3.0 Implementation Flashcards
network communication protocol that enables two computers to communicate (c.f http or hypertext transfer protocol, which is the protocol used to transfer hypertext such as web pages) and share data
And uses port 22
SSH Secure Shell
A set of specifications for securing electronic mail and a technology that allows you to encrypt your emails. based on asymmetric cryptography to protect your emails from unwanted access.
Now a successor for PEM
Secure/Multipurpose Internet Mail Extensions S/MIME
The protocol provides encryption, confidentiality, message authentication, and replay protection to your transmitted audio and video traffic
Uses UDP protocol
SRTP Secure Real Time Transport Protocol
is an open and cross platform protocol used for directory services authentication
uses port 389
Lightweight Directory Access Protocol
is an open and cross platform protocol used for directory services authentication however its over SSL
uses port 636
LDAP Secure
standard communication protocol used for the transfer of computer files from a server to a client on a computer
uses port 21 and 20
FTP File Transfer Protocol
standard communication protocol used for the transfer of computer files from a server to a client or client to server however its add on encryption
Uses port 990
FTPS Secure
a network protocol for securely accessing, transferring and managing large files and sensitive data and uses ssh
Uses port 22
SSH FTP
an application-layer protocol for monitoring and managing network devices on a local area network (LAN) or wide area network (WAN)
includes new security features that add support for authentication and encryption of messages as well as protecting packets during transit
Use port 161 and 162
simple network management protocol v3
What protocol uses port 80?
HTTP
What protocol uses port 443?
HTTPS
a group of networking protocols used for setting up secure encrypted connections, such as VPNs, across publicly shared networks
IPSec
protocol provides data origin authentication, data integrity, and replay protection. However, it does not provide data confidentiality, which means that all of your data is sent in the clear
Authentication Header
protocol provides data confidentiality, and also optionally provides data origin authentication, data integrity checking, and replay protection
ESP encapsulating security payload
IPsec mode sets up a secure connection
IP Tunnel
IPsec Mode only encrypts the data being sent without establishing a secure connection
IP Transport mode
commonly used message request protocol in the Internet world for transferring messages from an e-mail server to an e-mail client.
uses port 110
Post Office Protocol
a protocol where email clients to retrieve email messages from a mail server over a TCP/IP connection
uses port 143
Internet Message Access Protocol (IMAP)
a program designed to detect and remove viruses and other kinds of malicious software from your computer or laptop
Anti Virus
a type of software program created to protect information technology (IT) systems and individual computers from malicious software
anti malware
an endpoint security solution that continuously monitors end-user devices to detect and respond to cyber threats like ransomware and malware
endpoint detection and response
makes sure that users do not send sensitive or critical information outside the corporate network
data loss prevention
third generation of firewall technology, designed to address advanced security threats at the application level through intelligent, context-aware security features
next generation firewall NGFW
an approach to security that relies on third-party software tools to identify and prevent malicious activities. prevention systems are typically used to protect endpoint devices
Host IPS Intrusion Base Prevention System
help organizations to identify threats inside the network perimeter by monitoring host devices for malicious activity that, if left undetected, could lead to serious breaches
Host IDS Intrusion Detection System
protects your machine from rootkits and other malware. This type of Boot will check each start up component including the firmware all the way to the boot drivers and it will store this information into the TPM
Measured Boot
software integrity measurements are immediately committed to during boot, thus relaxing the traditional requirement for secure storage and reporting.
Boot Attestation
attribute is only sent to the server with an encrypted request over the HTTPS protocol
Secure Cookies
is a method of computer program debugging that is done by examining the code without executing the program
Static Code Analysis
analysis involves running code and examining the outcome, which also entails testing possible execution paths of the code
dynamic code analysis
an automated software testing method that injects invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities
Fuzzing
encrypt data as it is written to the disk
Self Encrypting Drives
protects the data on your device in the event it is lost or stolen.
Full Disk encryption
use full disk hardware encryption technology to secure data stored in them. By encrypting the entire drive, users do not have to worry about their data being accessed if the drive, laptop or mobile device gets stolen or lost
Opal FDE
the foundation on which all secure operations of a computing system depend. It contains the keys used for cryptographic functions and enables a secure boot process. It is inherently trusted, and therefore must be secure by design.
Hardware root of trust
cryptographic module that enhances computer security and privacy. Protecting data through encryption and decryption, protecting authentication credentials, and proving which software is running on a system are basic functionalities associated with computer security. Feature is.built into the motherboard
trusted platform module
a load balancer configuration that distributes their workloads across multiple active servers
Active Active Load Balancer
handles the full workload, while a backup server remains on standby, only activating in the event of a failure.
Active Passive Load Balancer
specify the manner in which a server load is shared across a server pool
Schedule Load Balancer
required to load balance clients requests and to reroute clients in case of failover
Virtual IP Load Balancer
boosts performance by configuring a backend server to work efficiently with user requests.
Persistence load balancer
the transfer of data packets from server to server within a data center
East-West Traffic
provides a secure network for an organization to share information with relevant people outside the organization
Extranet
private network contained within an enterprise that is used to securely share company information and computing resources. These can only be accessed by employees only
Intranet
a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of a digital interaction
Zero Trust
works as an automated service that establishes a connection between the client and the VPN with no user interactions whatsoever
Always on VPN
dividing your internet connection between two connections. The public network/open server and the private network. By doing so, enables you to leverage VPN to encrypt confidential data while still having direct access to the internet
spilt Tunnel VPN
using your VPN for all your traffic
Full Tunnel VPN
VPN connects remote users from any location to a corporate network
Remote VPN
VPN connects individual networks to each other
Site to Site VPN
communication protocol keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems
SSL Secure Socket Layer
communication protocol keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems. However the traffic is encrypted and its a successor of SSL
TSL Transport Socket Layer
a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs
encapsulating the frame inside a User Datagram Protocol (UDP) packet, which in turn is encapsulated inside an IP packet.
layer 2 tunneling protocol
performs security checking and authentication on the endpoint device directly, and provides information and assessment results to the NAC server for authentication
NAC Network Access Control Agent
are not installed on the clients and are often used to inspect employee-owned mobile devices.
NAC Network Access Control Agentless
a solution that provides a secure dedicated alternate access method into an IT network infrastructure to administer connected devices and IT assets without using the corporate LAN
out-of-band management
a feature of many managed switches in which the switch intentionally ceases to forward all broadcast traffic if the bandwidth consumed by incoming broadcast frames exceeds a designated threshold
Broadcast Storm Prevention
is a data message transmitted across a local area network to detect loops in network topologies. contains information regarding ports, switches, port priority and addresses.
Bridge Protocol Data Unit (BPDU)
preventing ports from moving into a forwarding state that would result in a loop opening up in the network
Loop prevention
feature ensures that DHCP clients obtain IP addresses only from authorized DHCP servers and this device records mappings between IP addresses and MAC addresses of DHCP clients, preventing DHCP attacks on the network
Dynamic Host Configuration Protocol (DHCP) snooping
is a system on a network used to access and manage devices in a separate security zone. This system is secure that you would log into and access another system
Jump server
server allows multiple clients to route traffic to an external network. For instance, a business may have a proxy that routes and filters employee traffic to the public Internet
Forward or proxy server
sits behind a firewall first and secondly it sits in front of web servers forwards public facing client (e.g. web browser) requests to those web servers
Reverse proxy server
detection system is designed to help organisations monitor their cloud, on-premise and hybrid environments for suspicious events that could indicate a compromise. This includes policy violations and port scanning, plus unknown source and destination traffic
network-based intrusion detection system NIDS
detection system is designed to help organizations monitor their cloud, on-premise and hybrid environments for suspicious events that could indicate a compromise. This includes policy violations and port scanning, plus unknown source and destination traffic
network-based intrusion detection system NIDS
s a network security tool that continuously monitors a network for malicious activity and takes action to prevent it
Network based intrusion prevention system NIPS
detection relies on a preprogramed list of known indicators of compromise (IOCs)
Signature Based
is a scanning method that looks for malware-like behavior patterns. It is commonly used to detect new or not-yet-known malware
heuristic behavior-detection solution
IDSes typically work by taking a baseline of the normal traffic and activity taking place on the network. They can measure the present state of traffic on the network against this baseline in order to detect patterns that are not present in the traffic normally
Anomaly
a type of monitoring that is having an IPS off to the side that is receiving information from a switch that is redirecting traffic from other devices on the network. This can be done with a port mirror in the Cisco world that’s called a switch port analyzer or span. Or maybe a physical network tap that’s redirecting that traffic.
Passive Monitoring
a type of monitoring that is having the IPS on the network evaluating all traffic that is being sent
Inline monitoring
External device that is tamper-resistant hardware devices that secure cryptographic processes by generating, protecting, and managing keys used for encrypting and decrypting data and creating digital signatures and certificates
Hardware Security Module
is a piece of code that uses a number of protocols to gather information about your network, such as topology details, configurations, and network statistics
Collector
is a device, or service provider, that can consolidate multiple disparate circuits or carrier services into an easy-to-use, easy-to-manage, single circuit.
Network Aggregators