3.2 Flashcards
Failure modes
Determines how a device or system behaves when it encounters a failure or malfunction, making them a valuable component of various engineering and safety systems 
Fail-closed
The security system defaults to a closed door block state when it encounters a problem or malfunction and it is one of two options.
Ensures that even during system failures, the network remains secure 
Fail-open
A security system defaults to an open state when it encounters an issue or failure.
This creates a significant security vulnerability as they permit unrestricted access 
two types of attack surface categories
digital and physical
Attack surface
consists of all possible attack
vectors that a threat actor can use to access a system and extract data
* It represents the targets of the cyber kill chain
* The smaller the attack surface, the easier it is to counter with various controls
intrusion prevention system (IPS)
a
network security hardware or software solution
that continuously monitors a zone for malicious activity
* It then proactively takes action to prevent it in the line of traffic
intrusion detection system (IDS)
which reactively detects malicious
activity
IPS actions
- Alerts and alarms
- Verbose dumps
- Transmission Control Protocol (TCP) resets
- Drop packets or addresses
- Blocking (shun) on firewalls and routers
- Simple Network Management Protocol (SNMP)
traps - Logging to Syslog and security information and
event management (SIEM) systems - Flows to NetFlow collectors
Zoning
a logical design approach used to mitigate the risk of an open network by segmenting
infrastructure services
Each zone has fundamental characteristics, defined
by the security policy:
- Every zone contains one or more separate, routable
networks - Every separate, routable network is contained within a single zone
- Every zone connects to another zone via a perimeter that contains zone interface points (ZIPs)
- The only zone that may connect to the public zone is the public access zone (PAZ), or DMZ
802.1X Port-Based network access control (PNAC)
involves making sure something interfacing with
the system is what it claims to be
When someone wants to gain access to an Ethernet
or 802.11 wireless network, it verifies the entity
connecting is who they say they are in flexible ways
802.1X Port-Based network access control (PNAC) capabilities
-Pre-admission control to block
unauthenticated messages
-Conduct both authentication and
authorization
-Onboarding and provisioning devices in a Zero Trust environment
-Supporting attribute-based access control (ABAC)
- identify users and devices with predefined credentials or machine ID’s
Extensible Authentication Protocol (EAP)
an authentication framework as opposed to a specific authentication mechanism
It has evolved over the years from the original Point-to-Point Protocol (PPP)
* It is often used in 802.1X wireless networks and point-to-point connections
* It offers some basic functions and negotiation of authentication methods called EAP methods
next-gen firewalls
a metaphor representing software
and/or hardware controls that can limit the damage spreading from one subnet, virtual local area
network (VLAN), zone, or domain to another
- It is typically deployed as a barrier (zone interface
point) between an internal (trusted) network and an
external (untrusted) network - They are integrated systems of threat defense
functioning at layers 2-7 and can be categorized as
network or application firewalls
unified threat management (UTM)
can provide malware inspection, DLP, content filtering, and URL filtering
It can protect email, webmail, fax, voice, conferencing, streaming, peer-to-peer file transfer
services, and more
