Triple Data Encryption Standard
Used to determine the Ethernet MAC address of a host when only its IP address is known.
Asymmetric Digital Subscriber Line
Advanced Encryption Standard
Desktop computing service on the AWS cloud. Allows to provision cloud-based virtual desktops.
Application Programming Interface
Address Resolution Protocol
American Standard Code for Information Interchange
Former Name of Sophos UTM
IPsec protocol that provides for anti-replay and verifies that the contents of the packet have not been modified in transit.
Web service to launch or terminate Amazon EC2 instances automatically based on policies, schedules and health checks.
Collection of IP networks and routers under the control of one entity that presents a common routing policy to the Internet.
Each Amazon data center location is called a region, each region contains multiple distinct locations called Availability Zones, or AZs.
Astaro Wireless Extension
Client daemon which runs on access points and REDs with wireless support. It registers access points on the UTM.
Free service for AWS customers which provides tools needed to create and manage the infrastructure a particular software application requires to run on AWS.
Global partner program for Amazon Web Services, which is focused on helping partners build a successful AWS-based business.
Bounce Address Tag Validation
Name of a method designed for determining whether the return address specified in an email message is valid. It is designed to reject bounce messages to forged return addresses.
The address used by a computer to send a message to all other computers on the network at the same time. For example, a network with IP address 192.168.2.0 and network mask 255.255.255.0 would have a broadcast address of 192.168.2.255.
Code Division Multiple Access
Entity or organization that issues digital certificates for use by other parties.
Challenge-Handshake Authentication Protocol
Classless Inter-Domain Routing
Refers in cryptography to a mode of operation where each block of plaintext is "XORed" with the previous ciphertext block before being encrypted. This way, each ciphertext block is dependent on all plaintext blocks up to that point.
Set of IP standards to create unique identifiers for networks and individual devices.
Free service for AWS customers which provides tools needed to create and manage the infrastructure a particular software application requires to run on AWS.
User interface of the CloudFormation service.
Template which describes the Amazon Web Service infrastructure.
A component of Amazon Web Services which provides monitoring of AWS resources and applications running on the Amazon infrastructure.
Group of linked computers, working together closely so that in many respects they form a single computer.
Content Management System
Certificate Revocation List
Distributed Denial of Service
Distinguished Encoding Rules
Special case of NAT where the destination addresses of data packets are rewritten.
Located below the main menu. Grants access to all gateway units registered with the SUM.
Dynamic Host Configuration Protocol
Standard propagated by the United States Federal Government (FIPS) for digital signatures.
Family of technologies that provides digital data transmission over the wires of a local telephone network.
Method for encoding a data object, such as an X.509 certificate, to be digitally signed or to have its signature verified.
Domain Keys Identified Mail
Destination Network Address Translation
Translates the underlying IP addresses of computers connected through the Internet into more human-friendly names or aliases.
Digital Signature Algorithm
Differentiated Services Code Point
Protocol used by networked devices to obtain IP addresses.
Exterior Border Gateway Protocol
Elliptic Curve (public key encryption technology)
Compute instance in Amazon EC2 service.
Explicit Congestion Notification
Amazon EC2 provides scalable computing capacity in AWS which allows users to rent virtual computers to run their own computer applications.
Static IP addresses for dynamic cloud computing, which is associated with an account. You control the address until you explicitly release it.
Load balancing solution which automatically scales incoming application traffic across multiple targets.
IPsec protocol that provides data confidentiality (encryption), anti-replay, and authentication.
Encapsulating Security Payload
Explicit Congestion Notification (ECN) is an extension to the Internet Protocol and allows end-to-end notifications of network congestion without dropping packets. ECN only works if both endpoints of a connection successfully negotiate to use it.
Protocol for exchanging files over packet-swichted networks.
Tunneling protocol which provides a private, secure path for transporting packets through an otherwise public network.
Technique to locate devices worldwide by means of satellite imagery.
Generic Routing Encapsulation
Global System for Mobile Communications
Protocol providing audio-visual communication sessions on packet-switched networks.
Hardware Compatibility List
A command in the Simple Mail Transfer Protocol (SMTP) with which the client responds to the initial greeting of the server.
System design protocol that ensures a certain absolute degree of operational continuity.
Host-based Intrusion Prevention System
Hash-based Message Authentication Code
Hypertext Transfer Markup Language
Hypertext Transfer Protocol
Technique in which several HTTP requests are sent without waiting for each request to respond.
Hypertext Transfer Protocol Secure
Hypertext Transfer Protocol Secure
Protocol for the transfer of information on the Internet.
Protocol to allow more secure HTTP communication.
AWS Identity and Access Management
Internet Assigned Numbers Authority
Interior Border Gateway Protocol
Internet Control Message Protocol
Intelligent Drive Electronics
Standard protocol that helps identify the user of a particular TCP connection.
Amazon web service to control who can use your AWS resources and in which way.
International Domain Name
Special kind of IP protocol used to send and receive information about the network's status and other control information.
Data-oriented protocol used for communicating data across a packet-switched network.
Open protocol enabling the instant communication over the Internet.
Business or organization that sells to consumers access to the Internet and related services.
Network security and threat prevention technology that examines network traffic flows to detect and prevent vulnerability.
Unique number that devices use in order to identify and communicate with each other on a computer network utilizing the Internet Protocol standard.
Intrusion Prevention System
Internet Protocol Security
Internet Service Provider
Layer Two (2) Tunneling Protocol
Lightweight Directory Access Protocol
Basic communication means of the OSPF routing protocol for IP.
SG appliance with WiFi capability on board
Unique code assigned to most forms of networking hardware.
Provides security services for companies.
Type of database used to manage the devices in a communications network. It comprises a collection of objects in a (virtual) database used to manage entities (such as routers and switches) in a network.
Technology based on NAT that allows an entire LAN to use one public IP address to communicate with the rest of the Internet.
Message-Digest algorithm 5
Cryptographic hash function with a 128-bit hash value.
Management Information Base
Multipurpose Internet Mail Extensions
Multiprotocol Label Switching
Microsoft Point-to-Point Encryption
Microsoft Challenge Handshake Authentication Protocol
Microsoft Challenge Handshake Authentication Protocol Version 2
Managed Security Service Provider
Internet Standard that extends the format of email to support text in character sets other than US-ASCII, non-text attachments, multi-part message bodies, and header information in non-ASCII character sets.
Type of resource record in the Domain Name System (DNS) specifying how emails should be routed through the Internet.
Network Address Translation
Security layer which acts as firewall to control traffic in and out of subnets.
System for reusing IP addresses.
Protocol for synchronizing the clocks of computer systems over packet-switched networks.
In the OSPF protocol, a type of stub area that can import autonomous system (AS) external routes and send them to the backbone, but cannot receive AS external routes from the backbone or other areas.
NT LAN Manager (Microsoft Windows)
Link-state, hierarchical interior gateway protocol (IGP) for network routing.
Protocol combining strong public-key and symmetric cryptography to provide security services for electronic communications and data storage.
Password Authentication Protocol
Peripheral Component Interconnect
Public Key Cryptography Standards
Public Key Infrastructure
Path Maximum Transmission Unit
Post Office Protocol version 3
Virtual data connection that can be used by programs to exchange data directly. More specifically, a port is an additional identifier—in the cases of TCP and UDP, a number between 0 and 65535 – that allows a computer to distinguish between multiple concurrent connections between the same two computers.
Action of searching a network host for open ports.
Protocol for delivery of emails across packet-switched networks.
Provides a device with data connection and electric power through one Ethernet cable.
Point to Point Tunneling Protocol
Early IETF proposal for securing email using public key cryptography.
Well-defined and standardized set of rules that controls or enables the connection, communication, and data transfer between two computing endpoints.
Computer that offers a computer network service to allow clients to make indirect network connections to other network services.
Remote Authentication Dial In User Service
Redundant Array of Independent Disks
Relative Distinguished Name
Reverse Domain Name Service
Means by which an Internet site may publish a list of IP addresses linked to spamming. Most mail transport agent (mail server) software can be configured to reject or flag messages which have been sent from a site listed on one or more such lists. For webservers as well it is possible to reject clients listed on an RBL.
Refers to a data storage scheme using multiple hard drives to share or replicate data among the drives.
Protocol designed to allow network devices such as routers to authenticate users against a central database.
Network device that is designed to forward packets to their destination along the most efficient path.
Rivest, Shamir, & Adleman (public key encryption technology)
Secure/Multipurpose Internet Mail Extensions
Logical unit which stores objects that consist of data and metadata which describe the data.
Sophos Authentication Agent
A sandbox is a security mechanism to execute software in a restricted operating system environment.
Secure Copy (from the SSH suite of computer applications for secure communication)
Small Computer System Interface
Protocol that allows establishing a secure channel between a local and a remote computer across packet-switched networks.
Cryptographic protocol that provides secure communications on the Internet, predecessor of the Transport LayerSecurity (TLS).
Standard for public key encryption and signing of email encapsulated in MIME.
Acts as virtual firewall for an AWS instance to control inbound and outbound traffic.
Identification tag added to the header while using IPsec for tunneling the IP traffic.
Extension to the Simple Mail Transfer Protocol (SMTP). SPF allows software to identify and reject forged addresses in the SMTP MAIL FROM (Return-Path), a typical annoyance of email spam.
Signalization protocol for the setup, modification and termination of sessions between two or several communication partners. The text-oriented protocol is based on HTTP and can transmit signalization data through TCP or UDP via IP networks. Thus, it is the base among others for Voice-over-IP videotelephony (VoIP) and multimedia services in real time.
Stochastic Fairness Queuing
Password or passphrase shared between two entities for secure communication.
Subscriber Identification Module
Protocol used to send and receive email across packet-switched networks.
Notification service which provides mass delivery of messages, predominantly to mobile users.
Amazon web service which provides storage through web services interfaces.
Form of authentication that enables a user to authenticate once and gain access to multiple applications and systems using a single password.
Session Initiation Protocol
Stateless Address Autoconfiguration
SlowHTTP attacks are DoS attacks, in which the attacker sends HTTP requests slowly and in pieces to a Webserver. So the Webserver keeps its resources busy waiting for the data. A DoS is created when the server's concurrent connection pool reaches its maximum.
Symmetric Multiprocessing
Simple Mail Transfer Protocol
Source Network Address Translation
Simple Network Message Protocol
Simple Notification Service
Internet protocol that allows client-server applications to transparently use the services of a network firewall. SOCKS, often called the Firewall Traversal Protocol, is currently at version 5 and must be implemented in the client-side program in order to function correctly.
Software for monitoring and administering multiple UTM units by means of a single interface. Formerly known as Astaro Command Center.
Special case of NAT. With SNAT, the IP address of the computer which initiated the connection is rewritten.
Network protocol to detect and prevent bridge loops
Takes an existing insecure connection and upgrades it to a secure connection using SSL/TLS.
Sophos User Authentication
The subnet mask (also called netmask) of a network, together with the network address, defines which addresses are part of the local network and which are not. Individual computers will be assigned to a network on the basis of the definition.
The use of more than one CPU.
Terminal Access Controller Access Control System
Transmission Control Protocol
Trivial File Transfer Protocol
8-bit field in the Internet Protocol (IP) header stating the maximum amount of time a packet is allowed to propagate through the network before it is discarded.
Temporal Key Integrity Protocol
Protocol of the Internet protocol suite allowing applications on networked computers to create connections to one another. The protocol guarantees reliable and in-order delivery of data from sender to receiver.
Cryptographic protocol that provides secure communications on the Internet, successor of the Secure Sockets Layer (SSL).
Universal Mobile Telecommunications System
Software for unified threat management, including mail and web security. Formerly known as Astaro Security Gateway.
String that specifies the location of a resource on the Internet.
Device which maintains a continuous supply of electric power to connected equipment by supplying power from a separate source when utility power is not available.
Service that allows downloading relevant update packages from the Sophos server.
Uninterruptible Power Supply
Protocol allowing applications on networked computers to send short messages sometimes known as datagrams to one another.
Coordinated Universal Time
Unified Threat Management
Very High Speed Digital Subscriber Line
VPC provides secure data transfer between private enterprises and public cloud provider. Each data remains isolated from every other data both in transit and inside the cloud provider's network.
Private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol such as PPTP or IPsec.
Virtual Network Computing
Routing of voice conversations over the Internet or through any other IP-based network.
Wideband Code Division Multiple Access
WAF, also known as reverse proxy, applies a set of rules to an HTTP conversation and therefore protects webservers from attacks and malicious behavior like cross-site scripting (XSS), SQL injection, and others.
Web-based graphical user interface of Sophos/Astaro products such as UTM, SUM, ACC, ASG, AWG, and AMG.
Microsoft's implementation of NetBIOS Name Server (NBNS) on Windows, a name server and service for NetBIOS computer names.
Windows Internet Naming Service
Wireless Local Area Network
Specification for digital certificates published by the ITU-T (International Telecommunications Union – Telecommunication). It specifies information and attributes required for the identification of a person or a computer system.