Question | Answer |
iso | international organization |
iso | released a set of specifications that was intended to describe how dissimiliar computers could be connected together over the network |
osi reference model | illustartes how a network device prepares data for delivery over the network and how it is handled once it is received |
hub | standard network device that connects multiple ethernet devices together using cables to make them function as a single network segment |
switch | device that connects network segments |
switch | can learn which device is connected to its ports and forward framws intended for a specific device |
port mirroring | used on a network switch to send a copy of network packets seen on one switch port (or an entire VLAN) to a network |
network tap | separate device that can be installed between two network devices to monitoe traffic |
network tap | hardware device which provides a way to access the data flowing across a computer network. In many cases, it is desirable for a third party to monitor the traffic between two points in the network |
router | network device that can forward packets across computer networks |
load balancing | technology that can help evenly distribute work across a network |
host based software firewall | runs as a program on a local system to filter traffic |
hardware based network firewall | designed to inspect packets and either accept or deny entry |
block | prevent the packet from passing over the network by dropping it |
prompt | ask what action to take |
rule based firewall | used a set of individual instructions to control the actions |
settings based firewall | allows the administrator to create sets of related parameters that together define one aspect of the devices operation |
stateful packet filtering | keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions |
web application firewall | looks more deeply into packets that carry http traffic based on applications that function at the application layer layer seven |
proxy | person who is authorized to act as the substitute or agent on behalf of another person |
stateless packet filtering | looks at the incoming packet and permits or denies it based on the conditions that have been set by the administrator |
proxy server | computer or application program that intercepts a user request from the internal secure network and then processes that request on behalf of the user |
temporary storage area | cache |
proxy server advantages | increased speed |
proxy server advantages | reduced costs |
proxy server advantages | improved management |
proxy server advantages | stronger security |
reverse proxy | routes incoming requests to the correct servers |
tcp/ip email protocols | smtp |
tcp/ip email protocols | pop |
one method for filtering spam | install its own corporate spam filter |
install its own corporate spam filter | install the spam filter with the smtp server |
install its own corporate spam filter | install the spam filter on the pop3 server |
virtual private network | a technology to use an unsecured public network like a secured private network |
vpn concentrator | a device that aggregates hundreds or thousands of vpn connections |
internet content filter | monitors traffic and block access to web sites and files |
aspects of building a secure network | network devices |
aspects of building a secure network | network technologies |
aspects of building a secure network | design of the network itself |
osi model | network devices classified based on function |
internet content filter features | malware filtering |
internet content filter features | url and content filtering |
internet content filter features | prohibit file downloads |
internet content filter features | profiles |
internet content filter features | detailed reporting |
intrusion detection system | device designed to be active security,can detect an attack as it occurs |
monitoring methodologies | anomaly based monitoring |
monitoring methodologies | signature based monitoring |
monitoring methodologies | behavior based monitoring |
monitoring methodologies | heuristic monitoring |
anomaly based monitoring | designed for detecting statistical anomalies |
signature based monitoring | method for auditing usage is to examine network traffic,activity,transactions or behavior and look for well known patterns |
signature based monitoring | compares activities against a predefined signature |
behavior based monitoring | continuously analyzes the behavior of processes and programs on a system and alerts the user if it detects any abnormal actions |
hubs | works at layer one of the osi model |
hubs | not read data passed thru them |
switches | use mac addess to identify devices |
switches | operates at layer two |
heuristic monitoring | used by an ids that uses an algorithim to determine if a threat exists |
ids | intrusion detection system |
host intrusion detection system | software based application that runs on a local host computer that can detect an attack as it occurs |
host intrusion detection systems monitor | system calls |
host intrusion detection systems monitor | file system access |
host intrusion detection systems monitor | system registry settings |
host intrusion detection systems monitor | host input/output |
system call | instruction that interrupts the program being executed and requests a service from the operating system |
windows registry | maintains configuration information about programs and the computer |
hids disadvantages | cant monitor network traffic that doesnt reach local system |
hids disadvantages | all log data is stored locally |
hids disadvantages | resource intensive and slows down the system |
network intrusion detection system techniques | protocol stack verification |
network intrusion detection system techniques | application protocol verification |
network intrusion detection system techniques | create extended logs |
passivs nids | sounds an alarm and logs the event |
active nids | sound an alarm and take action |
network intrusion prevention system | active nids |
load balance security advantages | can stop attacks directed at a server or application |
load balance security advantages | can detect and prevent denial of service attacks |
load balance security advantages | hide http error pages |
load balance security advantages | remove server identification headers from http responses |
multipurpose security appliances provide an array of security functions | anti spam and anti phishing |
multipurpose security appliances provide an array of security functions | content filtering |
multipurpose security appliances provide an array of security functions | encryption |
multipurpose security appliances provide an array of security functions | firewall |
multipurpose security appliances provide an array of security functions | intrusion protection |
network address translation | allows private ip addresses to be used on the public internet |
private ip address | ip addresses that are not assigned to any specific user or organization |
port address translation | each packet is given the same ip address but a different tcp port number |
nat advantage | masks the ip addresses of in ternal device |
nat advantage | allows multiple devices to share a smaller number of public ip addresses |
rule based firewall settings | static in nature set of individual instructions to control actions |
network access control | examines the current state of a system or network device before it is allowed to connect to the network |
nac method for directing the client to a quarantine network and then later to the production network | dynamic host configuration protocol server |
nac method for directing the client to a quarantine network and then later to the production network | address resolution protocol poisoning |
elements of a secure network design | creating demilitarized zones |
web application firewall | block specific sites or specific known attacks |
web application firewall | can block xss and sql injection attacks |
elements of a secure network design | subnetting |
elements of a secure network design | using virtual lans |
elements of a secure network design | remote access |
ip addresses are two addresses | network address |
ip addresses are two addresses | host address |
subnetting advantages | flexibility |
subnetting advantages | decreased network traffic |
subnetting advantages | improved troubleshooting |
subnetting advantages | reflection of physical network |
subnetting advantages | minimal impact on external routers |
subnetting advantages | hide the internal network layout |
core switches | reside at the top of the hierarchy and carry traffic between switches |
proxy servers | intercepts and process requests |
vlan | allows scattered users to be logically grouped together even though they may be attached to different switches |
vlan | reduce network traffic |
workgroup switches | connected directly to the devices on the network |
subnets | subdivisions of ip address classes and allow a single class a,b,c network to be used instead of multiple networks |
remote access | refers to any combination of hardware and software that enables remote users to access a local internal network |
nids | technology that monitors network traffic to immediately react to block a malicious attack |
mx record | mail exchange record |
mx record | entry in the domain name system that identifies the mail server responsible for handling that domain name |
tunneling protocols | a packet is encrypted and enclosed within another packet |
endpoint | the end of the tunnel between vpn devices |
hardware based vpns | generally used for connecting two local area networks thru the vpn tunnel |
hardware based vpns | more secure,better performance,offer more flexibility |
signature based monitoring | looks for well known attaack signature patterns |
behavior based monitoring | alert user who decides whether to allow or block activity |
basic types of intrusion detection system | hids |
basic types of intrusion detection system | nids |
demilitarized zone | functions as a seperate network that rests outside the secure network parameter |
demilitarized zone | untrusted outside users can access the dmz but cannot enter the secure network |