Security 101 is designed to help you become familiar with the most common security terminology and information discussed throughout the ProSecure™ site. Select either the "Security FAQs" or "Glossary of Terms" tab below.
Call 866-480-2112, where you can speak with a NETGEAR® sales representative that will connect you with a ProSecure™ VAR in your area who will be able to help you evaluate a ProSecure™ appliance for 30 days.
No, there are no hard limits for any of the NETGEAR® ProSecure™ security appliances. The suggested user counts are conservative recommendations based on the specific throughput, connection handling, Email handling, and client handling specifications of each individual appliance. For more information on appliance sizing for your application, see here.
You can purchase a higher specification model, but all of our security appliances run on specific, unique hardware. Security vendors sometimes sell the exact same hardware across multiple models and upgrades entail removing software caps that limit the hardware's performance for the lower specification models. NETGEAR® ProSecure™ doesn't believe in this approach - NETGEAR® ProSecure™ believes that you should always get what you pay for – and this is consistent with our philosophy of "No per-user licenses".
Yes, the STMxxxM/UTMxxx (Software Maintenance & Upgrades, 24/7 Support, & Advanced Replacement Subscription) is an integral part of the NETGEAR® ProSecure™ experience and includes:
Virus and spam definitions are constantly updated by employees of NETGEAR® ProSecure™ Labs, and your appliance will update itself on an hourly basis by default.
There are many deployment options for the STM appliance and we're sure that one of the deployment options will work best for you. To review our complete deployment guide, visit the Products page.
Oftentimes, security solutions that flood users with false positives are quickly viewed as massively annoying. This often results in the solutions being disabled – which defeats the purpose of deploying a security solution in the first place!
Out of the box, the NETGEAR® ProSecure appliance uses best of breed Email and Web security technologies and is delivered out of the box to minimize false positives. We can't say that there will be zero false positives – there will always be false positives and anyone claiming zero false positives is exaggerating.
However, we believe that our best of breed Email and Web scanning technology truly delivers superior performance – particularly since its NOT based on freely available open source antispam and antivirus technologies. Remember – open source security solutions are often the first to be compromised (because they're open!)
Definition: Backdoors most frequently arrive as the malicious payload of a virus or other threat. A backdoor is used to circumvent normal permissions and authentications, and is frequently used to open communication ports, initiate an ftp server, or collect keystrokes and transmit the information back to the attacker. As with Trojans, backdoors can easily penetrate the corporate firewall, thereby compromising the security of the entire network.
Example: The Trojan that infects a user's computer infiltrates the systems to open a communications port, enabling the remote malicious user to gain full access to the system at any time.
Definition: A malware scanning methodology developed during an era when viruses were transmitted via removable media, therefore working on the assumption that the entity to be scanned could be randomly accessed. Batch-based scanning commences only after the entire file is received, with outputting starting only after the entire file has been scanned. As a result, end-users often experience long delays or sometimes even timeouts while the file is transferred and scanned.
Definition: The term given to describe any malicious code that blends the capabilities of two or more types of malware to attack a system on multiple fronts.
Example: Malware infects a system and installs a keylogger, opens a backdoor, and communicates via Internet Relay Chat (IRC).
Definition: Short for "Web Robot", a bot is a malicious software application that installs itself on a user's system by taking advantage of security vulnerabilities in either the user's operating system, or in one of his software applications. By exploiting the vulnerability, the bot can install itself on the system automatically, with no user interaction required. A bot can also be installed by a worm or Trojan that arrives via spammed email. Once the bot is installed, the infected computer can be controlled by a remote malicious user without the knowledge or permission of the computer's rightful owner.
Definition: Short for "bot network", a botnet is a collection of computers, or "zombies", that have been infected by a malicious software application, called a "bot". Computers in the botnet can be controlled by a remote malicious user without the knowledge or permission of the computer's rightful owner.
Example: A single command goes from a malicious user to 20,000 zombie computers to simultaneously make multiple communications requests of a single Web site. The result is a complete saturation of its resources, effectively shutting the site down.
Definition: A buffer overflow is a condition where a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer. In this case, a buffer is a sequential section of memory allocated to contain anything from a character string to an array of integers. Writing outside the bounds of a block of allocated memory can corrupt data, crash the program, or cause the execution of malicious code. Buffer overflows are often used in attacks which exploit security vulnerabilities.
Definition: A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. One common method of attack involves flooding the victim machine or network with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. Distributed denial-of-service attacks are often carried out by botnets, where the resources of bot infected machines carry out attacks from remote locations based on the commands of one or a few individuals.
Definition: Perpetual, coordinated communications between the ProSecure gateway security appliances installed inside the company network and the NETGEAR Spam Classification Center, to proactively detect and classify all types of email-borne threat patterns in real time, based on the analysis of more than 50 million sources around the world. Distributed Spam Analysis technology extracts and analyzes relevant message patterns, which are used to identify and classify distribution and structure patterns of email-borne outbreaks.
Definition: Distributed Web Analysis is a hybrid in-the-cloud URL filtering architecture used in NETGEAR ProSecure gateway security appliances. The appliance queries the NETGEAR URL Classification Center for real-time URL categorization data. The response is then cached locally by the appliance for future queries. The NETGEAR URL Classification Center processes and classifies URL data feeds from millions of HTTP connectors deployed "in-the-cloud" at service providers throughout the world and features a growing URL database containing over a hundred million URLs divided into 64 categories.
Definition: A malicious software application that is sent directly to users via email. The threat can be embedded in HTML email, or it can come in the form of an email attachment. Email-borne threats typically employ a technique referred to as "social engineering" to trick users into believing the email is legitimate, and therefore opening the email or launching the attachment. For HTML-embedded threats, the user's system becomes infected simply by opening the email. If the threat is attached to the email, the system becomes infected once the attachment is launched.
Two well-known threats that rely on email for propagation are spam and phishing. Though not inherently dangerous, per se, spam is frequently employed as a vehicle for email-borne threats, due to its capability to be sent virtually simultaneously to millions of users via networks of computer systems. Similarly, though phishing attacks are executed on the Web, it is the email hook that bears the burden of delivering the victim to the site.
Example: An email arrives in the user's inbox, purportedly from a news agency, with a striking headline as the subject line. The email may be in HTML with the threat embedded in the code, in which case the user's system becomes infected as soon as the email is opened. Alternatively, the attacker may only include a brief abstract in the body of the email, then encourage the user to open the attachment to read the full story.
Definition: The continual gathering and analysis of data from more than 50 million sources from around the world to proactively discover and block any suspected Internet threats that have not yet been identified. Email is accurately assessed in real-time by analyzing its distribution patterns, rather than its header information. Once an email is classified as spam, the scanner assigns it a signature and immediately generates a corresponding pattern file - effectively stopping an outbreak before it becomes widespread. Likewise, Web usage is assessed using a hybrid in-the-cloud URL database containing more than 100 million websites for rapid and efficient content filtering.
Definition: IPS (Intrusion Prevention System) is a network security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities.
Definition: IPsec (IP Security) is a suite of protocols for securing Internet Protocol (IP) communications between a pair of hosts (client based remote access), or a pair of Internet gateways (site to site tunnel) by authenticating and encrypting each IP packet of a data stream. IPsec also includes protocols to establish mutual authentication between agents at the beginning of a session and negotiate the cryptographic keys to be used during the session.
Definition: One of the most common forms of spyware, a keylogger is a program that captures and records the user's keystrokes, then sends those keystrokes back to the attacker. Keyloggers are most commonly used to steal passwords and can be used to easily gain unauthorized access to the company's network, its databases, or other sensitive assets.
Definition: A shortened version of "malicious software", malware is a term used in the security industry to refer generically to any type of computer threat. Malware was initially designed to cause damage to computers or data contained in computer files, or to gain notoriety for the malicious author. However, most modern-day threats are designed to steal personal or company information, with the intention of reaping financial gain.
Example: Viruses, worms, Trojans, and spyware are all considered malware.
Definition: A patent-pending malware scanning methodology, based on the simple observation that network traffic travels in streams. Rather than wait for the entire file to arrive, stream scanning begins receiving and analyzing traffic the moment the stream enters the network. Once the minimum number of bytes is received, scanning commences. The scan engine continues to scan additional bytes as they become available, while another thread outputs the bytes that have been scanned. As a result, large amounts of data can be processed quickly, using a single scan to identify spam, malware, security breaches, or unnecessary applications.
Definition: An email-based threat disguised as a communication from the user's bank or other trusted electronic commerce organization. Intended to provoke the user into taking immediate action, a typical phishing email will pose as a fraud alert, a notification of a security update, a special offer, or a request for the user to verify his credentials. Phishing emails will almost always provide an embedded URL link, which will lead the user to a Web page that has been designed to look identical to the legitimate site – possessing the same company logo, graphics, layout, typefaces, and other visual elements.
Example: An email arrives in the user's inbox, purportedly from his bank, warning him of some potentially fraudulent activity on his account. He is encouraged to use the embedded link to log-in to the bank's Web site to check his account. Upon selecting the link, he is led to an exact replica of the bank's site, where he enters his log-in credentials. Those credentials go directly to the malicious user, who can now use them to gain unfettered access to the user's account.
Definition: A port scan is the action of using a port scanner to probe a machine/network for open ports. It is often used by hackers to find potential vulnerabilities in a system.
Definition: A program that up levels itself to the highest level permission on a computer system. The purpose of a rootkit is to mask other computer processes, making them totally invisible. Though not malicious in and of themselves, the fact that they hide other processes that are occurring on the system poses a serious threat to the security of that system, as well as the network as a whole.
Definition: There are two types of spyware - nuisance spyware and malicious spyware. Malicious spyware, which is the type that has the highest potential for adversely affecting businesses, is utilized by thieves to steal sensitive information. If it gets into the network, it has the potential to compromise company or customer information.
Example: Spyware installed on a user's system sits silently, sending user-entered data back to the remote user on a pre-determined time schedule. The remote malicious user analyzes the data, looking for credit card numbers, online banking credentials, passwords, and other sensitive information.
Definition: SQL injection is a database layer vulnerability exploit in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed.
Definition: SSL VPN (Secure Sockets Layer Virtual Private Network) is a type of VPN that runs on Secure Socket Layers technology and is accessible via HTTPS over Web browsers. It permits users to establish safe and secure clientless remote access sessions from virtually any Internet connected browser. SSL VPN offers a cost-effective, lightweight alternative to legacy software client based VPN technologies.
Definition: Stateful Packet Inspection (SPI) is a firewall architecture that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall contains rules used to distinguish legitimate packets. Only packets matching a known connection state will be allowed by the firewall; others will be rejected and dropped.
Definition: A TCP SYN flood is a form of denial-of-service attack in which an attacker sends a succession of TCP SYN requests to a target's system faster than it can process them. When a normal TCP connection begins, a TCP three-way handshake is initiated between the destination host and source host. The source host sends a SYN (synchronize/start) packet to the destination host and the destination host then sends back a SYN ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN ACK before the connection is established.
Whenever a server receives a SYN segment from a client, computing resources (e.g., memory) are set aside in anticipation of a completed handshake and subsequent data transfer. As there are limited resources on any server, only a set number of connections can be accepted. Any additional requests are rejected. TCP SYN flood attacks overwhelm the victim machine with requests to the point where legitimate requests are dropped.
Definition: Like its Greek Mythology namesake, a Trojan, or Trojan horse, is a malicious software application that is disguised to appear as one that is harmless, in an attempt to trick the user into launching it. Frequently arriving as an email attachment, a Trojan can easily get inside the corporate firewall and cause damage. Trojan horses enable the attacker to gain unauthorized access to the infected system, which degrades the security of the entire network.
Example: Free screensavers, emoticons, or avatars are common disguises for Trojans. The user's system is infected when he attempts to download one of these seemingly benign programs.
Definition: A malicious software application that can replicate its own code. Some viruses seek to cause harm, such as damaging or deleting files, while others seek to overload the computer's memory. However, most are programmed solely to make their presence known. A virus does not have any capability to spread from one system to another. Instead, they need to attach themselves to an existing application to survive – and can only spread when the host application is taken to another computer.
Example: An email arrives in the user's inbox, promising nude pictures of a well-known female celebrity. The attachment is an executable, but is disguised as an image file, which is named after the celebrity. Believing the attachment is, indeed, the nude photos, the user launches the attachment, subsequently infecting his system.
Definition: Any malicious code that spreads through Web protocols (HTTP, HTTPS, and FTP). Many are coded in a browser-supported language such as HTML or JavaScript, and propagated via a Web browser. Web-based threats can be distributed through vulnerabilities in Web browsers, but most will reside on specific Web sites. Some are disguised as legitimate files such as a document, song, or picture, to lure the user into downloading the content. Others can be automatically downloaded in the background when the user visits an infected Web site, requiring no user interaction of any type. The infected site can be a rogue site, developed by a malicious author to appear legitimate, or it can be a legitimate site that has been hijacked by the malicious author and subsequently infected with the threat.
Example: A spyware application appears on a peer-to-peer (P2P) site, either disguised as or appended to an mp3 of a popular song to elicit hundreds of thousands of downloads. The user's system is infected upon downloading the file.
Definition: A type of phishing scam that targets the top executives within a company. In whaling, a carefully crafted email is sent to the targeted individuals, to lure them into clicking on an embedded link, which will lead them to a malicious Web site. Once on the site, spyware can be downloaded to their machines, or the users may be tricked into entering sensitive information about themselves or their businesses.
Example: An email arrives in the CFO's inbox, apparently from the Small Business Administration (SBA), with an important update on the company's line of credit. The email instructs its recipient to click on the embedded URL to view the company's account details. Upon selecting the link, he is led to an exact replica of the SBA site, where he enters his log-in credentials. Those credentials go directly to the malicious user, who can now use them to gain access to the company's account.
Definition: A worm is a malicious software application that can replicate itself and move seamlessly through a company network with no dependencies - unlike a virus, which requires user intervention. Worms consume significant amounts of network bandwidth as they replicate and spread.
Definition: A zombie is a computer that has been infected by a malicious software application, called a "bot". Once the bot is installed, the zombie computer can be controlled by a remote malicious user without the knowledge or permission of the computer's rightful owner
Call: 01344 458200 or Request More Info ›
The PowerShift Program puts a world of resources at your fingertips.
Login Page:
http://www.netgear-powershift.co.uk/
Apply to be a Partner:
http://www.netgear-powershift.co.uk/signup.php
NETGEAR® ProSecure™ security appliances employ a best-of-breed security architecture that provides up to 200x the virus and malware coverage over other solutions at speeds up to 5x faster using patent-pending Stream Scanning technology.
ProSecure™ STM Series: For Medium Sized Businesses – Enterprise Strength Spam, Virus, & Web Filter Security
ProSecure™ UTM Series: For Small Businesses – Comprehensive All-in-One Gateway Security – Without Compromise
Call: 01344 458200
Copyright © 2008 NETGEAR® | www.netgear.co.uk
