Sophos Central that detects and blocks applications that are not a security threat, but unsuitable for office use. | |
Application manager | A dialog box that allows or creates new rules for applications that have been blocked by Sophos Client Firewall. | |
Application rule | A rule that applies only to packets of data transferred over the network to or from a particular application. | |
Associated user | The user who is associated with a device protected by Sophos Central. | |
Authorization manager | The module that authorizes adware and PUAs, suspicious files, and applications that exhibits suspicious behavior and buffer overflows. | |
Automatic Cleanup | Cleanup that is performed without any intervention or acceptance by the customer. | |
Automatic Protection | Deployment of security software (installation and policy enforcement) on all the computers in an Active Directory container as soon as they are synchronized with Enterprise Console. |
Abbreviation | Name | Definition |
---|---|---|
Base policy | The default policy. This applies to all users, although other policies can override it. | |
Beta | Coordinated activity to widely test an upcoming product release in customer environments outside of Sophos and gain feedback from customers. | |
Blocked | A status showing that applications (including hidden processes), connections, protocols, ICMP messages, and so on have been refused network access. | |
Buffer overflow detection | Detects buffer overflow attacks. | |
Bug | When functionality does not behave as the pod and the Product Owner agreed that it would. Changes (or dislikes) to agree upon functionality are new stories, not bugs. | |
Business Impact | Reflects the pain experienced by users of the system. Options are: Unusable (1), Painful (2), Annoying (3), Polish (4). | |
BRD | Business Requirements Document | See PRD. |
Abbreviation | Name | Definition |
---|---|---|
Category | A specific tag that is used to classify SophosLabs Content Control Lists according to their type, regulation that defines their contents, or region they apply to. | |
CEEMEA | Central & Eastern Europe, Middle East and Africa | Combination of DACH and NEEMEA |
Checksum | Each version of an application has a unique checksum. The firewall can use this checksum to decide whether an application is allowed or not. | |
Clean up | Remove threats from a device. | |
Client Communication Port | Unnamed port used by a client to communicate with the server. Also known as client port. | |
CC | Code Complete | The point in a Feature or Program at which the team declares that all development and testing activities – such as unit testing, system testing and dogfood – have been carried out, and the product meets the quality criteria for release. |
Code Freeze | The staged delivery to QA at which all planned features are available for verification. | |
CnC / C&C / C2 | Command and Control | Command-and-control servers, also called C&C or C2, are used by attackers to maintain communications with compromised systems within a target network. |
CORBA | Common Object Request Broker Architecture | Low level layer in RMS communication involved with SEC-MAC Endpoint connectivity. |
Connection Request | A request constructed for - or constructed by if the parameter is left NULL - the connect functions (NtConnectPort, NtAlpcConnectPort) to be used to establish a connection. Connection requests may have connection details in data (LPC) or in message attributes forms (LPC and ALPC) accompanying them. They are received by the listen functions (NtListenPort, NtAlpcSendWaitReceivePort). Connection Requests have the type LPC_CONNECTION_REQUEST. | |
Content Control List (CCL) | A set of conditions that specify file content, for example, credit or debit card numbers, or bank account details near to other forms of personally identifiable information. There are two types of Content Control List: SophosLabs Content Control List and custom Content Control List. | |
Content Rule | A rule that contains one or more Content Control Lists and specifies the action that is taken if the user attempts to transfer data that matches all the Content Control Lists in the rule to the specified destination. | |
Controlled Application | A non-malicious application that is prevented from running on your computer by your organization’s security policy. Because it undermines productivity or network performance. | |
Controlled Data | Files that meet data control conditions. | |
Controlled Device | A device that is subject to device control. | |
Critical level | A value that triggers the change of an item’s security status to Critical. | |
Crossgress rules | Rules between subnets on the same UTM (a Sophos Original). | |
Custom Content Control List | A Content Control List that has been created by a Sophos customer. There are two ways to create a custom Content Control List: create a simple list of search terms with a specified search condition, such as any of these terms, or use an advanced Content Control List editor. | |
Custom rule | A rule created by the user to specify the circumstances under which an application is allowed to run. | |
CET | Customer Environment Test | All kinds of tests that are not carried out on a test machine but in a customer(-like) environment: See Dogfood, Beta. |
Abbreviation | Name | Definition |
---|---|---|
Dashboard | An at-a-glance view of the network’s security status. | |
Dashboard Event | An event in which a dashboard health indicator exceeds critical level. An email alert is generated when a dashboard event occurs. | |
Data Control | A feature created to reduce accidental data loss from workstations. It works by taking action when a workstation user tries to transfer a file that meets criteria defined in the data control policy and rules. For example, when a user attempts to copy a spreadsheet containing a list of customer data to a removable storage device or upload a document marked as confidential into a webmail account, data control will block the transfer, if configured to do so. | |
DFD | Data Flow Diagram | A data flow diagram (DFD) is a graphical representation of the flow of data through an information system, modelling its process aspects. A DFD is often used as a preliminary step to create an overview of the system, which can later be elaborated. DFDs can also be used for the visualization of data processing (structured design). |
DLP | Data Leakage Prevention | Data Loss/Leakage Prevention (DLP) solution is a system that is designed to detect potential data breach / data ex-filtration transmissions and prevent them by monitoring, detecting and blocking sensitive data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage). |
DOBUS | Data Out-of-Band Update Service | DOBUS™ is a non-internet reliant, resilient, high-availability and trusted managed service that ensures the secure delivery of patches, fixes, and updates to the entire MoD (Ministry of Defence) community. |
Data view | The view that displays different data depending on the item selected in the tree view. | |
Database |
|
|
Datasheet | A single page summary of a Feature or Program, describing key project parameters, burn up charts as well as the Engineering and Software Release Checklists. A Datasheet is usually in the form of an Excel file or Wiki page but may be in other forms. | |
DROWN | Decrypting RSA with Obsolete and Weakened Encryption | Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) is a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for Internet security. These protocols allow everyone on the Internet to browse the web, use email, shop online, and send instant messages without third-parties being able to read the communication. |
Default sub-estate | A sub-estate that has the server root node of the group tree and the Unassigned group as its root. It is displayed by default when you open Enterprise Console for the first time. | |
DMZ Subnet | Demilitarized Zone Subnet | A subnet which hosts internet-facing services. |
Departmental UTM | A UTM focused on delivering services for a specific department. | |
Deploy | To remotely install Sophos endpoint security software using the central console. | |
Deployment | The act of installing security software using the central console. | |
Description bar | A bar in the log viewer which appears above the data view and contains the name of the currently selected item in the tree view. | |
Destination Unreachable Attack | In a Destination Unreachable Attack, forged destination unreachable messages are broadcast in reply to requests for a network resource. This can deny access to a server or network. | |
DACH | Deutschland (Germany), Austria & Switzerland | Acronym used in for the region of Germany, Austria, and Switzerland |
Device control | A feature to reduce accidental data loss from workstations and restrict introduction of software from outside of the network. It works by taking action when a workstation user tries to use an unauthorized storage device or networking device on their workstation. | |
Devices | The collective term for computers, mobile phones and tablets. | |
DAD | Disciplined Agile Delivery | Disciplined Agile Delivery (DAD) addresses agile practices across the entire lifecycle, from requirements, architecture, and development to delivery and governance. |
DDoS | Distributed Denial-of-Service attack | DDoS is an attack where multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack. Victims of a DDoS attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack. |
Distributed installation | When one or more components that make up your management server (Enterprise Console, Sophos Update Manager and Management Server) are installed on more than one server. For example, the database component installed to a dedicated SQL Server computer. | |
Dogfood | In-house activity to test an upcoming product version on Sophos own systems which are representative of our customers' environment. | |
Domain | A collection of security principals that share a central directory database. The central database is usually maintained by a proprietary Microsoft product or technology, known as Active Directory (AD). A person who uses a computer within a domain receives his or her own unique account, or user name. This account can then be assigned access to resources within the domain to allow central control of rights and permissions. | |
Domain Controller | A server that responds to security authentication requests within the Windows Server domain. | |
DNS | Domain Name System | The Domain Name System (DNS) is the phone book of the Internet. It allows computers to translate website names, like http://www.sophos.com, into IP address numbers so that they can communicate with each other. |
Domain Name System hijacking | A DNS hijacking attack changes a computer’s settings to either ignore DNS or use a DNS server that is controlled by malicious hackers. The attackers can then redirect communication to fraudulent sites. DNS hijacking is commonly used to redirect users to fake login pages for banks and other online services in order to steal their login credentials. It can also be used to redirect security sites to non-existent servers to prevent affected users from updating their security software. | |
DCI | Dynamic Customer Information | Dynamic Customer Information (DCI) File is small XML files, one for each active customer username, containing information that SUM uses to work out where to get updates from. The DCI file's name is the MD5 checksum of the username:password. |
Abbreviation | Name | Definition |
---|---|---|
Egress rules | Rules which govern traffic from the protected Redux subnet to the rest of Sophos and the internet. | |
Endpoint (computer) | A desktop (workstation) or server computer capable of running endpoint software. | |
Endpoint (software) | A group of security software components which combine to defend an endpoint computer from threats. | |
EC | Engineering Complete | The point in a Program at which the team declares that all engineering related activities (Development, QA, Documentation, Translation etc.) is complete. |
Epics | Clusters of related functionality that can easily be bundled together and expressed simply. Before starting work, epics must be decomposed into stories. | |
Estate / IT Estate | The company IT environment, including computers, network etc. | |
ETW | Event Tracing for Windows | Event Tracing for Windows (ETW) provides a mechanism to trace and log events that are raised by user-mode applications and kernel-mode drivers. ETW is implemented in the Windows operating system and provides developers a fast, reliable, and versatile set of event tracing features. |
Exclusions | Files, drives or processes that are not included in scanning. | |
Exempt device | A device that is explicitly excluded from device control. | |
Expression / Regular Expression | A search string that uses special characters to match a text pattern in a file. Data control uses Perl 5 regular expression syntax. | |
Extensive scanning | Scanning every part of every file. |
Abbreviation | Name | Definition |
---|---|---|
Feature | Usually used to refer to an Engineering project to deliver new functionality or modifications to a product, with defined business justification, objectives and success criteria. A Feature may form part of a wider program of work (see Program) or it may be self-contained and delivered in isolation. | |
FC | Feature Complete | The point at which the team declares that all new functionality has been successfully developed, integrated and tested, but is not yet ready for release. Remaining work may include Test Passes, System Testing or Dogfood. |
File matching rule | A rule that specifies the action that is taken if the user attempts to transfer a file with the specified file name or of the specified file type to the specified destination, for example, block the transfer of databases to removable storage devices. | |
Firewall event | A situation that occurs when an unknown application, or the operating system, on one computer tries to communicate with another computer over a network connection in a way that was not specifically requested by the applications running on the other computer. | |
Firewall policy | The settings issued by the management console which the firewall uses to monitor the computer's connection to the internet and other networks. | |
FCS | First Customer Ship | The point at which all deployment preparations have been completed, and the completed product is first released to customers. |
Fraggle attack | A fraggle attack involves the sending of large numbers of UDP echo (ping) messages to IP addresses with a spoofed source address. The supposed source address will then be flooded with large numbers of replies. | |
FS | Functional Specification | A document that describes what the behaviour of the software system will be, but without going into the technical details of how that behaviour will be implemented. The functional specification is created by the Engineering team in response to the Product Requirements Document (PRD) in order to describe how the requirements will be fulfilled. |
Abbreviation | Name | Definition |
---|---|---|
General Availability | The point at which the product is made available to all customers through their standard update mechanisms. | |
GES | Global Escalation Services | Support Escalation team (level 3). |
Global rules | Rules that are applied to all network connections and applications which do not already have a rule. They take lower priority than the rules set on the LAN page. They also take lower priority than application rules (unless the user specifies otherwise). | |
Group | A group of users or managed computers. | |
Group A, B, C release | This refers to different stages of the Staged release process. Group A is the first group of customers to which software is released. Providing there are no blocking issues reported from the field, the release will then be rolled out to Group B followed by Group C. |
Abbreviation | Name | Definition |
---|---|---|
Hardening | Regression testing time between the end of the sprint and the actual production deployment of the latest release. | |
Health Indicator | Generic term for icons depicting security status of a dashboard section or item, or the overall health status of the network. | |
Hidden process | An application sometimes launches a hidden process to perform some network access for it. Malicious applications may use this technique to evade firewalls: they launch a trusted application to access the network rather than doing so themselves. | |
High-priority global rule | A rule that is applied before any other global or application rule. | |
HIPS | Host Intrusion Prevention System | A security technology that protects computers from suspicious files, unidentified viruses, and suspicious behavior. |
Hotfix | A version of a product containing an important bug fix that is made available to specific customers, or specific product lines only. |
Abbreviation | Name | Definition |
---|---|---|
JSON | JavaScript Object Notation | JavaScript Object Notation (JSON) is a lightweight, text-based, language-independent data interchange format. |
Abbreviation | Name | Definition |
---|---|---|
KBA | Knowledge Base Article | Articles stored in a Knowledge base; can be anything from how-to articles to notifications. |
Abbreviation | Name | Definition |
---|---|---|
Learning Dialog | A dialog box that asks the user to choose whether to allow or block network activity when an unknown application requests network access. | |
Legacy updating policy | An updating policy that existed before the upgrade of Sophos Enterprise Console from version 3.x to version 4.0, and that is still being used after the upgrade until a new updating policy is applied to the group or groups. | |
LP | Live Protection | A feature within Sophos Antivirus that gives the endpoint the ability to lookup files in real-time in order to check if they are malicious. |
Lockdown | The process of securing a server; securing a server so that no changes can be made. | |
Log cleanup settings | The settings that control when records are deleted. | |
Log viewer | A form where users can view details from the event database, such as connections that have been allowed or blocked, the system log and any alerts that have been raised. | |
Low delta (warehouse) | A low delta warehouse contains a frozen version of a package, for example Endpoint Security and Control 10.2, that receives only threat engine and IDE updates for its entire lifetime, barring any vulnerabilities we might find. |
Abbreviation | Name | Definition |
---|---|---|
Malicious traffic | Communications with a remote server that may attempt to take control of the computer. | |
MTD | Malicious Traffic Detection | Sophos Malicious Traffic Detection is a component that will monitor HTTP traffic for signs of connectivity to known bad URLs such as Command and Control servers. If this traffic is detected then it is an early indicator that a new piece of malware may be present and as such can aid in the detection and collection of samples to enable the Sophos Labs to write specific detection. |
MITM, MitM, MIM, MiM or MITMA | Man in the middle attack / man-in-the-middle attack | In cryptography and computer security, a man-in-the-middle attack is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. |
Managed computer | A computer that has Remote Management System (RMS) installed and on which the central Sophos console can report and install and update software. | |
Management console | The central console which is a graphical user interface (GUI) component that enables you to protect and manage computers. For Enterprise Console, it may not be the same server that has the management server component installed. | |
Management server | The central server that handles updating and communications with networked computers. For Enterprise Console, it may not be the same server that has the management console component installed. | |
Match | Equal the content that is defined in a Content Control List. | |
Maximum count | The maximum number of matches for a regular expression that can be counted towards the total score. | |
Member server | A server computer that belongs to a domain, and is not a domain controller. | |
Message Queue | A port's container holding messages waiting to be processed (received). | |
MessageId | Unique identifier for a message in the system. It is given to a request before it's sent (NtRequestPort, NtRequestWaitReplyPort, NtAlpcSendWaitReceivePort) and is used throughout a conversation. | |
MDM | Mobile Device Management | The Sophos component that provides management features like corporate email access, Lock, Wipe, Locate. |
MTR | Managed Threat Response | Sophos Managed Threat Response (MTR) provides 24/7 threat hunting, detection, and response. It is delivered by an expert team as a fully-managed service. |
Abbreviation | Name | Definition |
---|---|---|
NSG | Network Security Group | Sophos Network Security Group is formerly Astaro. |
NFRD | Non-functional Requirements Document | A document describing one or more non-functional or technical requirements for a product, such as localization requirements, supported OS platforms, performance, scalability. |
Non-interactive mode | The Sophos Client Firewall works in two modes. In non-interactive mode the firewall deals with traffic automatically using your rules. You must set these rules manually, or in interactive mode, before using non-interactive mode. | |
NEEMEA | Northern (Nordics) and Eastern Europe, the Middle East & Africa | Northern (Nordics) meaning Northern Europe. Used by Sophos when discussing regions. |
Abbreviation | Name | Definition |
---|---|---|
On-access scan | A scan that intercepts files as they are accessed (copied, moved, saved, or opened), and grants access to the files only if they do not pose a threat to your computer or are authorized for use. | |
On-demand scan | A scan that you initiate. An on-demand scan can be used to scan anything from a single file to entire computer. |
Abbreviation | Name | Definition |
---|---|---|
Painful | Second highest level of bug severity (2). Painful is when:
|
|
Phase | Stages into which a Feature or Program are subdivided, often with defined entry/exit criteria and deliverables. | |
Phase 1 | The Concept phase in the 4 phase Engineering framework. In this phase the business case and rough estimates (costs) are assessed to decide whether there is sufficient justification to proceed. | |
Phase 2 | The Planning phase in the 4 phase Engineering framework. In this phase the baseline scope is established and the project plan is established. Required resources are committed and the the costs that the team will be incurring are defined. | |
Phase 3 | The Implementation (Development and Testing) phase in the 4 phase Engineering framework. In this phase the agreed product functionality is developed and tested. | |
Phase 4 | The Deployment phase in the 4 phase Engineering framework. In this phase deployment of the product is carried out so that it is available for installation on customer production sites. | |
Pod | Small group of engineers (developer + QA) working together to complete a set of stories in a given Sprint. The team is self-organizing and empowered to do what it takes to meet their criteria. They work cooperatively with their Product Owner to negotiate story requirements and make sure the story is completed with high quality. | |
Policy | A group of settings applied to a group or groups of computers defined in the Sophos Enterprise Console. | |
Polish | Lowest level of bug severity (4). Polish is when:
|
|
PUA | Potentially Unwanted Application | A potentially unwanted application is an application that is not inherently malicious but is generally considered unsuitable for the majority of business networks. |
Pricelist Effective Date | This refers to the date when most of the changes included on the price list become effective. Take note that price list often includes changes with different effective dates. These dates are always indicated in the SKU tab in the Pricelist. | |
Pricelist Release Date | This refers to the date when the Price List is published on Sophos.net; the partner portal release date typically trails the release date by a week, but that may vary by region. | |
Primary configuration | The firewall configuration used for the corporate network that the user connects to for their day-to-day business. | |
Process settings | The settings that specify whether modified or hidden processes should be allowed network access. | |
Product Owner | Person responsible for developing stories, prioritizing them, creating acceptance criteria, and negotiating with the pods for a given area of the product. | |
PRD | Product Requirements Document | A document describing one or more business or marketing requirements for new functionality / features of a product that is to be delivered by the engineering team. |
Program | An engineering program is the activity to co-ordinate the development and delivery of multiple Features, including tracking progress, managing common milestones, risks and inter-dependencies between Features. | |
Project Inception | The process by which the business takes an idea and really examines what the proposal is, why we are doing it, and why it is worth time for the business that the project be taken on by engineering. | |
Protect | see Deployment |
Abbreviation | Name | Definition |
---|---|---|
Quantity | The volume of the Content Control List key data type that must be found in a file before the Content Control List is matched. | |
Quantity key | The key type of data defined in a Content Control List, to which the quantity setting is applied. For example, for a Content Control List containing credit or debit card numbers, the quantity specifies how many credit or debit card numbers must be found in a file before the Content Control List is matched. | |
QM | Quarantine Manager | The module that enables you to view and deal with items that have been quarantined. |
Abbreviation | Name | Definition |
---|---|---|
Raw Socket | Raw socket, or rawsocket, is a network term for a communication process that gives access to the headers on incoming and outgoing packets. This can enable IP address spoofing. | |
Real-time protection | Sophos Feature/process: Scans files as users attempt to access them, and denies access unless the file is clean. | |
Redux Subnet | A subnet protected by a UTM. In the Protected group on the UTM. This is also known as Redux segment. | |
Region | The scope of a SophosLabs Content Control List. The region either specifies the country the Content Control List applies to (for country-specific Content Control Lists) or shows global (for global Content Control Lists that apply to all countries). | |
Regular expression | A search string that uses special characters to match a text pattern in a file. Data control uses Perl 5 regular expression syntax. | |
Release Sequencing | Laying out the epics over the next several sprints in order to coordinate between different product owners and pods what work will be worked on when. | |
RMS | Remote Management System | A component of Sophos Endpoint Security and Control that is responsible for sending and receiving messages from the central console or Message Relay server. |
Reply (LPC and ALPC Research) | A message that is sent to answer a request or another reply. Replies already have a MessageId. Replies have the type LPC_REPLY. | |
Request (LPC and ALPC Research) | A message that has no 'conversation history' and has a MessageId of 0 when sent. Requests have the type LPC_REQUEST. | |
Role-based administration | Allows full administration of the Enterprise Console to delegate and limit control to other users. For more information see Best practice: designing sub-estates and role-based administration. |
Abbreviation | Name | Definition |
---|---|---|
SafeGuard Enterprise | SafeGuard Enterprise is a modular information protection control platform that enforces policy-based security for PCs and mobile devices across mixed environments. It is fully transparent to end-users and is easy to administer from a single central console. SafeGuard Enterprise provides multi-layered endpoint data security by combining encryption and data leakage prevention (DLP). Its modular architecture provides comprehensive data security tailored to your organization's needs and growth requirements. | |
Score | The number that is added to the total score for a Content Control List when a regular expression is matched. | |
Scrum Master | The leader of a pod from a project management perspective. Scrum masters are not necessarily technical leaders - frequently, QA engineers make the best Scrum masters. The job of the scrum master is to know what is going on with the pod members at any given moment, and to prioritize helping pod members when they are blocked. Scrum masters are also there to keep the pod moving along within the defined process and remind members when they are drifting out of process. | |
Scrum of Scrums | A quick, frequent (typically daily) meeting between a representative of each of the pods with each other and the Product Scrum Master. They report on the status of their pod summarizing instead of presenting individual achievements. This keeps all of the pods in sync with what each other are doing. | |
Secondary configuration | The firewall configuration used when users are not connected to the main corporate network, but to another network such as a hotel or airport wireless network or another corporate network. | |
Section | A unit of memory that can be shared. A process can use a section object to share parts of its memory address space (memory sections) with other processes. Section objects also provide the mechanism by which a process can map a file into its memory address space. | |
Section View | A view of a section is a part of the section that is actually visible to a process. The act of creating a view for a section is known as mapping a view of the section. Each process that is manipulating the contents of a section has its own view; a process can also have multiple views (to the same or different sections). | |
SDL | Security Description Language | SDL is a new generation of VDL for describing threats, expressing Labs business logic, and providing a uniform way of interacting with monitoring and enforcement points to implement Best Protection. |
Segment owner | The virtual team who owns the service(s) delivered by the segment. | |
Server root node | The topmost node of the group tree in the Groups pane, which includes the Unassigned group. | |
SSE | Server-Sent Events | Server-sent events is a technology where a browser receives automatic updates from a server via HTTP connection. The Server-Sent Events EventSource API is standardized as part of HTML5 by the W3C. |
Soft Release | The completed product is made available via FTP for manual download and installation by customers. This step applies specifically to UTM product releases. | |
Sophos (Ltd) | More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Boston, US and Oxford, UK. More information is available at http://www.sophos.com. | |
SCP | Sophos Client Protection | Sophos Client Protection consists of Sophos Anti-Virus and the Sophos Client Firewall. |
SCC | Sophos Control Center | A graphical viewer that connects to the Sophos Management Service and allow an administrator to view, manage and control Sophos Endpoint Security software. Designed for small businesses with up to approximately 100 computers. |
SEC | Sophos Enterprise Console | The software used to install and manage Sophos products on networked computers. |
SED | Sophos Endpoint Defense | This feature is focused on preventing undesired actions by administrators, for example stopping services and killing processes. |
SEM | Sophos Enterprise Manager | A graphical viewer that connects to the Sophos Management Service and allow an administrator to view, manage and control Sophos Endpoint Security software. Enterprise Manager is a cut down version of Enterprise Console with restrictions on: Endpoint policies (type and number allowed); Available downloadable packages; Installation design (no distributed installation; no RBA; plus other limitations. |
SUM | Sophos Update Manager | A program that downloads Sophos security software and updates from Sophos or another update server to shared update locations. |
Sophos-defined rule | A rule that has been provided by Sophos as an example. Sophos-defined rules are not updated by Sophos. | |
SophosLabs Content Control List | A Content Control List that has been provided and is managed by Sophos. Sophos can update SophosLabs Content Control Lists or create new Content Control Lists and make them available in Enterprise Console. The contents of SophosLabs Content Control Lists cannot be edited. However, the quantity can be set for each such Content Control List. | |
Spike | A larger investigative task that is used to research, prototype, and document conclusions that will be used as input into developing new stories or estimating existing stories. Spikes should never produce shippable code. | |
Sprint | Framework for a short iteration of software development, containing all phases of software development from requirements gathering, design, coding, and testing. The results of a Sprint should be releasable. | |
Staged Release | An approach to releasing a product to groups of customers in defined Stages. At each Stage of the release, issues reported from customers are assessed, and the release only proceeds to the next Stage once any issues are understood and deemed acceptable. Customers are generally separated into Groups according to how risk averse or critical to the business they are with more risk averse customers receiving the release at later Stages. | |
Standup | A quick, frequent (typically daily) meeting between pod members that asks each individual:
|
|
Stateful inspection | Packet checking technology that allows the rule to query not just the source and destination of a packet, but whether the packet was part of an earlier communication. Stateful inspection can help to avoid threats from IP spoofing. It can also streamline the filtering process, as packets do not have to be re-checked by your rules. | |
Story | An expression of a feature requirement broken into a small chunk that can be addressed by a small team (Pod) during a Sprint cycle. | |
Sub-estate | A named part of the IT estate, containing a subset of the computers and groups. | |
Sub-estate administration | A feature that restricts the computers and groups that are available to perform operations on. | |
Suspicious behavior detection | Dynamic analysis of the behavior of all programs running on the system in order to detect and block activity which appears to be malicious. | |
SWAG | High level estimate (can be timescales, costs, or resources) carried out without detailed analysis | |
Synchronization interval | The period after which a synchronization point in Enterprise Console is synchronized with the selected Active Directory container. | |
Synchronization point (for an Active Directory tree) | A Sophos Enterprise Console group into which the contents of a selected Active Directory container (groups and computers or groups only) will be added for synchronization, their structure preserved. | |
Synchronization with Active Directory | A one-way synchronization of Sophos Enterprise Console group(s) with Active Directory organizational units, or containers | |
System Administrator | A pre-configured role that has full rights to manage Sophos security software on the network and roles in Enterprise Console. The System Administrator role cannot be deleted or have its rights or name changed, and the Sophos Full Administrators Windows group cannot be removed from it. Other users and groups can be added to or removed from the role. | |
System Test Complete | All test cases that have been planned to be executed during system testing have been successfully run. | |
System Testing | Testing on a complete integrated software system to assess whether it complies with its requirements. |
Abbreviation | Name | Definition |
---|---|---|
UTM | Unified Threat Management | A category of security appliances which integrates a range of security features into a single appliance. |
Unusable | Highest level of bug severity. Unusable is when:
|
|
UCD | Use Case Diagram | A use case diagram at its simplest is a representation of a user's interaction with the system that shows the relationship between the user and the different use cases in which the user is involved. |
UAC | User Account Control | User Account Control is a security component that was introduced with Microsoft's Windows Vista and Windows Server 2008 operating systems and allows an administrator to enter credentials during a non-administrator's user session to perform occasional administrative tasks. |
Utilization Saturation and Errors | The Utilization Saturation and Errors (USE) Method is a methodology for analyzing the performance of any system. It directs the construction of a checklist, which for server analysis can be used for quickly identifying resource bottlenecks or errors. |
Abbreviation | Name | Definition |
---|---|---|
Virus data files (also known as Detection data or Threat data files) | Virus data is the name given to the group of files (largely written in VDL) that are used by the threat detection engine and include .IDEs, .VDBs, and some xml files. Virus (threat) data files are loaded into memory (RAM) and used by the threat detection engine. In Sophos Anti-Virus for Windows the virus data mainly consists of the following files: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\vdl*.* (depending on the version of Windows). | |
VDL | Virus Description Language | Sophos's proprietary computer programming language specifically written to define the process required to identify and clean up computer malware, detecting items such as PUAs, and in Application Control. Virus identities are written in VDL by the expert analysts in SophosLabs. |
IDE | Virus identity file | A file that enables Sophos Anti-Virus to detect and disinfect a particular virus, worm, Trojan, or item of spyware. See also: Identity File. |
VoIP | Voice over IP | A category of controlled applications that includes Voice over IP client applications. |
Abbreviation | Name | Definition |
---|---|---|
Warehouse | A warehouse is a store of programs and data published by Sophos. Warehouses are stored in a repository, which is a particular location on a server. One repository can contain multiple warehouses. | |
Web Control | A feature that allows you to set and enforce web access policies for your organization, and to view reports on web browsing usage. | |
Web Gateway | Protects your network against risky or inappropriate web browsing. It can also prevent loss of confidential data, trust certain networks, and report on all your users’ web browsing. | |
WE | Western Europe | A term used by Sophos when discussing regions: Western Europe specifically means: France, Spain, Italy, Portugal, Benelux |
WAN | Wide Area Network | The network which connects UTMs. This is also known as Redux transit network. This is currently shared with Green. |
Windows Firewall | Windows Firewall is a software component of Microsoft Windows that provides firewall and packet filtering functions that then either blocks it or allows it to pass through to your computer. For more information see: Windows Firewall: frequently asked questions. | |
Working mode | The setting that determines whether the firewall applies actions with input from the user (interactive mode) or automatically (the non-interactive modes). | |
Workgroup | A workgroup is Microsoft's terminology for a peer-to-peer Windows computer network. For a comparison of a Workgroup to a domain network see Microsoft TechNet: Workgroups compared with domains. |
Zuletzt bearbeitet am 27. April 2022, 18:56 von mpca