5.2 Network Security Flashcards
Computer networks enable __________ ________ and are essential for many daily activities and devices. Network threats can come from attackers, __________, or ________.
resource sharing;
misconfigurations; outages
How can networks be protected? (two ways)
secure design (e.g. segmentation, choke points, redundancies) and implementing devices like firewalls and intrusion detection systems.
Network segmentation divides networks into _________, allowing traffic control between segments and localizing issues.
subnets;
It can boost performance and prevent unauthorized access to sensitive areas.
Network segmentation
Choke points are what? ( 3 things) _____________ in network design can help mitigate issues from failures or attacks.
Locations where network traffic can be inspected, filtered and controlled.
Redundancies
_____________ control traffic flow in and out of networks, typically placed at trust boundary points. They examine _______ ________ to allow or disallow traffic based on various factors.
Firewalls;
network packets
________ ________ _________s look at individual packet contents to allow/disallow based on source/destination addresses, port numbers, and protocols. This method can be vulnerable to _________________.
Packet filtering firewalls;
attacks spanning multiple packets.
What mechanism tracks traffic at a more granular level, monitoring connections over time. They can prevent some intentionally disruptive attack traffic.
Stateful packet inspection firewalls
Deep packet inspection firewalls can analyze ________________________, providing more intelligence but also raising____________________.
the actual content of network traffic;
privacy concerns.
Proxy servers are _________ _________ ________ that provide security and performance features. They can act as _________ _________and allow traffic logging.
APPLICATION-specific firewalls; choke points
________________________uses multiple firewall layers to separate devices from the rest of the network, allowing controlled public access while protecting internal systems.
A demilitarized zone (DMZ)
Intrusion detection systems (IDS) ______________, hosts or applications for unauthorized activity.
monitor networks;
What are the two types of Intrusion detection systems?
They can use signature-based or anomaly-based detection methods.
How does Signature-based IDS work?
compare traffic to known attack signatures. Good except when there is a new attacker whose name is not recognized.
How does anomaly-based IDS work?
Looks for deviations from normal traffic patterns. Can produce a large amount of false positives because during normal activity due to unusual amount of traffic.
Network IDS placement requires careful consideration to avoid ____________. Putting them behind other _____ devices can help ___________________________.
overload; filtering; reduce obviously unwanted traffic.
Host-based IDS monitor individual hosts for _________ _________ __________, looking at __________________, ____________, and other indicators of compromise.
signs of intrusion; system logs, file integrity,
Intrusion prevention systems (IPS) are similar to IDS but can do what?
Actively block or prevent detected intrusions, not just detect and alert.
__________ _____________ _______________ ___________verify that devices meet security requirements before allowing them to connect to the network.
Network Access Control (NAC) systems
Virtual Private Networks (VPNs) do what?
create encrypted tunnels for secure communication over untrusted networks like the Internet.
How can VPN be implemented?
VPNs can be implemented using various protocols like IPsec, SSL/TLS, or PPTP, each with different security characteristics.
Wireless networks face unique security challenges due to their _______ and ease of .
broadcast nature; interception
encryption for wireless networks is considered insecure and should not be used; ________ and __________ are recommended instead.
WEP; WPA or WPA
Secure protocols like ___________, ____________, ______________should be used instead of their insecure counterparts to protect data in transit.
HTTPS, SSH, and SFTP
Network security tools like Nmap, Wireshark, TCPdump, Kismet, and Metasploit can be used for what?
To test and verify network security measures.
__________ and ___________ are _________ systems used to detect, deflect, or study attacker behavior.
Honeypots and honeynets, decoy
You can test the security of your firewalls and how they respond using scanning tools such as _______.
Scapy
For what might you use the tool Kismet?
To detect wireless devices on a network
Explain the concept of segmentation.
Network segmentation creates SUBNETS - you can then control the flow of information between the subnets. Can help with productivity by containing traffic and localizing network issues.
What are the two main categories wireless encryption?
WEP(Wired equivalent Privacy and WPA(2,3), wifi protected access
What tool might you use to scan for devices on a network?
A port scanner - Nmap
Which tools can you use to sniff traffic on a wireless network?
Wireshark, Kismit
What would you use if you needed to send sensitive data over an untrusted network?
VPN
What would you use a DMZ to protect?
Internal servers behind a public facing website.
What is the difference between a stateful firewall and a deep packet inspection firewall?
Stateful firewall examines the structure of the network traffic and filters out undesirable content. Deep packets inspection firewall can reassemble the individual packets to see what is being sent to the destination application.
Why are there privacy concerns over deep packet firewall protection?
Someone in control can read all your emails, instant messaging.
What can a company use to keep SPAM and malware from reaching employees?
Proxy Server
What is a packet crafting attack?
When an attacker uses traffic packets designed to avoid detection by IDS, firewalls and carry malicious code.
What is a SSH and why is it useful?
Secure Shell. A safer protocol and you can send many different types of traffic over it.
whats a ZERO DAY ATTACK?
A new or unpublished attack or vulnerablility.
What is a protocol for securing communications?
POP
HTML
SSH
FTP
SSH does secure communications.
