C836 Ch.10 Flashcards
Security in network design
This method of security involves a well-configured and patched network, and incorporating elements such as network segmentation, choke points, and redundancy
Network segmentation
The act of dividing a network into multiple smaller networks, each acting as its own small network (subnet)
Choke points
Certain points in the network, such as routers, firewalls, or proxies, where we can inspect, filter, and control network traffic
Redundancy
A method of security that involves designing a network to always have another route if something fails or loses connection
Firewall
A mechanism for maintaining control over the traffic that flows into and out of our networks
Packet filtering
A firewall technology that inspects the contents of each packet in network traffic individually and makes a gross determination (based on source and destination IP address, port number, and the protocol being used) of whether the traffic should be allowed to pass
Stateful packet inspection
A firewall technology that functions on the same general principle as packet filtering firewalls, but is able to keep track of the traffic at a granular level. Has the ability to watch the traffic over a given connection
Deep packet inspection
A firewall technology that can analyze the actual content of the traffic that is flowing through
Proxy server
A specialized type of firewall that can serve as a choke point, log traffic for later inspection, and provide a layer of security for the devices behind it
Demilitarized Zone (DMZ)
A combination of a network design feature and a protective device such as a firewall; often used for systems that need to be exposed to external networks but are connected to our network (such as a web server)
Network intrusion detection system (NIDS)
A system that monitors the network to which it is connected for unauthorized activity
Signature-based IDS
An intrusion detection system that maintains a database of signatures that might signal a particular type of attack and compares incoming traffic to those signatures
Anomaly-based IDS
An intrusion detection system that takes a baseline of normal network traffic and activity and measures current traffic against this baseline to detect unusual events
Bring your own device (BYOD)
A phrase that refers to an organization’s strategy and policies regarding the use of personal vs. corporate devices
Mobile device management (MDM)
A solution that manages security elements for mobile devices in the workplace
Kismet
A well-known Linux tool used to detect wireless access points
NetStumbler
A Windows tool used to detect wireless access points
Nmap
A well-known port scanner that can also search for hosts on a network, identify the operating systems those hosts are running, and detect the versions of the services running on any open ports
Packet sniffer
Also known as a network or protocol analyzer, this type of tool can intercept traffic on a network
Wireshark
A fully featured sniffer that is also a great tool for troubleshooting traffic; this well-known tool is used by many network operations and security teams
Honeypot
A type of tool that deliberately displays vulnerabilities or attractive data so it can detect, monitor, and sometimes tamper with the activities of an attacker
Hping3
A tool that can map the network topology and help locate firewall vulnerabilities
