Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Security Systems
Chapter 6 vocab
| Question | Answer |
|---|---|
| Firewall | is a device that selectively discriminates against information flowing into or out of the organization. It is also a wall that limits the spread of damage should a fire break out in an office. |
| Untrusted network | -is a network outside an organization's firewall, such as the Internet. |
| Trusted network | is a network inside an organization's firewall. |
| Packet filtering firewall | is a networking device that filter data packets based on their headers as they travel in and out of an organization's network. |
| Address restrictions | are rules designed to prohibit data packets with certain addresses or partial addresses from passing through devices. |
| Dynamic packet filtering firewall | is a firewall that allows only particular packets with a particular source, destination, and port address to enter through the firewall. |
| Stateful inspection firewall | are devices that track network connections that are established between internal and external systems. |
| State table | is a feature of stateful inspection firewalls that tracks the state and context of each packet in the conversation by recording which station sent what packet and when. |
| Application-level firewall | (also known as an application firewall and an application gateway) is a dedicated computer, separate from the filtering router, but is commonly used in conjunction with a filtering router. |
| Proxy server | (also known as a proxy firewall) is a server that is configured to look like a Web server and performs actions on behalf of that server to protect it from hacking. |
| Circuit gateway firewall | prevent directions between one network and another by creating tunnels connecting specific processes or systems on each side of the firewall, and then allowing only authorized traffic, such as a specific type of TCP connection for only authorized users |
| MAC layer firewalls | are designed to operate at the media access control sub-layer of the data link layer of the OSI model. |
| Hybrid firewalls | combine the elements of other types of firewalls---that is, the elements of packet filtering and proxy services, or of packet filtering and circuit gateway. |
| First generation firewalls | are static packet filtering firewalls--that is, simple networking devices that filter packets according to their headers as the packets travel to and from the organization's networks |
| Second generation firewalls | are application-level firewalls or proxy severs--that is, dedicated systems that are separate from the filtering router and that provide intermediate services for requestors. |
| Third generation firewalls | -are stateful inspection firewalls, which, as described previously, monitor network connections between internal and external systems using state tables. |
| Fourth generation firewalls | -which are also known as dynamic packet filtering firewalls, allow only a particular packet with a particular source, destination, and port address to enter. |
| Fifth generation firewalls | -are the kernel proxy, a specialized form that works under Windows NT Executive, which is the kernel of Windows NT. This type of firewall evaluates packets at multiple layers of the protocol stack, by checking security in the kernel as data is passed up |
| Firewall appliances | are stand-alone, self-contained combinations of computing hardware and software. |
| Commercial-grade firewall system | -consists of application software that is configured for the firewall application and run on a general-purpose computer |
| SOHO- | small office/home office appliances |
| Residential-grade firewall software | -is another method of protecting the residential user, is to install a software firewall directly on the user's system. |
| Screened host firewalls- | combine the packet filtering router with a separate, dedicated firewall, such as an application proxy server. |
| Bastion host- | is a dedicated server that receives screened network traffic. Usually prepared with extra attention to detail and hardened for use in an unsecured or limited security zone. (Also known as a sacrificial host) |
| Dual-homed firewalls | -the bastion host contains two NICs rather than one |
| Screened subnet firewalls | -is the dominant architecture used today, the architecture of a screened subnet firewall provides a DMZ |
| DMZ- | can be a dedicated port on the firewall device linking a single bastion host, or it can be connected to a screened subnet |
| Screened subnet | -is an entire network segment that performs two functions: it protects the DMZ systems and information from outside threats by providing a network of intermediate security; and it protects the internal networks by limiting how external connections can gai |
| Extranet- | is a segment of the DMZ, where additional authentication and authorization controls are put into place to provide services that are not available to the general public. |
| SOCKS- | is the protocol for handling TCP traffic via a proxy server. |
| Port 7 | Echo |
| Port 20 | File transfer (Default) |
| Port 21 | File transfer (control) |
| Port 23 | Telnet |
| Port 25 | SMTP (simple mail transfer protocol |
| Port 53 | DNS |
| Port 80 | HTTP |
| Port 110 | POP3 (Post office protocol version 3) |
| Port 161 | SNMP (simple network management protocol |
| Content filters | -is a software device that allows administrators to work within a network to restrict accessibility to information |
| Reverse firewalls | primary purpose is to restrict internal access to external material |
| War dialer | is an automatic phone-dialing program that dials every number in a configured range, and checks to see if a person, answering machine, or modem picks up. |
| RADIUS (Remote Authentication Dial-In User Service) | system centralizes the management of user authentication by placing the responsibility for authenticating each user in the central RADIUS server. |
| Terminal Access Controller Access Control System (TACACS) | is another remote access authorization system that is based on a client/server configuration. Like RADIUS, it contains a centralized database, and it validates the user's credentials at this TACACS server. |
| Kerberos | named after the three-headed dog of Greek methodology, uses symmetric key encryption to validate an individual user to various network resources. |
| Secure European System for Applications in a Multivendor Environment (SESAME) | is similar to Kerberos in that the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a privilege attribute certificate (PAC). |
| Virtual Private Network (VPN) | is a private and secure network connection between systems that uses the data communication capability of an unsecured and public network. |
| Trusted VPN- | also known as a legacy VPN, uses leased circuits from a service provider and conducts packet switching over these leased circuits. |
| Secure VPNs- | use security protocols and encrypt traffic transmitted across unsecure public networks like the Internet. |
| Hybrid VPN | combines the two, providing encrypted transmissions (as in secure VPN) over some or all of a trusted VPN network. |
| Transport mode | the data within an IP packet is encrypted, but the header information is not. |
| Tunnel mode | the organization establishes two perimeter tunnel servers that encrypt all traffic that will traverse an unsecured network. The entire client packet is encrypted and added as the data portion of a packet addressed from one tunneling server and to another |
Created by:
chels2407
Popular Computers sets