A

access control entry (ACE)

An entry in an access control list (ACL). The entry contains a security identifier (SID) and a set of access rights. A process with a matching SID is either allowed or denied access rights.

access control list (ACL)

A level of Windows® 2000 permission that can be set on a file or a directory allowing specified users access within an NTFS directory. An access control entry (ACE) is an entry in the list.

access policy

A set of protocol rules and site and content rules that determines the behavior of an enterprise or array. In the case of an array, access policy also includes packet filters.

active caching

A mechanism used to automatically initiate new requests to update cached file objects without user intervention. Requests can be activated based on the length of time an object has been cached or was last retrieved from the object's source location. This type of caching can be used to ensure the freshness of specified data within the cache. See also passive caching, fresh data.

address spoofing

See DNS spoofing.

alerting

This feature alerts administrators about suspicious network events, such as rejected packets, protocol violations, and a full hard disk. Alerting is enabled when IP packet filtering is turned on and is recorded in the IP packet filtering logs. Event messages can also be sent to a user account by using an SMTP e-mail message.

allow filter

An IP packet filter that allows access between specified IP addresses at the specified ports and using the specified protocols.

anonymous logon

This feature allows a user remote access to a computer on the Internet without supplying a user name or password but provides only the guest permissions assigned to that account. Commonly used in FTP requests. See also IUSR_computername.

API

Application programming interface, a set of routines used by an application to direct the performance of procedures by a computer's operating system.

application filter

A firewall extension that registers for and processes events related to connection with another network. Application filters are typically designed to enhance the security provided by a firewall by excluding or modifying data that approaches the network.

application gateway

Computer software intended to maintain security on a secluded network yet allow certain traffic to go between the private network and the outside world. See also firewall.

ARCNet

Attached Resource Computer Network, a type of local area network.

array

A group of ISA server computers used to provide distributed caching, load balancing, and fault tolerance. Arrays allow client requests to be distributed among several ISA server computers, which increases response time for clients. Arrays allow a group of ISA server computers to be treated and managed as a single, logical entity. Array communications are peer-to-peer, not hierarchical, one-way communication between upstream and downstream ISA server computers.

array member

An ISA server computer that is part of an array.

array membership table

A list of ISA server computers within an array. Each ISA server computer manages its own table.

asynchronous input/output

Asynchronous input/output (asynchronous I/O) allows some I/O functions to return immediately, even though an I/O request is still pending. Asynchronous I/O enables an application to continue with other processing and wait for the I/O to be completed at a later time. Asynchronous I/O is also called overlapped I/O.

authentication

Validation of a user's logon information to determine permission to access a resource or perform an operation. See also anonymous logon, basic authentication, and Windows 2000 challenge/response authentication.

autodial

A component of ISA that enables users to automatically connect to remote networks, such as the Internet, during predetermined times.