Ch 4. Securing Your Network Flashcards
HIDS
host based intrusion detection system; software installed on a system to detect attacks. It protects local resources on the host. A HIPS is an extension of HIDS and detects and blocks attacks.
NIDS
network based intrusion detection system; a device that detects attacks and raises alerts. A NIDS is installed on network devices, such as routers or firewalls. and monitors network traffic.
Port Mirror
a monitoring port on a switch. All traffic going through the switch is also sent to the port mirror.
Taps
monitoring ports on a network device. IDSs use taps to capture traffic.
Signature Based Detection
a type of monitoring used on intrusion detection and intrusion prevention systems that detects attacks based on known attack patterns documented as attack signatures
Heuristic/Behavioral/Anomaly Based Detection
a type of monitoring that can detect unknown anomalies. They start with a performance baseline of normal behavior and then compare network traffic against this baseline. When traffic differs significantly from the baseline, the IDS sends an alert.
inline
an IPS is inline with traffic. All traffic passes through the IPS and the IPS can block malicious traffic.
out-of-band
an IDS is out-of-band. It monitors the network traffic, but the traffic doesn’t go through the IDS.
RAT
Remote Access Trojan; malware that allows an attacker to take control of a system from a remote location
SSL/TLS Accelerator
device used to handle TLS traffic. Severs can off-load TLS traffic to improve performance.
SSL Decryptor
device used to create separate SSL (or TLS) sessions. They allow other security devices to examine encrypted traffic sent to and from the internet.
SDN
software defined network; a method of using software and virtualization technologies to replace hardware routers. SDNs separate the data and control planes.
Honeypot
a server that’s left open or appears to have been sloppily locked down, allowing an attacker relatively easy access. Diverts the attacker away from the live network.
IEEE 802.1x
a server that provides port-based authentication, ensuring that only authorized clients can connect to a network. It prevents rogue devices from connecting.
AP
access point; a device that connects wireless clients to wireless networks. Sometimes called a wireless access point (WAP)
Fat AP
includes everything needed to connect wireless clients to a wireless network. Typically includes features such as a routing component, NAT, DHCP, ACLs, etc. Must be configured separately.
Thin AP
managed by a wireless controller who configures the AP
SSID
service set identifier; the name of a wireless network. SSIDs can be set to broadcast so users can easily see it. Disabling it hides it from casual users
WPA/WPA2
Wi-Fi Protected Access; a wireless security protocol. Supports CCMP for encryption, which is based on AES.
PSK
Pre-shared Key; a wireless mode that uses a pre-shared key for security.
Enterprise
a wireless mode that uses an 802.1x server for security. It forces users to authenticate with a username and password
Captive Portal
a technical solution that forces clients using web browsers to complete a specific process before it allows them access to a network
Disassociation Attack
removes a wireless client from a wireless network; a disassociation frame is sent to the AP to terminate the connection, the client must then reauthenticate
WPS Attack
discovers the eight-digit WPS pin and uses it to discover the AP passphrase
Rogue AP
an AP places within a network without official authorization
Evil Twin
a rogue AP with the same SSID as a legitimate AP.
Jamming
the transmission of noise or another radio signal on the same frequency used by a wireless network
IV Attack
a wireless attack that attempts to discover the initialization vector
NFC Attack
an attacker uses an NFC reader to capture data from another NFC device. Near Field Communication is a group of standards used on mobile devices that allow them to communicate with other mobile devices when they are close
Bluejacking
the practice of sending unsolicited messages to nearby Bluetooth devices
Bluesnarfing
refers to the unauthorized access to, or then of information from, a Bluetooth device.
Replay Attack
an attacker captures data sent between two entities, modifies it, and then attempts to impersonate one of the parties by replaying the data
Split Tunnel
a VPN administrator determines what traffic should use the encrypted tunnel
Full Tunnel
all traffic goes through the encrypted tunnel while the user is connected to the VPN
NAC
Network Access Control; provide continuous security monitoring by inspecting computers and preventing them from accessing the network if they don’t pass the inspection
Permanent Agent
is installed on the client and stays on the client
Dissolvable Agent
downloaded and run on the client when the client logs on remotely
PAP
Password Authentication Protocol; used with Point-to-Point (PPP) to authenticate clients. A weakness is that it sends passwords over a network in cleartext
CHAP
Challenge Handshake Authentication Protocol; uses PPP and authenticates remote users because it does not send passwords with cleartext
MS-CHAPv2
Microsoft CHAP; performs mutual authentication, the client authenticates the server and the server authenticates the client
RADIUS
Remote Authentication Dial-In User Service; a centralized authentication service
TACACS+
the CISCO alternative to RADIUS; it encrypts the entire authentication process and uses multiple challenges and responses between the client and the sever
Diameter
an extension of RADIUS that supports many additional capabilities, including securing transmission with EAP
