3.3 Given a scenario, implement secure network designs. Flashcards
gathers information to determine if the data being passed is malicious or not.
sensors
aggregation switch
An aggregation switch can connect multiple subnets to reduce the number of active ports. When aggregating subnets, the subnets are connected to the switch versus the router.
active/passive configuration
Sends all requests to one node while the other node is on standby. The secondary node takes over services when the primary node loses connectivity or goes offline.
virtual IP address
A virtual IP address is a shared (usually public) IP address between the two instances in a cluster. Requests go to one IP address and are routed, usually via a scheduling algorithm.
Persistence settings
Persistence settings allow an application-layer load balancer to keep clients connected to a session. This is achieved with a cookie at the client.
scheduling algorithm
The scheduling algorithm is the code and metrics that determine which node is selected for processing each incoming request. The simplest scheduling is round robin; this just means picking the next node.
extranet
An extranet is a zone created to allow authorized users access to company assets separate from the intranet.
DMZ
A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN.
Intranet
An intranet is an internal company zone established to allow employees the ability to share content and communicate more effectively.
Collector
A collector combines multiple sensors to collect internet traffic for processing by an Intrusion Detection Systems (IDS) and other systems. Depending on where the collector is placed determines the type of traffic analyzed.
Port mirror
A port mirror is used to monitor network traffic. It forwards a copy of each packet from one switch port to another.
NAT
Network Addressing Protocol (NAT) translates public IP addresses to private and vice versa. By using the NAT protocol on the firewall, a company can hide assets from the public internet.
Agentless Health assessment
An agentless health or posture assessment supports a wide range of devices, such as smartphones and tablets, but less detailed information about the client is available.
GLBP
Gateway Load Balancing Protocol (GLBP) is Cisco’s proprietary service to providing a load-balanced service with a VIP. The infrastructure is Cisco-based, so this service will most likely be implemented.
CARP
Common Address Redundancy Protocol (CARP) is another commonly used network protocol that works in the same way as GLBP.
Split tunnel VPN
In a split tunnel VPN, administrators decide where traffic is routed. A split tunnel can decipher whether traffic goes to a private network or not.
Reverse Proxy
Reverse proxies can publish specific applications from the corporate network to the Internet by listening for specific client requests. This will ensure other intranet services are not exposed.
802.1p header
Switches that support quality of service uses the 802.1p header to prioritize frames. This will improve video conferences and make efficient use of the overall network bandwidth.
Out-of-band (OOB) managment
Out-of-band (OOB) management is a means of remote management of a system; a term commonly used when managing network devices. For example, a console connection to a router.
What detection method does NID use?
Signature based
UTM
The Unified Threat Management (UTM) is an all-in-one security appliance that combines the functions of a firewall, malware scanner, intrusion detection, vulnerability scanner, Data Loss Prevention, content filtering, and many more.
IDS
An Intrusion Detection System (IDS) by itself out-of-the-box will be able to notice a user visiting a bad website, and may do passive or non-intrusive notification, but nothing active will occur.
BPDU
A Bridge Protocol Data Unit (BPDU) guard setting is applied to switches. This causes a portfast-configured port that receives a BPDU to become disabled.
STP
Spanning Tree Protocol (STP) is principally designed to prevent broadcast storms. These storms occur when a bridged network contains a loop and broadcast traffic is amplified by the other switches. This can disrupt the network services.
