Ch.7 Flashcards
a monitoring technique used by an intrusion detection system (IDS) that creates a baseline of normal activities and compares actions against the baseline. Whenever there is a significant deviation from this baseline, an alarm is raised
anomaly-based monitoring
a firewall that can identify the applications that send packets through the firewall and then make decisions about the applications
application-aware firewall
a specialized intrusion detection system (IDS) that is capable of using “contextual knowledge” in real time
application-aware IDS
an intrusion prevention system (IPS) that knows information such as the applications that are running as well as the underlying operating systems
application-aware IPS
a special proxy server that knows the application protocols that it supports
application-aware proxy
a monitoring technique used by an IDS that uses the normal processes and actions as the standard and compares actions against it
behavior-based monitoring
searching incoming web content to match keywords
content inspection
a defense that uses multiple types of security devices to protect a network. Also called LAYERED SECURITY
defense in depth
a separate network that rests outside the secure network perimeter: untrusted outside users can access the DMZ but cannot enter the secure network
demilitarized zone (DMZ)
a set of individual instructions to control the actions of a firewall
firewall rules
a monitoring technique used by an intrusion detection system (IDS) that uses an algorithm to determine if a threat exists
heuristic monitoring
a software-based application that runs on a local host computer that can detect an attack as it occurs
host-based intrusion detection system (HIDS)
a device that detects an attack as it occurs
intrusion detection system (IDS)
a defense that uses multiple types of security devices to protect a network. Also called DEFENSE IN DEPTH
layered security
a dedicated network device that can direct requests to different servers based on a variety of factors
load balancer
searching for malware in incoming web content
malware inspection
a technique that examines the current state of a system or network device before it is allowed to connect to the network
network access control (NAC)
a technique that allows private IP addresses to be used on the public Internet
network address translation (NAT)
a technology that monitors network traffic to immediately react to block a malicious attack
network intrusion prevention system (NIPS)
hardware or software that captures packets to decode and analyze their contents
protocol analyzer
a computer or an application program that intercepts user requests from the internal secure network and then processes those requests on behalf of the user
proxy server
any combination of hardware and software that enables remote users to access a local internal network
remote access
a computer or an application program that routes incoming requests to the correct server
reverse proxy
a device that can forward packets across computer networks
router