Glossary
December 13, 2023
ID 90
Access rule
List of user restrictions and permissions to access specified web resources and the direction of traffic.
Basic authentication
Authentication mechanism involving sending the user name and password in unencrypted form to the server for verification.
Bypass rule
Set of traffic filtering criteria that determine whether users are allowed or denied access to web resources without checking access rules and protection rules.
Certificate fingerprint
Information that can be used to confirm the authenticity of a server certificate. The fingerprint is created by applying a cryptographic hash function to the content of the server certificate.
Cluster
Group of servers that have Kaspersky Web Traffic Security installed and are combined for centralized management through the application web interface.
Directory service
A software system that can store information about network resources (such as users) in one place and provides centralized management capabilities.
Heuristic analysis
A technology designed to detect threats that cannot be detected using the current version of Kaspersky application databases. It detects files that may be infected with an unknown virus or a new variety of a known virus.
ICAP server
A server implementing the ICAP protocol. This protocol allows filtering and modifying HTTP request and HTTP response data. For example, it can be used for virus scanning of the data, blocking spam, blocking access to personal resources. The ICAP client is usually a proxy server that interacts with the ICAP server over the ICAP protocol. Kaspersky Web Traffic Security receives data from the organization's proxy server that is acting as the ICAP server.
Kaspersky Private Security Network
A solution that allows users of Kaspersky anti-virus applications to access Kaspersky Security Network databases without sending data from their computers to Kaspersky Security Network servers.
Kaspersky Security Network (KSN)
An infrastructure of cloud services that provides access to the online Knowledge Base of Kaspersky which contains information about the reputation of files, web resources, and software. The use of data from Kaspersky Security Network ensures faster responses by Kaspersky applications to threats, improves the performance of some protection components, and reduces the likelihood of false alarms.
Kerberos authentication
Mechanism for mutual authentication of client and server before establishing a connection, which allows to communicate over unprotected networks. The mechanism is based on using a ticket that is issued to the user by an authentication center.
Keytab file
File containing pairs of unique names (principals) for clients that are allowed to use Kerberos authentication, and encrypted keys derived from the user password. Keytab files are used in systems with Kerberos support to authenticate users without having to enter a password.
Layout
Appearance of the application web interface window in the Dashboard section. You can add, remove, and move widgets in the layout, and configure the scale of some widgets.
LDAP
Lightweight Directory Access Protocol for accessing directory services.
License serial number
Unique alphanumeric combination used for unambiguous identification of the owner of an application license.
Malicious links
Web addresses leading to malicious resources, that is, web resources designed to spread malware.
MIB (Management Information Base)
Virtual database used to manage objects that are transmitted over the SNMP protocol.
nginx service
Software for UNIX systems used as a HTTP server or a mail proxy server.
Node with role Control
Application component which allows the administrator to manage application settings through the web interface. The Master server monitors the state of Worker servers and provides them with configured settings and installed license keys.
Node with role Secondary
Application component which scans user network traffic in accordance with traffic processing rules. The node with role Secondary receives settings configured by the administrator from the node with role Control.
Normalization
Normalization is a process whereby the textual representation of a web resource address changes according to specific rules (for example, exclusion of the user name, password, and connection port from the textual representation of the web resource address, or changing the web resource address from uppercase to lowercase characters).
NTLM authentication
An authentication mechanism that works through requests/responses between the server and the client without transmitting the user's password as plaintext over the network. The request and response are encrypted with hashes of the use password, which are transmitted over the network. If network traffic is intercepted, attackers can gain access to password hashes, which makes this mechanism less robust than Kerberos authentication.
Phishing
A type of Internet fraud aimed at obtaining unauthorized access to users' confidential data.
Protection rule
List of scans for viruses, signs of phishing attacks, specific legitimate applications that could be exploited by hackers, and other programs that pose a threat, in network traffic, which are carried out in specified conditions.
PTR record
DNS entry that associates the IP address of a computer with its domain name.
Replay cache
Cache used in Kerberos technology to store records of user authentication requests. This mechanism helps protect the infrastructure against replay attacks. When employing these types of attacks, hackers record user traffic so that they can replay the user's previously sent messages and thereby successfully complete authentication on the proxy server. When using a replay cache, the authentication server detects the duplicate request and responds by sending an error message.
Reputation filtering
A cloud service that uses technologies for determining the reputation of messages. Information about new kinds of spam appears in the cloud service sooner than in Anti-Spam module databases, making it possible to improve the speed and accuracy of spam detection.
SELinux (Security-Enhanced Linux)
A system for controlling access of processes to operating system resources, which is based on security policies.
Service principal name (SPN)
Unique ID of the service in the network for authentication over the Kerberos protocol.
SIEM system
An SIEM (Security Information and Event Management) system is a solution for managing information and events in the security system of an organization.
SNI (Server Name Indication)
Extension of the TLS protocol that transmits the name of the website with which a connection needs to be established. SNI is necessary in cases when multiple services operating over the HTTPS protocol are hosted by the same physical server and use the same IP address but each service has its own security certificate.
SNMP agent
A network management software module of Kaspersky Web Traffic Security that tracks information about application operation.
SNMP trap
An application event notification sent by the SNMP agent.
Squid
Software package that works as a caching proxy for HTTP(S) and FTP protocols. The Squid service uses access control lists for providing access to resources.
SRV record
DNS standard that determines the location, i.e. the host name and port number of servers for specific services.
SSL Bumping
Squid service that is used for intercepting the content of encrypted HTTPS sessions.
Syslog
Standard for transmitting and recording messages about system events used on UNIX and GNU/Linux platforms.
TLS encryption
Encryption of connection between two servers which allows secure data transmission between Internet servers.
Tracing
Recording of debug information about application operation.
Traffic processing rule
Set of actions that the application performs for a web resource that satisfies the specified conditions.
Update source
Resource containing updates for Kaspersky Web Traffic Security anti-virus databases. The source of anti-virus database updates can be Kaspersky update servers, an HTTP- or FTP server, or a local or network folder.
Virus
A program that infects other programs by adding its code to them in order to gain control when infected files are started. This simple definition allows the main action performed by a virus infection to be identified.
Workspace
Group of settings and access rights applicable to a certain group of users.
