2.0 Tools and Technologies Flashcards
A table or data file that specifies whether a user or group has access to a specific resource on a computer or network.
ACL
A combination of hardware and software filters placed between trusted and untrusted networks intended to protect a network from attack by hackers who could gain access through public networks, including the Internet.
Firewall
A condition that states that unless otherwise given, the permission will be denied.
Implicit deny
Firewall that filters packets based on the full context of a given network connection.
Stateful Firewall
Firewall that is designed to protect networks based on static information such as source and destination.
Stateless Firewall
Firewall that are designed to protect the public-facing servers providing specific applications
Application-based Firewall
Firewall that controls traffic going in and out of a network.
Network-based Firewall
A set of protocols that enable encryption, authentication, and integrity over IP. IPSec is commonly used with virtual private networks (VPNs) and operates at Layer 3.
IPSec
An IPSec header used to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replays.
Authentication Header (AH)
A technology used to securely connect to an organization’s internal network by tunneling unsecure protocols and data over a secure connection through an unsecure external network, such as the internet, to secure a device.
VPN (Virtual Private Network)
An IPSec header used to provide a mix of security services in IPv4 and IPv6. ESP can be used alone or in combination with the IP Authentication Header (AH).
ESP (Encapsulating Security Payload)
A system that is not only responsible for detecting network attacks based upon certain traffic characteristics, but also has the ability to prevent and stop attacks upon detection.
NIPS (Network Intrusion Prevention System)
A system that detects network attacks based upon certain traffic characteristics.
NIDS (Network Intrusion Detection System)
A system that uses signatures to scan for attacks or viruses and then alerts the administrator.
Signature-based System
A system that relies on an established pattern of behavior, typically through the establishment of a usage baseline, in order to detect unusual patterns, such as network attacks or misuse.
Heuristic/Behavioral Based System
A system that relies on an established pattern of behavior, typically through the establishment of a usage baseline, in order to detect unusual patterns, such as network attacks or misuse.
Anomoly/Behavioral Based System
A system that combines the best of both anomoly-based and signature-based systems.
Heuristic Based System
A flagged event that isn’t really an event and has been falsely triggered.
False Positive
An event that should be flagged but isn’t.
False Negative
A hardware device used to connect physically separate local area networks. These devices direct traffic based upon logical Internet protocol addresses, and also eliminate broadcast domains, since broadcasts cannot normally cross router connections to different networks.
Router
A method used on some routers to protect against spoofing attacks . A common implementation is to implement specific rules to block certain traffic.
Antispoofing
A network device that can replace a router or hub in a local network and get data from a source to a destination. Switching allows for higher speeds.
Switch
The “Data Link Layer” identifies devices on the physical layer.
MAC addresses and Bridges operate at the Data Link Layer
Layer 2
The “Network Layer” moves packets between computers on different networks.
Routers, IP, IPX operate at the “Network Layer”
Layer 3
A method of preventing switching loop or bridge loop problems.
STP and RSTP prevent switching loops.
Loop Prevention
A structuire of thwarting flood attacks.
On Switches, a flood guard thwarts MAC flood attacks.
On routers, a flood guard prevents SYN Flood Attacks.
Flood Guard
A type of system that prevents direct communication between a client and a host by acting as an intermediary.
Proxy
A device or software that recognizes application-specific commands and offers granular control over them.
Application Proxy
Dividing a load for greater efficiency of management among multiple devices.
Load Balancer
Scheduling method used with load balancers. It uses client IP addresses to ensure the client is redirected to the same server during a session.
Affinity
Scheduling method used with load balancers. It redirects each client request to servers in a predetermined order.
Round-Robin
The point at which access to a network is accomplished. This term is often used in relation to a wireless access point (WAP).
AP (Access Point)
The Service Set Identifier (SSID) is used by the access point of a wireless LAN to identify itself and is intended to be unique for a particular area/entity on a network.
SSID
Form if NAC to allow or block access based on the MAC address.
Its configured on switches for port security or on AP’s for wireless security.
MAC Filtering
Refers to the technologies and products used to integrate security information management and security event management information into a centralized interface, providing real-time event correlation and analysis.
SIEM (Security Information and Event Management)
A switch used to connect multiple switches together into a network. Switches connect to the aggregation switch and it connects to a router.
Aggregation Switch
A self replicating malware that travels through a network. They do not need user interaction to execute.
WORM
Software or techniques designed to detect attempts to exfiltrate data.
DLP (Data Loss Prevention)
Solutions specifically protect organizations that have adopted cloud storage by ensuring sensitive data does not make its way into the cloud without first being encrypted and is only sent to authorized cloud applications.
Cloud-Based DLP
The set of standards defined by the network for clients attempting to access it. Usually, NAC requires that clients be virus free and adhere to specified policies before allowing them on the network.
NAC (Network Access Control)
A NAC agent that runs on a client, but deletes itself later. It checks the client for healt.
Dissolvable Agent
A NAC that is installed on a client permanently. It checks for client health.
Permanent Agent
A process that scrambles, or ciphers, data to make it unreadable.
Usually includes a public algorithm and a private key.
Encryption
A network device used to connect multiple networks together. It can be used other than a router in some situations.
Bridge
A server that examines and processes all incoming and outgoing emails.
It typically includes a spam filter and DLP capabilities.
Mail Gateway
A software or hardware tool that has the capability to collect and analyze network traffic information.
Protocol Analyzer/Packet Analyzer
A tool that enumerates your network and provides a map of the network.
Network Scanner
A process used to discover devices on a network, including how they are connected.
Network Mapping
A network scanner that scans wireless frequency bands.
Wireless Scanner
Identifying specific vulnerabilities in your network.
Vulnerability Scanner
The practice of hiding data within data.
Steganography
A fake system designed to divert attackers from your real systems. It is often replete with logging and tracking to gather evidence.
Honeypot
A network that functions in the same manner as a honeypot.
Honeynet
A method used to gain information about a remote system. It identifies the operating system and other details on the remote system.
Banner Grabbing
Command line tool used to test connectivity with remote systems.
ping
A command line tool used to show network statistics on a system.
netstat
A command line tool used to trace the route between two systems.
tracert
A command line tool used to test DNS on Microsoft systems.
nslookup/dig
A command line tool used to show and manipulate the ARP Cache.
arp
A command line tool used on Windows Systems to show the configuration settings on a NIC.
ipconfig
A command line tool used on Linux systems to show and manipulate setting on a network interface card.
ifconfig
A command line protocol analyzer. Administrators use it to capture packets.
tcpdump
A command line tool used to scan networks. A type of network scanner.
nmap
A command line tool used to connect remote systems.
netcat
An intrusion detection system that is host based. An alternative is an intrusion detection system that is network based.
HIDS (Host-Based Intrusion Detection System)
An intrusion prevention system that is host based. An alternative is an intrusion prevention system that is network based.
HIPS (Host-Based Intrusion Prevention System)
Software that identifies the presence of a virus and is capable of removing or quarantining the virus.
Antivirus
The concept of implementing multipurpose security devices that perform a wide variety of functions, including firewall, proxy, VPN, and data loss prevention functions.
UTM (Unified Threat Management)
A communication system that allows devices to connect to a satellite for communications.
SATCOM (Satellite Communications)
A practice where mobile devices are configured to alert the administrator if they are removed from a particular area, such as the business campus.
Geofencing
The location of a device identifies by GPS. It can help locate a lost or stolen mobile device.
Geolocation
Mobile device environment in which employees are allowed to use their personally owned devices to access. store. and process data belonging to the organization.
BYOD (Bring Your Own Device)
A mobile device deployment model. The organization purchases and issues devices to employees.
COPE (Corporate Owned/Personally Enabled)
A mobile device deployment model. Employees can connect their personally owned device to the network as long as the device is on a pre-approved list.
CYOD (Choose Your Own Device)
Users access a server hosting virtual desktops and run the desktop operating system from the server.
VDI (Virtual Desktop Infrastructure)
A suite of security extensions proposed and and used by the U.S. government and other entities that allows for secure Domain Name System (DNS) queries and zone transfers.
DNSSEC (DNS Security Extenstions)
A secure remote connection/terminal emulation program that is not only a protocol but also a suite of secure utilities.
SSH (Secure Shell)
Secure version of the Multipurpose Internet Mail Extensions (MIME) protocol built into every e-mail client that enables users to make e-mail attachments.
S/MIME (Secure MIME)
A protocol used to encrypt and provide authentication for Real-time Transport Protocol (RTP) traffic. Used for audio/video streaming.
SRTP (Secure Real-time Transport Protocol)
A protocol that us used in distributed directory services networks such as Active Directory, to assist hosts in locating network resources.
LDAP (Lightweight Directory Access Protocol)
An application-level protocol used to transfer files from one host to another.
FTP (File Transfer Protocol)
An extension of Secure Shell (SSH) used to encrypt FTP traffic.
SFTP (Secure File Transfer Protocol)
A protocol used to monitor and manage network devices such as routers and switches.
SNMPv3 (Simple Network Management Protocol Version 3)
Used to encrypt data-in-transit with the use of certificates.
SSL/TLS (Secure Sockets Layer)
A protocol usedd to encrypt HTTP traffic.
HTTPS (Hypertext Transfer Protocol Secure)
One of two client-level e-mail protocols that receive e-mail from SMTP servers.
Secure POP/IMAP
