|
Glossary:
A
B C D E
F G H I J K
L M N O
P Q R S
T U V W
X Y Z
Symbol
A
ADS
- Active Directory Services is a Windows 2000 directory service
that acts as the central authority for network security, by letting
the operating system validate a user's identity and control his
or her access to network resources.
always allowed - A filter category given this designation
will be included in the white list.
attribute - A component of a group base or Distinguished
Name (DN) that has a type and value. Attribute types include "cn"
for common name, "dc" for domain component, and "ou"
for organizational unit.
authentication method - A way to validate users on a network.
Methods include SMB/NT (referred to as “NT” throughout
this manual) and LDAP.
authentication server - The domain controller on a domain.
This server is used for authenticating users on the network.
Top
B
block
setting - A setting assigned to a service port or library category
when creating a rule, or when setting up a filtering profile or
the minimum filtering level. If an item is given a block setting,
users will be denied access to it.
Top
C
common
name (cn) - An attribute type entered for a username and group
when using LDAP.
container - An LDAP server object that can be comprised of
containers, organizational units, or domains. Container objects
can also "contain" other objects, such as user objects,
group objects, and computer objects.
custom category - Comprised of the ALLOW and BLOCK library
categories maintained by the global administrator, and can include
URLs, URL keywords, and search engine keywords to be blocked.
Top
D
directory
- This information source on a server contains attribute-based data
relevant to a DN entry.
directory service - Uses a directory on a server to automate
administrative tasks for storing and managing objects on a network
(such as users, passwords, and network resources users can access).
ADS, DNS, and NDS (Novell Directory Services) are types of directory
services.
Distinguished Name (DN) - A string of “cn” and
“dc” attribute types comprised of the username and group
name, domain name, and DNS suffix. For example: “cn=admin_user,
cn=admin, dc=yahoo, dc=com”. The "ou" attribute type
also could be part of the DN. For example: "cn=Joe Smith, ou=users,
ou=sales, dc=acme, dc=com."
DNS - Domain Name Service is a distributed Internet directory
service. DNS is used mostly for making translations between domain
names and IP addresses.
domain - An entity on a network comprised of servers, workstations,
and peripherals.
domain component (dc) - An attribute type entered for a domain
name and DNS suffix when using LDAP.
domain controller - An authentication server that answers
logon requests from workstations in a Windows NT domain. There are
two types of domain controller servers: Primary Domain Controller
(PDC) and Backup Domain Controller (BDC).
dynamic group - a virtual LDAP group that does not contain
names of its members but is derived automatically by matching certain
user data criteria. (See also “static group”.)
Top
E
entry
- A collection of attribute types that comprise a Distinguished
Name (DN). Each attribute type of the Distinguished Name has a type
and one or more values. These types are mnemonic strings, such as
"cn" for common name, "dc" for domain component,
or "ou" for organizational unit.
Top
F
filter
setting - A setting made for a service port. A service port
with a filter setting uses filter settings created for library categories
(block, open, warn, or always allow settings) to determine whether
users should be denied or allowed access to that port.
Top
G
global
administrator - An authorized administrator of the network who
maintains all aspects of the ProxyBlocker, except for managing master IP
groups and their members, and their associated filtering profiles.
The global administrator configures the ProxyBlocker, sets up master IP
groups, and performs routine maintenance on the server.
group administrator - An authorized administrator of the
network who maintains a master IP group, setting up and managing
members within that group.
group name - The name of a group set up for a domain on an
NT server. For example: “production” or “sales”.
Top
I
individual
IP member - An entity of a master IP group with a single IP
address.
instant messaging
- IM involves direct connections between workstations either locally
or across the Internet. Using this feature of the ProxyBlocker, groups
and/or individual client machines can be set up to block the use
of IM services specified in the library category.
invisible mode - The ProxyBlocker is set up in the invisible
mode and will filter all connections on the Ethernet between client
PCs and the Internet, without stopping each IP packet on the same
Ethernet segment. The unit will only intercept a session if an inappropriate
request was submitted by a client.
Top
K
keyword
- A word or term used for accessing Internet content. A keyword
can be part of a URL address or it can be a search term. An example
of a URL keyword is the word “essex” in http://www.essex.com.
An example of a search engine keyword is the entry “essex”.
Top
L
library
category - A list of URLs, URL keywords, and search engine keywords
set up to be blocked.
LDAP - One of two authentication method protocols used by
the ProxyBlocker. Lightweight Directory Access Protocol (LDAP) is a directory
service protocol based on entries (Distinguished Names).
LDAP host - The LDAP domain name and DNS suffix. For example:
“yahoo.com” or “server.local”.
login (or logon) script - Consists of syntax that is used
for re-authenticating a user if the network connection between the
user’s machine and the server is lost.
Top
M
M86
supplied category - A library category that was created by M86,
and includes a list of URLs, URL keywords, and search engine keywords
to be blocked.
machine name - Pertains to the name of the user’s workstation
machine (computer).
master IP group - An IP group set up in the tree menu in
the Group section of the GUI, comprised of sub-groups and/or individual
IP filtering profiles.
master list - A list of additional URLs that is uploaded
to a custom category’s URL Category window.
minimum filtering level - A set of library categories and
service ports defined at the global level to be blocked or opened.
If the minimum filtering level is established, it is applied in
conjunction with a user’s filtering profile. If a user does
not belong to a group, or the user’s group does not have a
filtering profile, the default (global) filtering profile is used,
and the minimum filtering level does not apply to that user.
Top
N
name
resolution - A process that occurs when the ProxyBlocker attempts to
resolve the IP address of the authentication server with the machine
name of that server. This continuous and regulated automated procecedure
ensures the connection between the two servers is maintained.
net use - A command that is used for connecting a computer
to—or disconnecting a computer from—a shared resource,
or displaying information about computer connections. The command
also controls persistent net connections.
NetBIOS - Network Basic Input Output System is an application
programming interface (API) that augments the DOS BIOS by adding
special functions to local-area networks (LANs). Almost all LANs
for PCs are based on the NetBIOS. NetBIOS relies on a message format
called Server Message Block (SMB).
NetBIOS name lookup - An authentication method used for validating
a client (machine) by its machine name.
Network
Address Translation (NAT) - Allows a single real IP address
to be used by multiple PCs or servers. This is accomplished via
a creative translation of inside “fake” IP addresses into
outside real IP addresses.
Top
O
open
setting - A setting assigned to a service port or library category
when creating a rule, or when setting up a filtering profile or
the minimum filtering level. If an item is given an open (pass)
setting, users will have access to it.
organizational unit (ou) - An attribute type that can be
entered in the LDAP Distinguished Name for a user group.
override account - An account created by the global group
administrator or the group administrator to give an authorized user
the ability to access Internet content blocked at the global level
or the group level.
Top
P
PDC
- A Primary Domain Controller functions as the authentication
server on a Windows NT domain. This server maintains the master
copy of the directory database used for validating users.
peer-to-peer - P2P involves communication between computing
devices—desktops, servers, and other smart devices—that
are linked directly to each other. Using this feature of the ProxyBlocker,
groups and/or individual client machines can be set up to block
the use of P2P services specified in the library category.
profile string - The string of characters that define a filtering
profile. A profile string can consist of the following components:
category codes, service port numbers, and redirect URL.
protocol - A type of format for transmitting data between
two devices. LDAP and SMB are types of authentication method protocols.
proxy server - An appliance or software that accesses the
Internet for the user’s client PC. When a client PC submits
a request for a Web page, the proxy server accesses the page from
the Internet and sends it to the client. A proxy server may be used
for security reasons or in conjunciton with caching for bandwidth
and performance reasons.
Top
Q
quota
- The number of minutes configured for a passed library category
in an end user’s profile that lets him/her access URLs for
a specified time before being blocked from further access to that
category.
Top
R
Real
Time Probe - On the ProxyBlocker, this tool is used for monitoring
the Internet activity of specified users in real time. The report
generated by the probe lets the administrator know whether end users
are using the Internet appropriately.
rule - A filtering component comprised of library categories
set up to be blocked, opened, always allowed, or assigned a warn
setting. Each rule created by the global administrator is assigned
a number and a name that should be indicative of its theme. Rules
are used when creating filtering profiles for entities on the network.
Top
S
search
engine - A program that searches Web pages for specified keywords
and returns a list of the pages or services where the keywords were
found.
service port - Service ports can be set up to blocked. Examples
of these ports include File Transfer Protocol (FTP), Hyper Text
Transfer Protocol (HTTP), Network News Transfer Protocol (NNTP),
Secured HTTP Transmission (HTTPS), and Other ports such as Secure
Shell (SSH).
SMB - One of two authentication method protocols used by
the ProxyBlocker. Server Message Block is a “client/server, request/response”
protocol.
SMTP - Simple Mail Transfer Protocol is used for transferring
email messages between servers.
SNMP - For the ProxyBlocker, a Simple Network Management Protocol
is a third party product used for monitoring and managing the working
status of the ProxyBlocker’s filtering on a network.
sub-group - An entity of an IP group with an associated member
IP address and netmask, and filtering profile.
Top
T
tiers
- Levels of authentication methods. Tier 1 uses net use based
NT or LDAP authentication. Tier 2 uses time-based profiles for both
the NT and LDAP authentication methods. Tier 3 uses persistent login
connections for either the NT or LDAP authentication methods.
time profile - A customized filtering profile set up to be effective
at a specified time period for all users in a sub-group.
Traveler - M86’s executable program that downloads updates
to your ProxyBlocker on demand or at a scheduled time.
Top
U
URL
- An abbreviation for Uniform Resource Locator, the global address
of Web pages and other resources on the Internet. A URL is comprised
of two parts. The first part of the address specifies which protocol
to use (such as "http"). The second part specifies the
IP address or the domain name where the resource is located (such
as “203.15.47.23” or "m86security.com").
Top
V
VLAN
- Virtual Local Area Network is a network of computers that
may be located on different segments of a LAN but communicate as
if they were on the same physical LAN segment.
virtual IP address - The IP address used for communicating with
all users who log on the network.
Top
W
warn
setting - A setting assigned to a library category when creating
a rule, or when setting up a filtering profile. This designation
indicates URLs in the library category may potentially be in opposition
to the organization’s policies, and are flagged with a warning
message that displays for the end user if a URL from that library
category is requested.
Web-based - An authentication method that uses time-based profiles
or persistent login connections.
white list - A list of approved library categories for a
specified entity's filtering profle.
Back
| Top
|
