Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cybersecurity > 2.6 Network Security Technologies > Flashcards

2.6 Network Security Technologies Flashcards

1
Q

Firewall

A

A hardware and/or software platform that controls the flow of traffic between a trusted and untrusted network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Packet filtering firewalls

A
  • Port-based firewalls
  • Operate up to L4. Inspect packet headers, source and destination IP, protocol, and port number.
  • Match with firewall rules that designate whether the packet should be allowed, blocked, or dropped.
  • Inspect and handle each packet individually, with no info about context or session.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Stateful packet inspection (SPI) firewalls

A
  • Dynamic packet filtering firewalls
  • Operate up to L4 and maintain state info about the different communication sessions.
  • Inspect individual packet headers during session establishment only, to determine if the session should be allowed, blocked, or dropped based on the firewall rules.
  • Once a permitted connection is established, the firewall created and deletes rules for individual connection (tunnel) that allows traffic to flow between the two hosts w/o further inspection.
  • Very fast, but port-based and is highly dependent on the trustworthiness of the two hosts.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Application firewalls

A
  • Application-layer gateways, proxy-based, or reverse-proxy.
  • Operate up to L7 and control access to specific application and services
  • Proxy network traffic rather than permit direct communication between hosts.
  • Inspect Application layer traffic and thus can identify and block threats using hiding techniques.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Intrusion detection and prevention systems

A

IDS and IPS provide real-time monitoring of network traffic and perform deep-packet inspection (both header and payload) and analysis of network activity and data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Difference between IDS and IPS

A

IDS is considered to be a passive system, whereas IPS is an active system that also blocks or drops suspicious, pattern-matching activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Disadvantages of Intrusion Prevention System

A
  • Must be placed inline along a network boundary and is thus directly susceptible to attack itself.
  • May be used to deploy a DoS attack by flooding the IPS.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Knowledged-based IDS/IPS systems

A

Uses a database of known vulnerabilities and attack profiles to identify intrusion attempts. Lower false-alarm rates but must be continuously updated with new attack signatures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Behavior-based (or statistical anomaly-based) IDS/IPS systems

A

-Uses a baseline of normal network activity to identify unusual patterns or levels of network activity. More effective in detecting previously unknown vulnerabilities and attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Cybersecurity (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions