Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security+ > 3.2 Given a scenario, apply security principles to secure enterprise infrastructure > Flashcards

3.2 Given a scenario, apply security principles to secure enterprise infrastructure Flashcards

1
Q

Firewalls

A

Host-based firewalls provide protection for individual hosts, such as servers or workstations. Network-based firewalls run on dedicated hardware and provide protection for an entire network. You should use host-based firewalls and network-firewalls together to achieve a defense-in-depth approach to network security.

A stateless firewall blocks traffic using only an ACL, and a stateful firewalls use ACLs as well but also consider the state of the packet within a session. Web application firewalls provide strong protection for web servers. They protect against several different types of attacks, focusing on web application attacks.

    • Screened Subnet (Dual-homed Host) or DMZ: Security barrier between trusted and untrusted networks using a packet-filtering firewall.
  • Types of Firewalls:
    • Packet Filtering: Inspects packet headers (Layer 4).
    • Stateful: Tracks connections and allows return traffic (Layer 4).
    • Proxy: Acts as an intermediary, making connections on behalf of devices (Layers 5 and 7).
    • Kernel Proxy: Full packet inspection with minimal performance impact.
  • Firewall Evolutions:
    • Layer 4 Firewall: Filters based on ports and protocols, w/o inspecting packet content.
    • Layer 7 Firewall (Application Proxy): Inspects content, data, and application characteristics.
      • Next Generation Firewall (NGFW): Integrates advanced threat detection and deep packet inspection. It is application-aware and works with other security tools.
      • Web Application Firewall (WAF): Inspects HTTP(-S) traffic to block attacks (e.g., XSS, SQL injection).
    • Unified Threat Management (UTM): Combines various security tools into one solution (e.g., antivirus, firewall), though it can create a single point of failure.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

IDS and IPS

A

An IPS is in-line with traffic, detecting, reacting to, and preventing attacks. An IDS, operating out-of-band, passively collects data to monitor and respond to attacks.

  • Intrusion Detection Systems (IDS):
    • Network-based IDS (NIDS): Monitors traffic coming in and out of a network.
    • Host-based IDS (HIDS): Monitors suspicious traffic on a single endpoint.
    • Wireless IDS (WIDS): Detects denial-of-service attacks on wireless networks.
  • Detection Methods:
    • Signature-based IDS: Matches known attack patterns.
      • Pattern-matching: Detects specific steps (used by NIDS, WIDS).
      • Stateful-matching: Compares to known baselines (used by HIDS).
    • Anomaly-based / behavioral-based IDS: Detects deviations from normal traffic.
  • Types of Anomaly-based Detection Systems:
    • Statistical
    • Protocol
    • Traffic
    • Rule or Heuristic
    • Application-based
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Network Appliances

A

Dedicated hardware with software for specific networking services.

Load Balancers

  • Purpose: Distribute network traffic to prevent overload.
  • Key Function: Ensures reliability and continuous operations via health checks.
  • Usage: Works with ADCs to enhance traffic management.

Proxy Servers

  • Purpose: Act as a gatekeeper between users and servers.
  • Key Function: Provides caching, filtering, and shields from DDoS attacks.
  • Usage: Ensures encryption and compliance with data regulations.

Sensors:

  • Purpose: Monitor real-time traffic for unusual behavior.
  • Key Function: Provides alerts and insights into network activity.
  • Usage: Acts as the first line of defense against potential threats.

Jump Servers/Jump Box:

  • Purpose: Provide secure access to critical systems in different zones.
  • Key Function: Controls access, prevents downtime, and supports logging.
  • Usage: Hosts monitoring tools and supports incident response.
  • Details: is placed between different security zones and provides secure access from devices in one zone to devices in the other zone. It can provide secure access to devices in a screened subnet from an internal network.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Port Security

A

Restricts access to specific ports based on the MAC.

  • Network Switches: Operate at Layer 2 using MAC addresses to direct traffic and prevent collisions.
  • CAM Table (Content Addressable Memory):
    • Stores MAC addresses linked to switch ports.
    • Vulnerable to MAC flooding attacks, causing switches to fail open.
  • Port Security Implementation:
    • Bind MAC addresses to interfaces; use Sticky MACs for setup.
    • Susceptible to MAC spoofing attacks.
  • 802.1X Authentication: Port-based authentication on LAYER 2. Requires:
    • Supplicant - Device requesting access.
    • Authenticator - Switch or wireless access point.
    • Authentication Server Validates credentials (RADIUS or TACACS+).
  • RADIUS vs. TACACS+ (Auth and Auth Methods): see a separate card
  • EAP (Extensible Authentication Protocol): Framework with various authentication methods:
    • EAP-MD5: Uses passwords; simple, but vulnerable.
    • EAP-TLS: Requires mutual certificate authentication on both sides.
    • EAP-TTLS: Server certificates only; client uses passwords.
    • EAP-FAST: Uses protected credentials without certificates.
    • PEAP: Server certificates with Active Directory support.
    • EAP-LEAP: Cisco proprietary method.
  • Network Security Integration: Combines Port Security, 802.1X, and EAP for greater control and protection.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Securing Network Communications

A

VPNs (Virtual Private Networks): Extend private networks over public ones, providing secure remote access.

  • Site-to-Site VPN: Connects two networks directly (replaces leased lines). These can be on-demand VPNs or always- on VPNs.
  • Client-to-Site VPN: Connects users (e.g., laptops) to a central network.
    • Options: Full Tunnel (high security, routes all traffic) or Split Tunnel (better performance but less secure).
  • Clientless VPN: Browser-based access using HTTPS/TLS; no software needed.
  • TLS (Transport Layer Security)
    • Encrypts web traffic (HTTPS), ensuring data confidentiality and integrity.
    • Uses TCP for secure data transfer.
    • DTLS: Faster version of TLS using UDP; used for clientless VPNs with reduced security.
  • IPSec (Internet Protocol Security)
    • Protocol suite that secures IP communication by encrypting each IP packet. Modes:
    • Tunneling Mode: encrypts the entire IP packet, including both the payload and the packet headers
    • Transport Mode: only encrypts the payload and is commonly used in private networks, but not with VPNs. (used for client-to-site VPNs).
    • IPsec provides security in two ways:
      • AH (Authentication Header): Verifies data integrity and authentication.
      • ESP (Encapsulating Security Payload): Offers encryption and protection from replay attacks.

Key Steps:

  • IKE (Internet Key Exchange) Phase 1: Creates secure connections and associations.
  • IKE Phase 2: Builds an inner encrypted tunnel.
  • Data Transfer: Ensures secure exchange within the tunnel.
  • Tunnel Termination: Closes sessions and clears associations.

Considerations:

  • Use proper MTU settings to avoid packet fragmentation.
  • L2TP: A tunneling protocol used for VPNs. Current version: L2TPv3. No encryption provided by L2TP itself.
  • Other protocols used with VPNs include TLS, L2TP, and HTML5.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

SDN, SD-WAN and SASE

A
  • Software-Defined Network (SDN):
    • Uses virtualization to route traffic, replacing hardware routers/switches.
    • Simplifies network management with dynamic configuration, centralized control, and better performance.
    • SDN Architecture: Data Plane, Control Plane, Application Plane - see a separate card
  • SD-WAN (Software-Defined WAN):
    • When SDNs work on wide-area networks to connect different sites together, they are known as SD-WAN.
    • Purpose: Routes traffic for remote sites, data centers, and cloud.
    • Benefits: Enhances agility, security, and efficiency for distributed teams.
    • Supports multiple transport services like MPLS, cellular, and broadband.
    • Traditional WAN vs. SD-WAN:
      • Traditional WAN: Limited with cloud integration.
      • SD-WAN: Dynamic routing improves performance and visibility.
    • Use Case: Ideal for organizations using IaaS, PaaS, SaaS.
  • SASE (Secure Access Service Edge): - next gen VPN
    • Purpose: Integrates network security and WAN in cloud-based services.
    • Key Technology: Uses SDN for cloud networking and security.
    • Components: Includes firewalls, VPNs, zero-trust access, CASBs.
    • Policy and Management: Managed via centralized platforms.
    • Cloud Providers: Examples include AWS VPC, Azure Virtual WAN, Google Cloud VPN.
    • Alignment with SASE: Enables secure, flexible, and global networking.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Infrastructure Considerations

A
  • Security Zones and Screened Subnets:
    • Security Zones: Isolate devices with similar security needs.
    • Screened Subnets (DMZ): Buffer between internal and external networks, hosting public services to protect core networks.
  • Device Attributes:
    • Active Devices (e.g., IPS): Monitor and act on traffic.
    • Passive Devices (e.g., IDS): Observe and report without altering traffic.
    • Inline Devices: In the direct traffic path.
    • Taps/Monitors: Capture data without disruption.
  • Failure Mode:
    • Fail-open: Maintains connectivity during failure but lowers security.
    • Fail-closed: Blocks traffic during failure, prioritizing security over access.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Selecting Infrastructure Controls

A

Protective measure to reduce risks and safeguard assets.

  • Key Principles:
    • Least Privilege
    • Defense in Depth: Use multiple layers of security.
    • Risk-based Approach: Prioritize controls based on risks and vulnerabilities.
    • Lifecycle Management: Regularly review and update controls.
    • Open Design Principle: Promote transparency through testing and scrutiny.
  • Methodology:
    • Assess Current State: Identify existing vulnerabilities and controls.
    • Gap Analysis: Find gaps between current and desired security.
    • Set Clear Objectives: Define goals for new controls (e.g., data protection, compliance).
    • Benchmarking: Compare with industry best practices.
    • Cost-Benefit Analysis: Balance security with available resources.
    • Stakeholder Involvement: Align controls with business operations.
    • Monitoring and Feedback: Continuously adapt controls to evolving threats.
  • Best Practices:
    • Conduct Risk Assessments: Regularly update based on new threats and changes.
    • Align with Frameworks: Use frameworks like NIST or ISO for comprehensive security.
    • Customize Frameworks: Tailor frameworks to fit your organization’s needs.
    • Stakeholder Engagement and Training: Involve stakeholders and provide regular security training.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Security+ (29 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions