5a - Network Security Flashcards
Uses duplication of critical components/devices, increasing the reliability of the system.
Redundancy
Eliminates a single point of power failure within the network.
Redundant power
Comes in various sizes and can sustain network operations for only a limited time in the event of an outage.
UPS
Provides incremental trunk speeds by combining multiple interfaces to act as one link.
Link Aggregation
Used primarily on Cisco switches;
Allows multiple physical ethernet links to combine into one logical channel.
EtherChannel
Lets you monitor network nodes from a management server.
SNMP
SNMPv1
Operates over UDP, IP, OSI CLNS, DDP, and IPX
SNMPv2
Revises v1 and improves on security, confidentiality, and manager-to-manager communications.
SNMPv3
Added security and remote configuration to SNMP;
The preferred version and required on AF networks.
Any program or code designed to do something on a system or network that you don’t want to have happen.
Malware
A program that has two jobs: replicate and activate.
Virus
Replicates exclusively through networks.
Worm
Can be embedded into a program file and automatically runs when the file is opened.
Macro Virus
A piece of malware that looks or pretends to do one thing while doing something bad.
Trojan horse
Usually a trojan horse that takes advantage of very low-level operating system functions to hide from all but the most aggressive of antimalware tools.
Rootkit
A program that monitors the types of websites you frequent and uses that information to generate targeted advertisements.
Adware
A function of any program that sends information about your system or your actions over the Internet.
Spyware
The process of using or manipulating people inside the network environment to gain access to that network from the outside.
Social Engineering
When the attacker poses as some trusted site, such as your bank, so you could put in your personal information.
Phishing
A type of phishing that targets specific individuals or groups within an organization.
Spear phishing
A highly targeted phishing attack aimed at senior executives masquerading as a legitimate email.
Whaling
When a person goes through the trash in order to find personal information.
Dumpster diving
When a person inserts themselves into a conversation between two others, covertly intercepting traffic thought to be only between two people.
Man in the middle attack
Floods the network with so many requests that it becomes overwhelmed and stops functioning.
DoS
Denial of Service
Using another person’s network without permission.
Leeching
Four types of encryption
WEP, WPA, WPA2, and WPA3
An unauthorized WAP installed on the network.
Rogue access point
A rogue access point that looks like a legitimate access point.
Evil twin
Occurs when a user identifies themselves to the system, and the identity is verified against an authentication database.
Authentication
Occurs after the user has been authenticated.
Authorization
The tracking of network and resource usage on the network.
Accounting
States what users are allowed and not allowed to do on the company’s network.
Acceptable Use Policy (AUP)
Protect networks from potential attacks outside the network by filtering packets using a number of methods.
Firewalls
Permits or denies access to the network based on the MAC address of the client.
MAC address filtering
Like MAC address filtering, except filtering is based on IP addresses instead of MAC addresses.
IP Address filtering / Packet filtering
Prevents the passage of any TCP or UDP segments/datagrams through any port other than the ones prescribed by the system administrator.
Port filtering
A method used by firewalls to prevent a hacker from gaining access to the real IP address.
Hiding the real IP address
A software utility that detects, prevents, and removes viruses, worms, and other malware from a computer.
Anti virus
Software tools and programs designed to identify and prevent malicious software, or malware, from infecting computer systems or electronic devices.
Anti-malware software
Inspects incoming packets looking for active intrusions; does NOT take any actions to stop the attack.
Intrusion Detection System
IDS
Similar to IDS, but adds the capability of actively prevent intrusions.
Intrusion Prevention System
IPS
Proactively identifies security vulnerabilities of computing systems in a network to determine if and where a system can be exploited and/or threatened.
Vulnerability scanners
The name assigned to a wi-fi network; a text string that is up to 32 bytes long.
SSID
A security access control method whereby the 48-bit address assigned to each wireless NIC is used to determine access to the network.
MAC address filtering
A security algorithm for IEEE 802.11
WEP
Wired Equivalent Privacy
An intermediate measure to take the place of WEP.
WPA
Implements the mandatory elements of IEEE 802.11i.
WPA2
Adds better protection from brute-force dictionary attacks and adds individualized data encryption.
WPA3
