10) Network Security Flashcards
This firewall uses a state table to keep track of the connection state of a data packet and will only allow traffic to pass that is part of a new or already existing conneciton.
Stateful packet inspection
Large amounts of data traffic are inspected to detect signature-based or anomaly-based attacks.
Network IDS
Breaking up a network into subnets to boost performance and to allow or disallow certain data traffic flows.
Network segmentation
Determining whether to allow a data packet to move forward based on source or destination IP address, port number, or protocol.
Packet filtering
This device can provide security and performance features and can serve as a choke point.
Proxy server
A way to keep our network traffic content from being logged by our ISP is ___.
a) VPN
b) P2P
c) POP
d) Telnet
VPN
The toolset a corporation might use to centrally manage phones provided to its employees is ___.
a) Raspberry Pi
b) MDM
c) BYOD
d) Android
b) MDM
MDM is a solution that runs an agent on mobile devices to enforce certain configurations. What does MDM stand for?
Mobile Device Management
A tool used to test the security firewall.
Hping3
A tool used to detect unauthorized wireless access points.
Kismet
A versatile tool able to scan ports, search for hosts on the network, and other operations.
Nmap
This command-line packet sniffing tool runs on Linux and UNIX operating systems
Tcpdump
A graphical interface protocol analyzer capable of filtering, sorting, and analyzing both wired and wireless network traffic.
Wireshark
This method of security involves a well-configured and patched network, and incorporating elements such as network segmentation, choke points, and redundancy.
Security in network design
The act of dividing a network into multiple smaller networks, each acting as its own small network (subnet)
Network segmentation
Certain points in the network, such as routers, firewall, or proxies, where we can inspect, filter, and control network traffic.
Choke points
A method of security that involves designing a network to always have another route if something fails or loses connection.
Redundancy
A mechanism for maintaining control over the traffic that flows into and out of our networks.
Firewall
A firewall technology that inspects the contents of each packet in network traffic individually and makes a gross determination of whether the traffic should be allowed to pass.
Packet filtering
A firewall technology that functions on the same general principle as packet filtering firewalls, but is able to keep track of the traffic at a granular level. Has the ability to watch the traffic over a given connection.
Stateful packet inspection
A firewall technology that can analyze the actual content of the traffic that is flowing through.
Deep packet inspection
A specialized type of firewall that can serve as a choke point, log traffic for later inspection, and provide a layer of security for the devices behind it.
Proxy server
A combination of a network design feature and a protective device such as a firewall; often used for systems that need to be exposed to external networks but are connected to our network.
DMZ
DMZ is a combination of a network design feature and a protective device such as a firewall; often used for systems that need to be exposed to external networks but are connected to our network. What does DMZ stand for?
Demilitarized Zone
A system that monitors the network to which it is connected for unauthorized activity.
NIDS
An NIDS is a system that monitors the network to which it is connected for unauthorized activity. What does NIDS stand for?
Network intrusion detection system
An intrusion detection system that maintains a database of signatures that might signal a particular type of attack and compares incoming traffic to those signatures.
Signature-based IDS
An intrusion detection system that takes a baseline of normal traffic and activity and measures current traffic against this baseline to detect unusual events.
Anomaly-based IDS
A phrase that refers to an organization’s strategy and policies regarding the use of personal vs. corporate devices.
BYOD
BYOD is a phrase that refers to an organization’s strategy and policies regarding the use of personal vs. corporate devices. What does BYOD stand for?
Bring your own device
A solution that manages security elements for mobile devices in the workplace.
MDM
MDM is a solution that manages security elements for mobile devices in the workplace. What does MDM stand for?
Mobile device management
A well-known Linux tool used to detect wireless access points.
Kismet
A Windows tool used to detect wireless access points.
NetStumbler
A well-known port scanner that can also search for hosts on a network, identify the operating systems those hosts are running, and detect the versions of the services running on any open ports.
Nmap
Also known as a network or protocol analyzer, this type of tool can intercept traffic on a network.
Packet sniffer
A fully featured sniffer that is also a great tool for troubleshooting traffic; this well-known tool is used by many network operations and security teams.
Wireshark
A type of tool that deliberately displays vulnerabilities or attractive data so it can detect, monitor, and sometimes tamper with the activities of an attacker.
Honeypot
A tool that can map the network topology and help locate firewall vulnerabilities.
Hping3
A firewall that can watch packets and monitor the traffic from a given connection is using what kind of firewall technology?
Stateful packet inspection
A specialized type of firewall that provides security and performance features, functions as a choke point, allows for logging traffic for later inspection, and serves as a single source of requests for the devices behind it.
Proxy server
A popular, fully-featured sniffer capable of intercepting traffic from a wide variety of wired and wireless sources.
Wireshark
A sniffer that specialized in detecting wireless devices.
Kismet
A tool that deliberately displays vulnerabilities in an attempt to bait attackers.
A honeypot
