CASP lesson 4 Flashcards
forward traffic between subnets by inspecting IP addresses and so
operate at layer 3 of the OSI model.
routers
a special purpose device, or appliance, containing
specialized software allowing the configuration of traffic management rules.
load balancer
attacks attempt to disrupt the normal flow of traffic
of a server or service by overwhelming the target with traffic.
Distributed Denial-of-Service (DDoS)
can be used to reduce the amount of throughput available to the
server or service being attacked. This approach protects the attack from consuming
all available bandwidth and impacting other servers and services on the network.
Rate Limiting
provides effective protection of web applications
by inspecting traffic for signs of malicious activity through the use of sophisticated
rules designed to identify attacks such as CSRF, XSS, SQLi, and many others, and
prevents these attacks from reaching the target.
Web Application Firewall (WAF)
provides effective protection of web applications
by inspecting traffic for signs of malicious activity through the use of sophisticated
rules designed to identify attacks such as CSRF, XSS, SQLi, and many others, and
prevents these attacks from reaching the target.
Web Application Firewall (WAF)
essentially takes all the traffic
intended for an endpoint and essentially drops it. This approach drops both
legitimate and malicious traffic.
Blackhole Routing
provide DDoS protection as a service and using this
approach requires updating DNS to point traffic to the service provider in order for
it to be inspected prior to it reaching the intended service.
Cloud Service Providers
provides special purpose devices and
software designed to identify and protect against this type of attack.
DDoS Mitigation Software/Appliance
a device or virtual appliance
which provides multiple security services in a single solution
unified threat management (UTM)
Type of proxy provides for protocol-specific outbound traffic.
forward proxy
The main benefit of a _____ is that client computers connect to a specified point
on the perimeter network for web access.
proxy
A _______________ proxy means that the client must be configured with the
proxy server address and port number to use it. The port on which the proxy
server accepts client connections is often configured as port 8080.
non-transparent
A_______________proxy (or forced or intercepting) intercepts client traffic without
the client having to be reconfigured. A transparent proxy must be implemented
on a switch or router or other in-line network appliance.
transparent
A ___________ script allows a client to configure proxy settings without
user intervention. The ____________ protocol allows browsers to
locate a PAC file.
proxy autoconfiguration (PAC); Web Proxy Autodiscovery (WPAD)
A ______________ is a system put in-line of traffic destined to a specific host or group
of hosts.
Reverse
A _________________ works as a shield and is designed to protect web
applications from attacks such as SQL injection, cross-site scripting (XSS), crosssite
request forgery (XSRF), file inclusion, directory traversal, and a myriad of
other common web-application attacks.
web application firewall
A separate host, or virtual machine, configured to perform
WAF functions. This is the most costly option to acquire and maintain but
provides the greatest flexibility and performance.
Network-based
Software that runs on the same host as the web application server.
It is inexpensive to acquire and maintain but complicates the configuration of
the web application and can require considerable computational resources. A
very popular and widely implemented host-based WAF is __________, which
is Apache licensed free software and compatible with a wide variety of platforms.
Host-based; Modsecurity
WAF functionality provided by a service provider and delivered
via a cloud platform. Less expensive than a network-based WAF, cloudbased
WAF is a unique option in that it offers access to expertly configured
WAF protection with minimal installation effort and very low maintenance
requirements.
Cloud-based
An ________________ provides a mechanism allowing software interfaces to be detached
from the main application.
API gateway
When it is necessary to simply expose an API service externally, such as to the
internet, an ____________________ may be more applicable
as it can isolate the service and allow processing and firewall-like inspection of the
traffic. An _____________________ does not offer the same extensibility as an API Gateway but
offers similar protections.
eXtensible Markup Language (XML) gateway
There are several ways in which a DNS server can be exploited, but a common attack involves
entering false information into the DNS server’s cache, sometimes referred to as
______________.
DNS Spoofing or DNS Poisoning
Traditional DNS has no inherent way to verify the
data in its cache, and so the data stored in the cache remains in place until its _______________ expires or the data is manually cleared
time
to live (TTL)
To extend traditional DNS with DNSSEC functionality, the authoritative DNS server
for a zone must create a “package” of resource records called a _________________ digitally signed using its ______________.
Resource Record
Set (RRset); Zone Signing Key
The zone signing key is also signed using a ___________________.
Key Signing Key
vpns..______ is used to establish the
tunnel, and ________ is used to perform encryption.
l2tp. IPsec
Common VPN protocols
OpenVPN
* L2TP/IPSec
* IKEv2/IPSec
* WireGuard
* SSTP
* IPSec
* PPTP
To protect a network by limiting access to only trusted devices,_______________________allows the creation of policies designed to evaluate connected
devices and determine whether to allow them access to a network environment.
Network Access
Control (NAC)
comparing observed traffic to known attacks which are
defined by a signature
Signature-based
Anomaly-based comparing observed traffic to typical protocol activity, such
as amount, or volume, of a particular protocol or typical characteristics of a
protocol’s operation
Anomaly-based
comparing observed traffic to the traffic obtained during a
learning period whereby the NIDS determines typical network traffic patterns
and volumes within a specific setting. Anything that deviates from the patterns
determined during the learning period is flagged as suspicious.
Behavior-based
