4.3 Flashcards
(37 cards)
intrusion prevention system (IPS) Actions
Alerts/alarms and verbose dumps
Block attackers inline and drop packets
Syslog, Simple Network Management Protocol
(SNMP), and NetFlow outputs
Integrate with security information and event
management (SIEM) and security orchestration,
automation, and response (SOAR) systems
web filter
an application layer gateway server or service (physical or virtual dedicated to analysis and
control of HTTP and HTTPS traffic
Agent-based web filters require:
the deployment of
lightweight software packages on network devices,
whereas agentless filters can be instantly deployed
in Random Access Memory (RAM) or persistently
without any manual configuration
Web reputation services accuracy is typically determined by :
the breadth, depth, and variety of
the data being used
Group Policy (GP)
a Microsoft Windows service
that enabled IT administrators to centrally manage
and configure the settings on Windows operating
systems
Group Policy can manage:
operating system settings,
applications, browsers, and user settings
Some Group Policy examples include:
- Password Policy
- Screen Lock
- Power Settings
- Map Network Drives
- Install printers, software, desktop shortcuts, etc.
- Software restrictions (blocking access to programs)
Group Policy Objects (GPOs)
are collections of policy
settings that apply to the domain (or OU) to manage
users, computers, or the entire domain
Security Enhanced Linux (SELinux)
an access
control system built into the Linux kernel
Security Enhanced Linux (SELinux) is used:
to enforce the resource policies that
define what level of access users, programs, and
services have on a system
enforces principle of least privilege
The most common are targeted policy or multi-level
security (MLS):
- Targeted policy is the default option and covers a
range of processes, tasks, and services - MLS can be very complicated and is typically only
used by government organizations
Intrusion detection system (IDS)
Known as a passive, as it takes no action to protect or defend your network beyond its role as an alarm system it uses sensors and collectors to detect, suspicious activities 
Intrusion prevention system (IPS)
A more aggressive and actively protects a network by not only identifying suspicious activities, but also taking swift action to actively block or mitigate threats, ensuring that the network remains resilient against potential threats 
Network – based IPS (NIPS)
Placed very close to the firewall to filter all traffic coming into the network
Can only operate on a network, not a host device 
DNS filtering
the technique of using DNS to block
malicious websites and filter out damaging or unsuitable content
**least secure network
DNS filtering ensures:
the organizational data stays secure and private
DNS filtering can blocklist web attributes based on:
domain or ip address
domain
The DNS resolver does not resolve (or look up) the IP addresses for certain domains at all
IP address
The DNS resolver attempts to resolve all domains, but if the IP address is on the blocklist,
the resolver will not send it back to the requestor
DNS Security Extensions (DNSSEC)
adds a layer of trust on top of DNS by providing authentication
adding additional DNS record types (for cryptographic signatures)
To facilitate signature validation, DNSSEC adds a few new DNS record types:
- RRSIG – contains a cryptographic signature
- DNSKEY – contains a public signing key
- DS – contains the hash of a DNSKEY record
- NSEC and NSEC3 – for explicit denial-of-existence of a
DNS record - CDNSKEY and CDS – for a child zone requesting
updates to DS record(s) in the parent zone
OpenDNS (umbrella solution)
a company that offers DNS resolution
services and a suite of consumer solutions with the
goal of making the Internet faster, safer, and more
reliable
Sender Policy Framework (SPF)
an open standard
that introduces a method to prevent sender
address forgery
SPF (info)
More precisely, the current version of SPF —
called SPFv1 or SPF Classic — protects the
envelope sender address, which is used for
messages delivery