3.2 Given a scenario, implement secure network architecture concepts. Flashcards
DMZ
DeMilitarized Zone. A network segment between two firewalls. One is outward facing, connected to the outside world, the other inward facing, connected to the internal network. Public-facing servers, such as web servers, are often placed in a DMZ.
Extranet
A network separate from your internal network. Used to segregate devices that present more of a threat. For instance allowing a vendor to contractor to connect to our network.
Bastion Host
host in a DMZ
Intranet
Our internal network. or website/servers available only from inside our network.
If Guest account is on the test the answer is
Kiosk
NAT
Network Address Translation - taking the private IP address of the internal computer, and translating it to a public IP address so that it can be routed across the Internet
Static NAT
One Public IP for One Private IP address. One-to-One
Dynamic Nat
Dynamic assigns and reassigns a public IP address to a public IP. You only have a public assigned when you are trying to reach the the internet. One-to-Many
Nat overload/PAT
NAT overload/ Port address translation - One public IP address and a high level port assigned to each private IP that tries to reach the internet. Many-to-One
WiMAX
entire city with internet
VLAN
Virtual Local Area Network - Network segmentation.
VLANs break up a network using this piece of equipment
A network switch
Virtualization
another way to segment a network. Create multiple virtual servers on a single Physical server
Air Gap
Devices literally not connected to the network. the device or LAN is physically separated and not connected to any other.
Site-to-Site VPN
A secure tunnel through an unsecure Internet
Remote Access VPN
Allows you to access the Ft Hood network, while you are TDY or from home.
TACACS+
Cisco Proprietary - AAA service
KERBEROS
Microsoft - AAA service= uses Tickets
RADIUS
Open source AAA service
4 types of VPN tunnels
IPSEC - most secure & most common
SSL - costs money. can use a web browser.
L2TP - layer 2 tunnel protocol - Cisco Proprietary
PPTP - Point-to-Point tunnel protocol - Microsoft Proprietary
L2TP uses what?
L2TP uses IPSEC
__________ are needed in every network segment in order for an IDS or IPS to detect or Prevent malicious traffic
Sensors
SSL accelerator
Takes some work off the CPU by handling the encryption decryption.
Port Mirroring
Used to copy traffic from one network segment to another network segment. SPAN is the Cisco Proprietary method of doing this.
Which of the following allows the deployment of a publicly accessible web server without compromising the security of the private network?
A. Intranet
B. DMZ
C. Extranet
D. Ad Hoc Network
B. DMZ
Which version of NAT allows all connected devices to access the internet?
A. Port Address Translation
B. Static Network Address Translation
C. Dynamic Network Address Translation
D. Virtual Local Area Network
A. Port Address Translation
Which of the following would allow you to analyze an attack and then apply new security controls to the rest of the enterprise?
A. IPS
B. VPN Concentrator
C. Intranet
D. Honeynet
D. Honeynet