3.2 Flashcards
IDS
intrustion detection
logs or alerts on malicious activities
IPS
logs alerts and takes an action to prevent the malicious activity
NIDS
network based IDS
Monitors the traffic coming in and out of a network
stand alone device
HIDS
Looks at suspicious network traffic going to or from a single or endpoint
host based IDS
piece of software on a server or endpoint
WIDS
Detects attempts to cause a denial of a service on a wireless
network
Wireless IDS
Signature-base IDS
Analyzes traffic based on defined signatures and can only
recognize attacks based on previously identified attacks in its database
cannot defend against zero day attacks
Pattern Matching Signature based IDS
specific pattern of steps
NIDS or WIDS
Stateful Matching Signature based IDS
known system baseline and reports any changes to that state
HIDS
Anomaly based IDS
Analyzes traffic and compares it to a normal baseline of traffic to
determine whether a threat is occurring
can result in higher rate of false positives
Statistical
■ Protocol
■ Traffic
■ Rule or Heuristic
■ Application-based
Network Appliance
A dedicated hardware device with pre-installed software for specific networking
service
Load Balancers
Distribute network/application traffic across multiple servers
● Enhance server efficiency and prevent overload
● Ensure redundancy and reliability
● Perform continuous health checks
● Application Delivery Controllers (ADCs) offer advanced functionality
● Essential for high-demand environments and high-traffic websites
Proxy Server
Act as intermediaries between clients and servers
-can store a copy of cached server info
● Provide content caching, requests filtering, and login management
● Enhance request speed and reduce bandwidth usage
● Add a security layer and enforce network utilization policies
● Protect against DDoS attacks
● Facilitate load balancing and user authentication
● Handle data encryption and ensure compliance with data sovereignty
laws
Sensors
Monitor, detect, and analyze network traffic and data flow
● Identify unusual activities, security breaches, and performance issues
● Provide real-time insights for proactive network management
● Aid in performance monitoring and alerting
● Act as the first line of defense against cyber threat
Jump Servers/Jump Box
Secure gateways for system administrators to access devices in different
security zones
● Control access and reduce the attack surface area
● Offer protection against downtime and data breaches
● Simplify logging and auditing
- very secure device
ADC
advanced load balancer
Port Security
A network switch feature that restricts device access to specific ports based on
MAC addresses
Network switch
Networking devices that operate at Layer 2 of the OSI model
■ Use MAC addresses for traffic switching decisions through transparent bridging
■ Efficiently prevent collisions, operate in full duplex mode
■ Remember connected devices based on MAC addresses
■ Broadcast traffic only to intended receivers, increasing security
more secure then hubs because traffic only goes to intended receivers not everyone
CAM table
a table on the switch that dtores mac addresses associated with switch ports
content addressable memory table
-can flood a switch with MAC addresses switch then starts acting like a hub
Port Security implementation
Associate specific MAC addresses with interfaces
■ Prevent unauthorized devices from connecting
■ Can use Sticky MACs for easier setup (first connected laptop is admin and no other macs can connect)
■ Susceptible to MAC spoofing attacks
we can setup the network jack in the lobby of our office building to only accept information from specific mac addresses
802/1x authentication
Provides port-based authentication for wired and wireless networks
■ Requires three roles
● Supplicant
● Authenticator
● Authentication server
■ Utilizes RADIUS or TACACS+ for actual authentication
supplicant
device or user requesting access to your network