ch 7Network Perimeter Security Flashcards
explicitly allow
that a specific
type of traffic should be granted access
explicitly deny
traffic should not be granted access,
implicit deny
block all.”
stateless packet inspection
doesnt remember memory of packet
stateful packet inspection
header in
each packet. It can distinguish between legitimate and illegitimate packets
Application-level gateway
supports address and port translation
a (ftp. )
Circuit-level gateway
Works at the session layer of the OSI model, and applies
security mechanisms when a TCP or UDP connection is established;
layer between application and transport
DMZ
sits between internet and actual network
application firewalls
HTTP protect HTTP sessions from XSS attacks and SQL injection
IP proxy:
Uses NAT. anonymous
Caching proxy:
web 1 caching http traffic
proxy server
sits between private and public network
Internet content
filter ,
(software)
websites vaccessed, e-mail, instant messaging, and more.
revoked certificates and certificate revocation
lists, or CRLs, will not be filtered because they are only published periodically
Web security gateways
that scan for viruses, filter content, and
act as data loss prevention (DLP) devices
DPL
protect data by way of content
inspection
