3.2 Flashcards

1
Q

IDS

A

intrustion detection
logs or alerts on malicious activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

IPS

A

logs alerts and takes an action to prevent the malicious activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

NIDS

A

network based IDS
Monitors the traffic coming in and out of a network
stand alone device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

HIDS

A

Looks at suspicious network traffic going to or from a single or endpoint
host based IDS
piece of software on a server or endpoint

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

WIDS

A

Detects attempts to cause a denial of a service on a wireless
network
Wireless IDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Signature-base IDS

A

Analyzes traffic based on defined signatures and can only
recognize attacks based on previously identified attacks in its database
cannot defend against zero day attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Pattern Matching Signature based IDS

A

specific pattern of steps
NIDS or WIDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Stateful Matching Signature based IDS

A

known system baseline and reports any changes to that state
HIDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Anomaly based IDS

A

Analyzes traffic and compares it to a normal baseline of traffic to
determine whether a threat is occurring
can result in higher rate of false positives
Statistical
■ Protocol
■ Traffic
■ Rule or Heuristic
■ Application-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Network Appliance

A

A dedicated hardware device with pre-installed software for specific networking
service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Load Balancers

A

Distribute network/application traffic across multiple servers
● Enhance server efficiency and prevent overload
● Ensure redundancy and reliability
● Perform continuous health checks
● Application Delivery Controllers (ADCs) offer advanced functionality
● Essential for high-demand environments and high-traffic websites

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Proxy Server

A

Act as intermediaries between clients and servers
-can store a copy of cached server info
● Provide content caching, requests filtering, and login management
● Enhance request speed and reduce bandwidth usage
● Add a security layer and enforce network utilization policies
● Protect against DDoS attacks
● Facilitate load balancing and user authentication
● Handle data encryption and ensure compliance with data sovereignty
laws

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Sensors

A

Monitor, detect, and analyze network traffic and data flow
● Identify unusual activities, security breaches, and performance issues
● Provide real-time insights for proactive network management
● Aid in performance monitoring and alerting
● Act as the first line of defense against cyber threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Jump Servers/Jump Box

A

Secure gateways for system administrators to access devices in different
security zones
● Control access and reduce the attack surface area
● Offer protection against downtime and data breaches
● Simplify logging and auditing
- very secure device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

ADC

A

advanced load balancer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Port Security

A

A network switch feature that restricts device access to specific ports based on
MAC addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Network switch

A

Networking devices that operate at Layer 2 of the OSI model
■ Use MAC addresses for traffic switching decisions through transparent bridging
■ Efficiently prevent collisions, operate in full duplex mode
■ Remember connected devices based on MAC addresses
■ Broadcast traffic only to intended receivers, increasing security
more secure then hubs because traffic only goes to intended receivers not everyone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

CAM table

A

a table on the switch that dtores mac addresses associated with switch ports
content addressable memory table
-can flood a switch with MAC addresses switch then starts acting like a hub

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Port Security implementation

A

Associate specific MAC addresses with interfaces
■ Prevent unauthorized devices from connecting
■ Can use Sticky MACs for easier setup (first connected laptop is admin and no other macs can connect)
■ Susceptible to MAC spoofing attacks
we can setup the network jack in the lobby of our office building to only accept information from specific mac addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

802/1x authentication

A

Provides port-based authentication for wired and wireless networks
■ Requires three roles
● Supplicant
● Authenticator
● Authentication server
■ Utilizes RADIUS or TACACS+ for actual authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

supplicant

A

device or user requesting access to your network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

authenticator

A

switch, wap etc

23
Q

authetication server

A

centralized authentication device either classified as a radius or tacas+ server

24
Q

RADIUS

A

cross platform

25
Q

TACACS+ c

A

cisco proprietary
supports all protocols

26
Q

EAP

A

extensible authentication protocol
a framework for various authentication methods
EAP-MD5
○ Uses simple passwords and the challenge handshake
authentication process to provide remote access authentication
○ One-way authentication process
○ Doesn’t provide mutual authentication
● EAP-TLS
○ Uses public key infrastructure with a digital certificate which is
installed on both the client and the server
○ Uses mutual authentication
● EAP-TTLS
○ REquires a digital certificate on the server, but not on the client
○ The client uses a password for authentication
● EAP-FAST
○ Uses protected access credential, instead of a certificate, to
establish mutual authentication
● PEAP
○ Supports mutual authentication using server certificates and
EAP-LEAP
○ Cisco proprietary and limited to Cisco devices

27
Q

SD-WAN

A

software defined wide area network
a virtualized approach to managing and optimizing wide area network connections
Traditional WANs
○ Cannot efficiently integrate cloud services
● SD-WAN
○ Enables dynamic and efficient routing, improving visibility,
performance, and manageability
Ideal for enterprises with multiple branch offices moving towards
cloud-based services`

28
Q

SASE

A

(Secure Access Service Edge
A network architecture combining network security and WAN capabilities in a
single cloud-based service
-Utilizes software-defined networking (SDN) for security and networking
services from the cloud
Components
● Firewalls
● VPNs
● Zero-trust network access
● Cloud Access Security Brokers (CASBs)

29
Q

CASB

A
30
Q

VPN

A

virtual private network
extend private networks across public networks. Allow remote users to securely connect to an orgs network
its a tunnel across untrusted publicinternet

site to site
client to site
clientless

31
Q

site to site VPN

A

connects two SITES or OFFICES not just a single laptop cost effectively
slower but more secure
office in DC to california you could buy a fiber line for a direct connection 3k miles even low speed its very expensive you can instead use site to site vpn
its a tunnel from office to office

32
Q

client to site

A

connects a single host(laptop) to the central office
ideal for remote user access to the central network
options for ful tunnel or split tunnel configuraitons

33
Q

clientless

A

uses a web browser to establish a secure remote access vpn
uses https

34
Q

Full tunnel vpn

A

can be used with site to site or client to site
encrypts and routes all network connects back to central location
provides high security
you cant access a wireless printer in your home office because its not connected to the corporate network

35
Q

split tunnel vpn

A

can be used with site to site or client to site
divides traffic routing some through the vpn some directly through the internet
enhances performance
less secure

36
Q

TLS

A

transport layer security
provides encryption and security for data in transit
HTTPS
layers 5 6 and 7
encrypts your password and username when logging into udemy so its not in plaintext being passed over internet

37
Q

TCP

A

use transmission control protocol for secure connections between a client and a server
more overhead then udp

38
Q

DTLS

A

datagram transport layer security
a faster user datagram protocol based UDP based alternative of tls
ensures end user security and protects against eavesdropping in clientless VPN connections
faster then TLS

39
Q

IPSec

A

internet protocol security
A secure protocol suite for IP communication
■ Provides confidentiality, integrity, authentication, and anti-replay protection
■ Used for both site-to-site and client-to-site VPNs

most often used instead of a clientless tls vpn tunnel

40
Q

IPSec tunneling modes - transport

A

uses original IP header
client to site vpns
MTU maximum transmission unit size

41
Q

IPSec tunneling modes - tunneling mode

A

Adds a new header to encapsulate the entire packet
○ Ideal for site-to-site VPNs
○ May increase packet size and require jumbo frames
○ Provides confidentiality for both payload and header

42
Q

AH

A

authentication header
Offers connectionless data integrity and data origin authentication for IP
datagrams using cryptographic hashes as identification information

43
Q

ESP

A

Encapsulating Security Payload (
Provides confidentiality, integrity, and encryption
● Provides replay protection
● Encrypts the packet’s payload

44
Q

Security Zones

A

isolate devices with similar security requirements

45
Q

screened subnets

A

act as buffer zones between internal and external network
hosts public facing services protecting core internal networks
DMZ

46
Q

Attack Surface

A

Refers to points where unauthorized access or data extraction can occur
■ A larger attack surface increases the risk of vulnerabilities
■ Identify and mitigate vulnerabilities to reduce the attack surface
■ Regularly assess and minimize the attack surface for network security

47
Q

Fail open

A

Allows traffic to pass during a failure, maintaining connectivity but
reducing security

48
Q

Fail closed

A

Blocks all traffic during a failure, prioritizing security over connectivit

49
Q

Defense in Depth

A

Utilize multiple layers of security to ensure robust protection even if one control fails

50
Q

Risk based approach

A

Prioritize controls based on potential risks and vulnerabilities specific to
the infrastructure

51
Q

Lifecycle management

A

Regularly review, update, and retire controls to adapt to the evolving threat landscape

52
Q

Open Design Principle

A

Ensure transparency and accountability through rigorous testing and
scrutiny of controls

53
Q

Benchmarking

A

Compare your organization’s processes and security metrics with industry
best practices

54
Q

best practices security infrastructure

A

Align with Frameworks
● Utilize established frameworks (e.g., NIST, ISO) to ensure comprehensive
and tested methodologies
■ Customize Frameworks
● Tailor framework controls to your organization’s unique risk profile and
business operations
■ Stakeholder Engagement and Training
● Engage all relevant stakeholders in the decision-making process, and
conduct regular training to keep the workforce updated on security
controls and threats