Glossary
This glossary defines terms related to Ivanti Endpoint Security. Some terms apply to information technology in general, while others are specific to Ivanti Endpoint Security.
A
AAA Architecture: In client/server networking, an architecture that combines three necessary elements of security, to make them available on one server and able to work with each other in a coordinated manner.
access control list (ACL): A database file that stores information regarding entities that may request access to a network, as well as the rights and privileges to be granted upon request.
accessible endpoints: A feature that associates an individual endpoint with a particular role. This feature allows you to limit a user’s permissions to specific endpoints. For example, you can limit a user with administrative rights to administration of a single endpoint.
accessible endpoint groups: A feature that associates an individual group with a particular role. This feature allows you to limit a user's permissions to specific groups. For example, you can limit a user with administrative rights to administration of a single group.
access rights: System privileges that determine whether or not a user can access an individual feature or page. There is an access right for each system page and function. Access rights for a user are determined by selecting rights for a user role, and then assigning that user role to the applicable user.
accounting: In network security architectures, records what users do once they are granted access to a network, or in the case of denied access, it can report how many failed attempts, and even details of the attempts.
Active Directory: Microsoft’s trademarked system that centralizes the management of networked resources by making each item on a network, including most applications, objects in a relational database and then enabling the administrator to manage those objects through one management center.
active directory synchronization: The process by which the Application Control module synchronizes with a network active directory. This process crawls targeted active directories for users, user groups, endpoints, endpoint containers, and other data stored in the active directory.
Active Server Page: An HTML page that contains embedded server side scripting that is processed on a Microsoft Web Server before the page is sent to the user.
ActiveX: A technology, built on Microsoft’s Component Object Model (COM), that enables software components, regardless of the language used to create them, to interact with one another in a networked environment.
Active Template Library: A Microsoft program library for use when creating ASP code and other ActiveX program components to run in a browser window.
Address Resolution Protocol: An OSI layer-3 protocol used to find an endpoint’s MAC address using its IP address.
agent: A software routine that resides in background memory on a computer or other device and waits to perform an action when a specified event occurs.
Agent Management Job: Jobs that let you install agents upon endpoints within your network remotely. The first function of this job is to discover the targeted endpoints as in a Discovery Scan Job. The second function of this job is to install agents upon endpoints discovered during the first function. These jobs access the targeted endpoints by providing credentials specified during job configuration.
Agent Policies: The agent rules for communicating with the server. These rules include: communication interval, deployment notification options, discovery agent mode, hours of operation, logging level, and reboot notification options. Agent policies are assigned to groups, but any group that has not been explicitly assigned an agent policy will use the default system policy, as defined within the Ivanti Endpoint Security server.
agent policy conflict resolution: A series of protocols that determine which setting takes priority when a group or endpoint is assigned two or more agent policy sets with policies that conflict.
Agent Policy Sets: The combined selected agent policies as defined by the user. After their definition, these sets are then assigned to groups.
Application Browser: A navigation feature in Application Library which provides both predefined and user-defined views of the library’s contents.
Application Control: A Ivanti Endpoint Security module that helps prevent the execution of malicious code and unwanted, unproductive software on a network. This module uses a security approach called application whitelisting, which allows only authorized applications to run on endpoints such as laptops, desktops, servers, and other IT resources.
application control log: A log that records Ivanti Application Control events for a given set of endpoints. These events include applications being allowed to run or being blocked by specific Ivanti Application Control policies. The application control log is an important tool for introducing, implementing, and maintaining application control in the enterprise.
application group: A user-defined grouping of applications in Application Library. Typically, an application group is a set of applications used by a group or organizational unit within the enterprise.
Application Library: A central area for managing all applications and executable files under application control. The Application Library is populated when an application scan is performed during Easy Auditor or Easy Lockdown. The administrator can then organize the executable files into applications and application groups.
application updater: Software used to update installed applications, which may involve adding, modifying, or replacing files on an endpoint.
application whitelisting: The security approach used by Ivanti Application Control to prevent the execution of malicious code and unwanted software by only allowing authorized applications to run. Such applications are either on an endpoint whitelist or permitted by a trust mechanism.
asset: An endpoint, along with all the hardware and software that is installed on that endpoint. Each endpoint, individual hardware device, and individual software application is considered an asset.
authentication: The process of identifying a user, typically through the use of credentials such as a user name and password, as the originator of a message or as the end point of a channel. High level authentication can use such other tokens as the originating IP address, or an encryption key, providing evidence of the authenticity of the request.
Authenticode: A technology based on information technology security industry standards that provides a method for developers to digitally sign their code. When code is signed, the company signing the code takes responsibility for the code and guarantees that the code is safe and free from viruses.
authorization vs. authentication: Whereas authentication is the process of verifying that a user is who they say they are, like having two forms of ID from different places, or dating paint and frame wood to verify authenticity of a painting, authorization is verifying the level of access available to that user, such as aisle and row seating stamped on a concert ticket, or possessing a back-stage pass.
authorization: The process of determining what level of access to grant a user to a system or software application function based upon their log in credentials.
Automatic Caching System (ACS): A system that automatically writes packages marked critical to a memory queue, allowing administrators to have the critical and security-related patches available for rapid deployment.
B
baseline: In information technology, it is the base set of files that comprises a system, or the backup state available for reversions in the case of viral infection or other loss of data, such as when a system is restored from a backup.
behavior: A specific desired outcome for any patch or package deployment, configurable by the use of deployment flags and options.
blacklist: A centralized list of executable files (stored in the form of hash values) that are forbidden to run on endpoints under application control.
blocked application message: A message displayed when an end user tries to run a non-authorized application. This message can be customized by the Ivanti Application Control administrator.
browser: Software that allows the user to find, view, hear, and interact with material on a corporate Intranet or the World Wide Web.
C
chained deployment: The deployment of multiple packages in sequence, flagged to prevent reboot until the last of the chain has been deployed. Chained deployments are a Patch and Remediation module function
child hierarchy: The entire group hierarchy below a specific group within the group hierarchy. Child groups have only one parent. Nesting child groups within parent groups creates an inheritance, which lets you apply one agent policy set to a parent and its children.
client: In computer networks, a client is any user, computer, node, server, or system that is requesting files from or access to some other system, regardless of whether it also acts as a server.
code signing: The process of digitally signing programs for verification purposes.
Common Vulnerabilities and Exposures (CVE): A list of standardized names for vulnerabilities and other information exposures. CVE aims to standardize the names for all publicly known vulnerabilities and exposures.
communication interval: Determines how much time the Ivanti Endpoint Security agent will sleep between communication with the Ivanti Endpoint Security server. When the agent communicates with the server, it is checking for agent policy updates and deployments. This interval is critical since if the interval is too long, the agents will not get their tasks in a reasonable amount of time. If the interval is too short, the server may constantly be busy and other agents may not be able to get their tasks. Interval rates typically vary between 15 and 60 minutes depending on the number of nodes, network architecture and bandwidth.
components: The components that form Ivanti Endpoint Security. components come in two types: platform components and module components. Platform components form a basis for module components to operate. Module components are the individual security solutions used to prevent network security breaches.
Component Object Model (COM): Microsoft’s programming architecture in the Windows family of operating systems that enables software components to communicate between processes and fit easily into object-oriented program design. The family of COM technology includes COM+, Distributed COM (DCOM) and ActiveX.
compliance: An expression of whether the node being evaluated meets the Mandatory Baseline of content to make it safe for admission to the network in a quarantine arrangement. Usually expressed by the boolean true or false, a station can either be compliant or non-compliant. If non-compliant, it is set up for remediation and under quarantine until fully patched. This expression applies to environments with the Patch and Remediation module installed.
concurrent deployment limit: Defines the maximum number of Ivanti Endpoint Security agents that can receive active deployments at the same time. The purpose of the limit is to control the number of deployments to agents across the entire network and to reduce the chance of overloading your Ivanti Endpoint Security server. If an agent takes longer than 60 minutes to finish its deployment, it is no longer counted against this limit. This is the only value that cannot be overridden by a group’s agent policy set, as it limits deployments for all agents. This option is available in environments with the Patch and Remediation installed.
content: Any type of content that the Ivanti Endpoint Security server can deploy to agents. Types of content include vulnerabilities, software, patches, hotfixes, and so on. Security content items contain prerequisites, fingerprints, and signatures (all of which determine whether content is applicable to an endpoint) in addition to the package that contains the software to be installed. Content is available in environments with the Patch and Remediation module installed.
context: Pertaining to Microsoft Active Directory, context refers to the exact container position in the directory tree, thus allowing for the location of resources in a tree, by use of relative rather than fully qualified identifiers.
Control Panel applet: An application designed to be run within Microsoft Windows Control Panel. Ivanti’s Control Panel applet allows easy interaction with the Ivanti Endpoint Security agent.
Coordinated Universal Time (UTC): An international standard that allows for synchronization of events across many geographic zones. On a Ivanti Endpoint Security server, UTC might be chosen instead of local time if a scheduled event is desired to run at the same time at all sites, dependent also upon deployment constraints.
credentials: An object or objects presented along with a request for admission to a network or server that is used to validate the authorization of the presenter. Usually a credential is a combined user name and password, but can also consist of IP address, MAC address or an encryption key to verify that the request comes form an authorization location.
cross-platform: Portable or applicable to more than one operating system.
D
decryption: The process of converting ciphered text back to plain text after it travels across a public access medium. A previously determined key is used once the text arrives at its destination to convert the ciphered message back to clear text.
decryption key: A string of seemingly random bits of data used with cryptographic algorithms to create or verify digital signatures and unscramble cipher text back to its original clear text. Keys can be public or private and keeping at least one key private provides high security. Keys at least 128 bits long are considered more secure by modern standards, as many shorter ones have been cracked by modern computing technology.
deadline: When deploying patches or packages, it is the date and time by which a package or patch absolutely must deploy, and until which, a user may snooze a deployment if inconvenient. This term applies to environments with the Patch and Remediation module installed.
Definition file: A collection of signatures used by AntiVirus to identify and capture viruses and other malware.
Denied Applications policy: A managed policy that adds an application to a centralized blacklist. This explicitly stops the application from running for specified endpoints and users.
deployment flag: When preparing a package or patch deployment, the administrator has many options and flags that can be set to fine tune how and when the deployment occurs and what events accompany and follow the deployment. This function is available in environments with the Patch and Remediation module installed.
deployment: The planned delivery of content to any or all nodes determined to be non-compliant. Deployments are available in environments with the Patch and Remediation module installed.
device class: A group of physical devices or device drivers that have similar characteristics and that can be managed in a similar manner.
device collection: A group of target devices that can be managed in a similar manner.
dirty C state: Indicates that the Ivanti Endpoint Security agent received a chained deployment and the reboot is currently suppressed. While in the C state, the agent will only accept other chained deployments or a reboot deployment. Only a reboot deployment or manual reboot will clear this state. This term applies to environments with the Patch and Remediation module installed.
dirty R state: Indicates that the Ivanti Endpoint Security agent received a deployment that required a reboot and the reboot was suppressed. While in the R state, the agent will only accept a reboot deployment. Only a reboot deployment or manual reboot will clear this state. This term applies to environments with the Patch and Remediation module installed.
dirty state: The term used to describe an agent that displays a C or R on the Endpoints page of the Ivanti Endpoint Security server. Agents that are in a clean state display no such lettering. This term applies to environments with the Patch and Remediation module installed.
Discover Applicable Updates (DAU): A predefined system task that launches the Ivanti Endpoint Security agent on a client endpoint. The DAU runs following subscription replication, five minutes after the application of a patch, after a reboot and when an agent checks in after the ScanNow button has been clicked in the Ivanti Endpoint Security server interface.
discovery methods: The methods used to designate targets (endpoints and devices) during discovery scan jobs. Endpoints and devices can be discovered using a single IP address, an IP address range, a single computer name, network neighborhood, or active directory.
discovery options: A series of queries and scans that collect information about targets defined for detection during discovery scan jobs. These options (which include Verify with PING, ICMP Discovery, Port Scan Discovery, SNMP Discovery, Windows Version Discovery, Resolve DNS Names, Resolve MAC Addresses, and Resolve NetBIOS Names) identify whether an endpoint is present, and, if one is, what its address and operating system information are.
Discovery Scan Job: A network-based scan run from the Ivanti Endpoint Security server that discovers assets in your network (endpoints, routers, switches, printers, and so on) by using user-specified IP addresses or asset names and/or domains. These jobs also discover additional information about assets (operating system, address information, and so on) through port scans, information queries, and address mask requests.
Distributed Component Object Model (DCOM): An extension of the Component Object Model (COM) that extends COM’s capabilities across network boundaries, allowing objects to communicate across a network. COM, unlike DCOM, is designed for interprocess communication on the same node or computer.
domain: On a local or wide area network, a domain is a set of network resources and services available to a group of users. Domains act as containers that can be identified by a name and address, which can then provide authorized users access to any elements they contain. Domains can also share resources with each other as trust is extended by administrators to those other domains.
Domain Name System (DNS): The system used to name computers and especially servers for easier location. A domain name is a meaningful and human-readable name associated with an IP address. Domain names most often take on the format of domainname.com and the most common ones are associated with WWW locations.
Dynamic Host Configuration Protocol (DHCP): A protocol that lets network administrators centrally manage and automate the assignment of IP addresses in an organization’s network by establishing a range of IP addresses to be assigned automatically and indexed. Without DHCP, managers would have to manually assign and keep track of each host IP address on the network.
dynamic-link library file (DLL file): A file that has linked and compiled one or more functions used by a separate process, which can be loaded into the memory space of that process when the program is started or running.
E
Easy Auditor: A managed policy that scans an endpoint and authorizes the applications it finds by creating a whitelist of those applications. It does not block other applications from subsequently installing and/or running, but it does not add these later applications to the whitelist.
Easy Lockdown: A managed policy that scans an endpoint and authorizes the applications it finds by creating a whitelist of those applications. It blocks other applications from subsequently installing or running, thereby enforcing application control.
encryption: The process of converting clear, readable text to ciphered text before it travels on network media, so that it can only be read or understood by a recipient with the proper decryption key. Some of the most secure encryption methods include RSA, AES, IKE, MDS, SSL, and SHA-1.
encryption key: A string of ciphered bits used with cryptographic algorithms to create or verify digital signatures and scramble clear text to protect it from being intercepted and read while traveling across public networking media. Keys can be public or private, and keeping at least one key private provides high security. Keys at least 128-bits long are considered more secure by modern standards, as many shorter ones have been compromised by modern computing technology.
Endpoint: In a client/server network architecture, an endpoint is any node that is a destination of two-way communication, whether requesting or responding. Additionally, in regard to the Ivanti Endpoint Security, the term endpoint is synonymous with any computer in your network that can have an agent installed.
executable file: The type of file recognized and managed by Ivanti Application Control to implement endpoint security. Specifically, it is any file that conforms to the Portable Executable (PE) format. These include .exe, .dll, .sys, .ocx, .cpl, .drv, and .scr files.
F
False positive: An antivirus scan result where a file is wrongly suspected to be infected by a virus or other malware. This term applies to environments with the AntiVirus module installed.
file shadowing: A feature that tracks the data read, written to, or written from a device. Depending on the configuration, either copies of the files are created or only filenames are recorded.
File Transfer Protocol (FTP): A protocol that uses simple, clear text. Thus, it is a non-secure protocol used to exchange files between computers on a network or the internet.
fingerprint: A group of unique identifiers used to determine the presence of a patch, and/or vulnerability, and/or content item. Fingerprints can include unique files, file attributes, directories, registry keys or data values. This term applies to environments with the Patch and Remediation module installed.
firewall: A firewall is a set of related programs located at a network gateway server that protects the resources of a private network from unauthorized access.
fully qualified domain name (FQDN): The domain name is a unique identifier for any resource located within a domain or network. A FQDN is the full name of any network entity starting with its hostname and ending with the exact domain name in which it resides. Example: johnq.accounting.acme.com
G
Global Subscription Service (GSS ): The central repository where security content is stored for retrieval by the Ivanti Endpoint Security server. The GSS also serves as the Ivanti Endpoint Security licensing server.
globally unique identifier (GUID): A 128-bit number generated by Windows operating systems or one of its applications, which is assigned to any object in a two-way communication, be it user, application, or component. The algorithm used to generate GUIDs combines a few unique settings, such as IP Address, MAC Address, and clock date and time to create an even more unique identifier.
Group: A targeted collection of computers created and named for the purpose of deploying distribution packages, defining agent policies, setting Mandatory Baselines, or reporting. Groups provide a simple way to manage computers that have similar requirements rather than managing each computer separately.
H
hostname: The name given to identify each node of a network. The hostname usually describes either the user that operates the node, its position in a building, or its function. Hostname is intended to be more human friendly than numeric IP Addresses.
hours of operation (HOP): When enabled, this value determines when the agents start and stop communicating with the Ivanti Endpoint Security server. If the agent is in the middle of a deployment and the agent’s hours of operation expire (exceed the designated stop time) it will finish what it is currently working on and continue the rest of the deployment at the next hours of operation interval. This term applies to environments with the Patch and Remediation module installed.
HTML: The accepted publishing language of the World Wide Web. It is a universally accepted standard for displaying links, images, and text in a format that computers around the world can read. There are currently many advantages in HTML that allow for an increasing number of different types of objects to be added to and displayed in a browser page.
HTTP: The set of rules for exchanging files (text, graphic images, sound, video, and other multimedia files) on the World Wide Web.
HTTPS: A Web protocol built into most browsers that encrypts and decrypts user page requests as well as the pages that are returned via HTTP over SSL by the Web server.
hyperlink: Generally a different color from the surrounding text, a hyperlink is a coded reference to another location in the document, or to a URL or network address, usually written in a form of HTML code or JAVA, and is most prevalent on Web pages.
I
Internet Assigned Numbers Authority (IANA): An administrative organization that assigns internet host addresses and other numeric constants used in Internet protocols.
inventory: The hardware, software, services, and operating systems that operate on an endpoint. During scanning, the Ivanti Endpoint Security agent compiles a listing for each item in an endpoint's inventory. Some unclassifiable items, such as serial numbers, are also included in an endpoint's inventory. This term applies to environments with the Patch and Remediation module installed.
IP (Internet Protocol): The best known and main protocol in a suite of protocols known as TCP/IP that carry all traffic on the internet currently. IP is a connectionless protocol, meaning it does not wait for confirmation that it was received before sending the next packet. It is designed for long distance carriage of packets of data, as was originally the plan with Arpanet, which later became the internet.
IP address: The 32-bit (4 dotted divisions of eight binary digits) numeric identifier for any device on a network that distinguishes it from other devices and allows for routers and switches to group devices and their communication packets. The 32-bit dotted format is soon to be replaced by IPv6, which will expand the number of available IP addresses to keep pace with the enormous growth of the internet in recent years. Example: IP address 192.168.0.1 would be read by a router as 11000000.10101000.00000000.00000001.
J
JAVA: A programming language invented by Sun Microsystems. It can be used as a general purpose application programming language with built-in networking libraries. It can also be used to write small applications called applets.
JAVA Runtime Environment (JRE): Created by Sun Microsystems, it is the core set of files necessary to execute JAVA written programs in any OS environment. JAVA is used because it is cross-platform, which is increasingly necessary in the current Web-based world.
L
library: A collection of precompiled routines, sometimes called modules, that are stored in object format for reuse by a program.
Lightweight Directory Access Protocol (LDAP): A software protocol that enables the use of Directory Services to locate organizations, individuals, and other resources such as files and devices in a network, whether on the Internet or on a corporate intranet.
limited broadcast: The broadcast method Ivanti Wake on LAN uses to wake network endpoints. Limited broadcast uses the IP address 255.255.255.255 to send a wake request to all endpoints in your network.
localhost: The default name describing the computer address also known as the loopback address of the computer. On Web servers, this loopback can be used to test the default Web page. To access this page, type http://127.0.0.1 or http://localhost.
localprofile.txt: An XML file found in the %Installation Directory%\HEAT Software\EMSSAgent\live\patch\, this file is maintained by the Ivanti Endpoint Security agent and contains information on computer’s name, services, software, hardware, operating system, and support pack level. The refresh inventory data system task uses the information in this file to populate computer inventory data on the Ivanti Endpoint Security server.
Local Authorization: A Trusted Change policy that allows a specified user/endpoint combination to temporarily authorize an application that is not currently on a whitelist or permitted by another trust mechanism.
Ivanti Content Wizard: Ivanti Content Wizard (HCW). An addition to Ivanti Endpoint Security that provides the ability to define custom detection reports, deployment packages, signatures, and fingerprints. It has an easy-to- use graphical interface that illustrates all associated sub-components of the patch in a single view.
Ivanti Endpoint Security: An application that serves as a platform for other applications that protect your network from security risks. These applications, called modules, use different approaches to protect your endpoint. Ivanti Endpoint Security is composed of a server component and an agent component. The server component is installed on a server within your network. The agent component is installed on network endpoints you want to protect from security risks. Ivanti Endpoint Security is accessed via a Web UI.
Ivanti Endpoint Security administrator: Any user who is assigned any of the access rights that control the functionality of the Ivanti Endpoint Security server or its deployments is considered a Ivanti Endpoint Security administrator.
Ivanti Endpoint Security Agent: The Ivanti Endpoint Security agent is a service that runs on each node and queries the Ivanti Endpoint Security server to receive any deployments that become ready. The behavior of the agent is defined by the agent’s policies, whether it is using the default agent policies of the Ivanti Endpoint Security server or the group’s agent policies.
Ivanti Endpoint Security Server: The central system in Ivanti Endpoint Security that manages content retrieval, vulnerability detection, and package deployment to all registered computers on the network. As a sophisticated, automated central repository of the most current security content available for a network, it maintains communication with the Ivanti Endpoint Security agent on nodes, across many key networking platforms, on the network, and detects any vulnerabilities with the help of the agent on each node.
Ivanti Endpoint Security user: Any user who has access to authenticate in to the Ivanti Endpoint Security server is considered an Ivanti Endpoint Security user.
M
MAC address: A 12-digit hexadecimal address that is burned into network cards and networking devices to allow for unique reference.
macro: Within Ivanti Endpoint Security, a macro is an environment variable that represents a filename, directory path, or a series of commands, actions, or keystrokes that can only be executed by the Ivanti Endpoint Security agent.
Malware: Malicious software developed for the purpose of causing harm to a computer system, such as viruses, Trojan horses, spyware, and malicious active content. This term applies to environments with the AntiVirus module installed.
Managed Policy: An application control policy that creates or supplements a whitelist of authorized applications, or a blacklist of blocked applications. These policies include Easy Auditor, Easy Lockdown, Supplemental Easy Lockdown/Auditor, and Denied Applications.
Mandatory Baseline: The absolute minimum set of content or locally-created distribution packages that must be installed on the group’s computer members. In terms of content reports, a Mandatory Baseline will continually verify that the content is actually installed, and, if it is not, it will deploy the necessary distribution packages to bring the computer into compliance. This feature is available in environments with the Patch and Remediation module installed.
Memory Injection Policy: An Application Control policy that monitors running processes for reflective memory injection. It can be configured to audit and/or stop a process when memory injection is detected.
Microsoft Management Console (MMC): A Windows-based application, that allows administrators to perform management tasks of Windows-based hardware, software, and networking components. This feature is available in environments with the Remote Systems Management module installed.
Microsoft SQL Desktop Edition (MSDE): An enabling technology that provides local data storage and is completely compatible with the SQL Server version 7.0 code base. This technology transforms Microsoft Access from a simple file- server database application into an extremely powerful and highly scalable client-server solution for any size organization.
Module Components: Individual security solutions used to prevent various types of security breaches within your network. Each module plugs in to the Ivanti Endpoint Security platform and can be purchased individually. Some module components come installed with the Ivanti Endpoint Security platform and require no additional licensing.
Module Sub Components: The two parts that form a module component. Each module component consists of a server sub component and an endpoint sub-component. These sub-components work together to form a module's functionality.
MSI installer: Designed for Windows networks that use the Windows software installer mechanism. The MSI installer can be edited to include the Ivanti Endpoint Security server name and serial number. In this way, the agent can be deployed through the use of group policy agents.
N
NetWare: Networking OS that has played a major role in the development of Local Area Networking over the past few decades, being an early Network OS to use the Directory Services concept.
Novell Directory Services (NDS): The relational database that contains all the resources on a Novell network, and provides security, and access for all resources.
NSLOOKUP MS-DOS® command: A command line function, which performs a reverse lookup on an IP address by querying the Domain Name System (DNS) server of an endpoint computer. This feature is available in environments with the Remote Systems Management module installed.
O
Open Software Description (OSD): Creates a standard way to describe software components, their versions, underlying structure and relationships to other components. OSD is the standard language used when performing automatic software distributions and updates over the Internet.
Operating System Pack (OSP): Contains all vulnerability detection information needed by an agent for a given operating system. It is generated by the DS and is passed to the agent during the DAU task. When a vulnerability replication executes, it checks to see if any operating systems received new data and it will automatically schedule the DS to regenerate the OS Packs for those operating systems.
Open Vulnerability Assessment Language (OVAL): The common language for security experts to discuss and agree upon technical details about how to check for the presence of vulnerabilities on computer systems. The vulnerabilities are identified using gold-standard tests, OVAL vulnerability definitions in XML, and queries in Structure Query Language (SQL) that can be used by end users or implemented in scanning tools.
P
package: A package contains all the actual patch software and executable code for deployment. A package can run tasks or scripts, install software applications, place files (or directories of files) in a specified location, change the configuration of applications or services, or perform various other tasks that can be done in an unattended manner. The majority of packages contain the patches for vulnerabilities, defects, or bugs. This term applies to environments with the Patch and Remediation module installed.
package script: The script that performs the functions required to start package installation. Can be written using Microsoft VBScript, Microsoft JScript, or command line script. This term applies to environments with the Patch and Remediation module installed. Documentation regarding these languages can be found at MSDN Library: Scripting.
parent hierarchy: Refers to the entire group hierarchy above a specific group within the group hierarchy.
Patch and Remediation: A Ivanti Endpoint Security module you can use to apply hotfixes, patches, service packs, and other content to agent-managed endpoints. Content is first deployed from the Ivanti Endpoint Security Server, and is then installed on endpoints by the Ivanti Endpoint Security Agent.
patch management: The systematic deployment, installation, and auditing of applicable hotfixes, patches, and service packs to operating systems and software applications. This process must incorporate the organization or people needed to administer the patches, the processes needed to ensure the proper testing, the inventorying of existing patch levels, the identification of needed patches, and the technology to deploy and apply the appropriate patches.
Ping MS-DOS® command: A command line function that verifies that an IP address exists and can accept requests, and is commonly used to help troubleshoot connectivity problems within a network. This feature is available in environments with the Remote Systems Management module installed.
Platform components: The essential components needed for Ivanti Endpoint Security operation. These components include the Ivanti Endpoint Security Web console, the Ivanti Endpoint Security database, and the Ivanti Installation Manager.
policy server: In a network designed with protections against unauthorized admission, it is where the rules and policies are stored that are the standards by which admission decisions are made. Rules can then be enforced by routers or some other form of firewall protection.
port number: The port number is carried in internet transport protocols to identify which service or program is to receive an incoming packet. Certain port numbers are permanently assigned to particular protocols by the IANA. For example, e-mail uses port 25 and Web services use port 80.
portable encryption: The encoding of data on a portable device or media into a form in which meaning cannot be assigned without the use of a confidential process or key.
posture: A term used by Cisco to refer to the state of readiness of a node requesting admission to a network, which will determine, when compared to the rules on the policy server, what degree of access if any, the node may be granted to the network. No access is usually termed as quarantine.
prerequisite: A requirement, such as the existence of a software package, file, and/or registry entry, that must be met prior to the deployment or installation of a patch.
proxy server: In an enterprise that uses one of the Internet protocols, a proxy server is a server that acts as an intermediary between a client and an Internet server. The proxy server allows an enterprise to ensure security and administrative control.
PuTTY: A free and open source terminal emulator application, that allows Windows users to connect to remote systems over the Internet using SSH, Telnet, and Rlogin network protocols. This feature is available in environments with the Remote Systems Management module installed.
Q
Q-chain (QChain.exe): The utility Microsoft provides to chain hotfixes on Microsoft Windows NT, 2000, 2003, 2008, XP, or Vista.
Quarantine: A secure folder that holds files suspected of containing a virus or other suspicious code. An Administrator can review the contents to decide what items are safe (for example, false positives) or should be deleted. This term applies to environments with the AntiVirus module installed.
quiet mode: When set to quiet mode, a deployment package will suppress all user interfaces during installation.
R
Reflective Memory Injection: A technique for executing external code within an authorized process, bypassing an endpoint’s whitelist enforcement mechanism. This is sometimes (though not always) the result of a malware attack.
Refresh Inventory Data (RID): Prevents certain log files from getting too large. RID is handled differently on the various platforms; some delete the files when they reach a certain size, while others will trim the file, leaving the most recent data but shrinking the file size.
registry: The registry serves as a central data repository for system and application-specific configuration data on a Windows machine. A registry contains keys, which are like directories in a Windows file system. Each key can contain values (the registry equivalent of a data file) or nested subkeys (the registry equivalent of a nested folder). Just as with files or folders, you can identify a registry key by building a full path to it.
remediation: Installing a countermeasure to reduce or neutralize the risks associated with a vulnerability. This term applies to environments with the Patch and Remediation module installed.
Remote Systems Management: A platform component within Ivanti Endpoint Security that provides administrators a simple way to remotely manage devices from the Ivanti Endpoint Security Web console. This feature is available in environments with the Remote Systems Management module installed.
replication: The process whereby the Ivanti Endpoint Security server receives daily scheduled updates of patches from the GSS. The schedule replication time of day can be manually overridden daily by clicking Update Now.
report: Records that document activity and information pertaining to your network environment. Within the Ivanti Endpoint Security server, you can generate reports for virtually every function that the server and agent performs: endpoint inventory, the results of discovery scan jobs, the status of a deployment, and so on.
Reverse Address Resolution Protocol (RARP): Literally, the reverse of Address Resolution Protocol, RARP resolves an IP address from a given hardware, or MAC address.
rules: Statements of conditions that must be met or parameters that will determine an action to be taken. Rules can be positive or negative, but usually are stated simply and clearly such as “if member of group ADMIN, run superuser.bat.”
S
Sandbox: A behavior-based technology that examines files for suspicious activities. It can detect new viruses or variants that do not yet have a signature, and delete or quarantine them. This term applies to environments with the AntiVirus module installed.
Secure File Transfer Protocol (SFTP): A secure version of FTP, SFTP is designed to provide some encryption capabilities for file transfer over a network. Functionally similar to FTP, SFTP instead uses SSH to transfer files, so it cannot be used with a standard FTP client.
Secure Sockets Layer (SSL): A security protocol that provides data encryption, message integrity, and client/server authentication for the transmission of private information and documents over the internet. SSL is available with either 40-bit or 128-bit encryption. However, 40-bit has been compromised in recent years, making 128-bit the lowest level anyone should go for secure encryption.
Self-Updating Trusted Updater: A Trusted Updater application that can update itself and continue functioning as an updater that can add files to an endpoint’s whitelist.
server: A server is a computer or software application that provides data to client computers or software applications. A single computer running multiple software applications can simultaneously perform the function of multiple servers, multiple clients, or any combination thereof.
signature: Used to recognize a specific combination of installed software applications, services, and operating systems. A signature typically contains multiple fingerprints.
snapshot: A snippet of data taken at a pre-configured interval.
source group: Groups that automatically assigned managed endpoints to associated custom groups.
Spyware: Software that obtains information from a user's computer without their knowledge or consent. This term applies to environments with the AntiVirus module installed.
SQL Server: A trademark for a Microsoft database server that uses SQL. SQL Server is a popular database management system for Windows NT environments.
structured query language (SQL): A database language used by administrators of relational databases to query, update, and manage data. It enables the administrator to use clear syntax that is descriptive of whatever action is wanted.
SSL Certificate: An electronic certificate consisting of a set of keys, one public, one private, exchanged between a Web server and a requesting client. A session is created, and a unique session key ensures a high level of encryption of any sensitive data passed between the client and server, preventing interception or unauthorized use of that data by any other entity.
standard deployment: The deployment of a standard, non-chainable package, or the deployment of a chainable package in a non-chainable state. This function is available in environments with the Patch and Remediation module installed.
Supplemental Easy Lockdown/Auditor policy: A managed policy that adds an application to an endpoint's existing whitelist of applications that are permitted to run. This type of policy is used to authorize an application after Easy Auditor or Easy Lockdown has been applied.
T
TCP/IP (Transmission Control Protocol/Internet Protocol): The main suite of communications protocols used to connect hosts on the Internet, and now the prevalent LAN protocol even when other protocols are available.
transaction log: A Web server file that records a history of actions such as data changes. This log is used to roll the Web server back to a stable condition should the database be found in an inconsistent state.
trust: In domains, a trust relationship will allow members of one domain, when properly logged in and authenticated, to access services available on another domain.
Trusted Change policy: Any of the four policies that use the concept of trusted change to manage and authorize applications that are not on an endpoint’s whitelist. These policies include Trusted Updater, Trusted Publisher, Trusted Path, and Local Authorization.
Trusted Path: A Trusted Change policy that specifies a file system path such that any executable files it contains can be run by the users/endpoints that have been assigned this Trusted Path policy.
Trusted Publisher: A Trusted Change policy that allows applications with a digital signature from a recognized, trusted source to execute on an endpoint.
Trusted Updater: A Trusted Change policy that allows an application (typically a software distribution or update tool) to add or modify files on an endpoint. These files are added to the endpoint’s whitelist and are thereby authorized to run. Trusted Path is the only trust mechanism that adds applications to the whitelist.
trust mechanism: Any of the mechanisms that form the basis of the four Trusted Change policies - Trusted Updater, Trusted Publisher, Trusted Path, and Local Authorization.
U
URL (Universal Resource Locator): The address that is the formal access name for a network or Internet resource. It usually begins with the protocol identifier, such as http or ftp. Thus, https://www.yahoo.com is a URL for the domain yahoo.com.
user: A profile used to access the Ivanti Endpoint Security server. These profiles include credentials (a user name and password) and an assigned role that determines the user's access rights within the system.
User Datagram Protocol (UDP): A communications protocol that offers a limited amount of service when messages are exchanged between computers in a network that uses Internet Protocol. It is one of the most common connection-based protocols in use on the internet, the other being TCP.
user name: The unique name used to gain access to a computer and/or network. User names and passwords are required in multi-user systems.
V
VeriSign certificate: A VeriSign certificate is issued by VeriSign, Inc. to verify a company’s identity and enables the company to digitally sign programs and prove the authenticity of a Web site address.
Virtual Network Connection (VNC): A graphical desktop sharing application, that allows you to view and interact with another computer over a network or Internet. This feature is available in environments with the Remote Systems Management module installed.
vulnerability: A weakness in a system that would allow an attacker to compromise system confidentiality, integrity, or availability. Alternatively, it can also be a breach from the original design, concept, or intended behavior of a computer’s hardware or software that leaves the computer, or any piece of it, in an exposed state. Malicious users can use this to force other unintended actions to be performed. Vulnerabilities are often caused by defects or bugs, though this is not always the case. Many times the very configuration may result in unexpected exposures. Even out of date documentation may be labeled as a vulnerability, as not informing a user of how to perform actions in the preferred manner may result in systems being widely exposed. This term applies to environments with the Patch and Remediation module installed.
vulnerability report: A series of signatures and fingerprints designed to determine if a computer is a susceptible to a vulnerability and if the computer has been patched.
W
Wake on LAN: A Ivanti Endpoint Security module that uses magic packet technology to power on managed-endpoints.
Wake Request: A network packet containing code that wake recipient endpoints from a suspended, hibernating, of powered-off state. Ivanti Wake on LAN sends these requests to network endpoints. This term applies to environments with the Ivanti Wake on LAN module installed.
wakepoint: An endpoint that receives wake requests from Ivanti Wake on LAN and relays it to other network endpoints using limited UDP broadcast. One wakepoint must be defined within the network to wake agent-managed endpoints remotely.
Web server: A program that publishes content using the HTTP protocol so that it can be viewed using any type of compliant browser from any location on the connected Intranet or Internet.
whitelist: A list of executable files (stored in the form of hash values) that are authorized to run on an endpoint. A whitelist is created when an application scan is performed on the endpoint during Easy Auditor or Easy Lockdown.
widget: A graph or chart displayed on the Ivanti Endpoint Security Home page that depicts Ivanti Endpoint Security and Ivanti Endpoint Security module activities.
Windows Remote Desktop Connection (RDC): A Microsoft proprietary tool, whose function is to provide a simple interface to access applications and data on a remote Windows computer via a network. This feature is available in environments with the Remote Systems Management module installed.
World Wide Web (WWW): A commonly used name for the Internet, the WWW is a Web of connected Domains of local computers, which can share information with authorized users whom connect from anywhere else on the Web. Due to the exponential growth in recent years, a good way to check on current standards is to visit the World Wide Web Consortium (https://www.w3.org).
X
XML (extensible markup language): A flexible way to create common information formats and share both the format and the data on the World Wide Web, Intranets, and elsewhere.
Z
Zero-day exploit: A software vulnerability that security researchers and software developers are not yet aware of. They pose a higher risk to users than other vulnerabilities of penetrating a system undetected and unnoticed. This term applies to environments with the AntiVirus module installed.