Chapter 1 Flashcards
1
Q
What is Network Security?
A
The collection of security components assembled in a network to support secure internal and external communications. Network security depends upon host security. Network security operates to protect the network as a whole, rather than as individual systems.
2
Q
What is trust?
A
Confidence in the expectation that others will act in your best interest, or that a resource is authentic. On computer networks, trust is the confidence that other users will act in accordance with the organization’s security rules and not attempt to violate stability, privacy or integrity of the network and its resources.
3
Q
Who or What is Trustworthy?
A
Known quantities, trust builds over time through correct actions
4
Q
Why should you care about Network Security?
A
5
Q
Who is responsible for Network Security?
A
6
Q
What does a Common network look like?
A
7
Q
What do common network attacks look like?
A
MITM, Hijacking, Replay
8
Q
Access Control
A
The process or mechanism of granting or denying use of a resource; typically applied to users or generic network traffic.
9
Q
Appliance
A
A hardware product that is dedicated to a single primary function. The operating system or firmware of the hardware device is hardened and its use is limited to directly and exclusively supporting the intended function. Firewalls, routers, and switches are typical appliances.
10
Q
Asset
A
Anything you use in a business process to accomplish a business task.
11
Q
Auditing
A
Act of conducting an audit. Auditing can be the action of a system that is recording user activity and system events into an audit log. Auditing can also be the action of an auditor who checks for compliance with security policies and other regulations
12
Q
Auditor
A
Either an outside consultant or an internal member of the information technology staff. The auditor performs security audits, confirms that auditing is sufficient, and investigates audit trails produced by system auditing. In the case of regulatory compliance, auditors should be external and independent of the organization under audit.
13
Q
Authentication
A
The security service of the combination of authentication and access control (authorization) that provides either the identity of the sender of a message or controls who is the receiver of a message.
14
Q
Authorization
A
Defining what users are allowed and not allowed to do. Also known as access control.
15
Q
Availability
A
When a system is usable for its intended purpose. The security service that supports access to resources in a timely manner. If avail-ability becomes compromised, a denial of service is taking place.
16
Q
Backdoor
A
Unauthorized access to a system. A backdoor is any access method or pathway that circumvents access or authentication mechanisms.
17
Q
Blacklist
A
A type of filtering in which all activities or entities are permitted except for those on the blacklist. Also known as a block list.
18
Q
Bottleneck
A
Any restriction on the performance of a system. Can be caused by a slower component or a pathway with insufficient throughput. A bottle-neck causes other components of system to work slower than their optimum rate.
19
Q
Breach
A
Any compromise of security. Any violation of a restriction or rule whether caused by an authorized user or an unauthorized outsider.
20
Q
Bridge
A
A network device that forwards traffic between networks based on the MAC address of the Ethernet frame. A bridge forwards only packets whose destination address is on the opposing network.
21
Q
Business Task
A
Any activity necessary to meet an organization’s long-term goals. Business tasks are assigned to employees and other authorized personnel via their job descriptions.
22
Q
Caching
A
Retention of Internet content by a proxy server. Various internal clients may access this content and provide it to subsequent requesters without the need to retrieve the same content from the Internet repeatedly.
23
Q
Chokepoint
A
Similar to a bottleneck, but deliberately created within a network infrastructure. A chokepoint is a controlled pathway through which all traffic must cross. At this point, filtering to block unwanted communication or monitoring can occur.
24
Q
Client
A
A host on a network. A client is the computer system, which supports user interaction with the network. Users employ a client to access resources from the network. Users can also employ a client generically as any hardware or software product to access a resource. For example, standard e-mail software is a client.
25
Client/server network
A form of network where certain computers are designated as "servers" to host resources shared with the network. The remaining computers are designated as "clients" to enable users to access shared resources. Most client/server networks employ directory services and single sign-on. Also known as a domain.
26
Confidentiality
The security service of preventing access to resources by unauthorized users, while supporting access to authorized users.
27
Defense in depth
A tactic of protection involving multiple layers or levels of security components. Based on the idea that multiple protections create a cumulative effect that will require an attacker to breach all layers, not just one.
28
Demilitarized zone (DMZ)
A type of perimeter network used to host resources designated as accessible by the public from the Internet.
29
Denial of service (DOS) attack
A form of attack that attempts to compromise availability. DoS attacks are usually of two types: flaw exploitation and flooding. DDoS (Distributed Denial of Service) often involves the distribution of robots, zombies, or agents to thousands or millions of systems that are then used to launch a DoS attack against a primary target.
30
Directory service
A network service that maintains a searchable index or database of network hosts and shared resources. Often based on a domain name system (DNS). An essential service of large networks.
31
Domain
A client/server network managed by a directory service.
32
Domain Name System (DNS)
A network service that resolves fully qualified domain names (FQDNs) into their corresponding IP address. DNS is an essential service of most networks and their directory services.
33
Downtime
Any planned or unplanned period when a network service or resource is not avail-able. Downtime can be caused by attack, hardware failure, or scheduled maintenance. Most organizations strive to minimize downtime through security and system management.
34
Egress Filtering
Filtering traffic as it attempts to leave a network, which can include monitoring for spoofed addresses, malformed packets, unauthorized ports and protocols, and blocked destinations.
35
Encapsulation
The process of enclosing or encasing one protocol or packet inside another protocol or packet. Also known as "tunneling." Encapsulation allows for communications to cross intermediary networks that might be incompatible with the original protocol. Encapsulation is distinct from encryption, but many encapsulation protocols include encryption.
36
Encryption
The process of converting original data into a chaotic and unusable form to protect it from unauthorized third parties. Decryption returns the data back to its original, usable form.
37
Exploit
An attack tool, method, or technique a hacker uses to take advantage of a known vulnerability or flaw in a target system.
38
Extranet
A type of perimeter network used to host resources designated as accessible to a limited group of external entities, such as business partners or suppliers, but not by the public. Often, access to an extranet requires the use of a virtual private network or VPN, especially when access originates from the Internet.
39
Filtering
The process of inspecting content against a set of rules or restrictions to enforce allow-and-deny operations on that content. Firewalls and other security components use filtering.
40
Firewall
A network security device or host soft-ware that filters communications, usually network traffic, based on a set of predefined rules. Unwanted content is denied and authorized content is allowed. Also known as a sentry device.
41
Fully qualified domain name (FQDN)
A complete Internet host name including a top-level domain name, a registered domain name, possibly one or more sub-domain names, and a host name. Examples include: www.itttech.edu and maps.google.com.A DNS is used to resolve FQDNs into IP addresses.
42
Hacker
A person who performs hacking. Modern use of this term now implies malicious or criminal intent by the hacker, although criminals are more correctly known as "crackers." An "ethical hacker" obtains the permission of the owner of a system before hacking.
43
Hacking
The act of producing a result not intended by the designer of a system. Hackers may perform such acts out of curiosity or malice. Malicious hacking is known as "cracking," but many people typically call all these actions "hacking," regardless of intent.
44
Hardening
The process of securing or locking down a host against threats and attacks. This can include removing unnecessary software, installing updates, and imposing secure configuration settings.
45
Hijacking
This attack occurs when a hacker uses a network sniffer to watch a communications session to learn its parameters. The hacker then disconnects one of the session's hosts, impersonates the offline system, and then begins injecting crafted packets into the communication stream. If successful, the hacker takes over the session of the offline host, while the other host is unaware of the switch
46
Host
A node that has a logical address assigned to it, usually an IP address. This typically implies that the node operates at and/or above the Network Layer. This would include clients, servers, firewalls, proxies, and even routers. The term excludes switches, bridges, and other physical devices such as repeaters and hubs. In most cases, a host either shares or accesses resources and services from other hosts.
47
HOSTS file
A static file on every IP-enabled host where FQDN-to-IP address resolutions can be hard-coded.
48
Ingress filtering
Filtering traffic as it attempts to enter a network. This can include monitoring for spoofed addresses, malformed packets, unauthorized ports and protocols, and blocked destinations.
49
Integrity
The security service of preventing unauthorized changes to data.
50
Internet Protocol Security (IPSec)
IP protocol encryption services extracted from IPv6 to be used as an add-on component for IPv4. IPSec provides tunnel mode and transport mode encrypted Network Layer connections between hosts and/or networks.
51
Intrusion detection system (IDS)
A security mechanism to detect unauthorized user activities, attacks, and network compromise. An IDS can respond in a passive manner through alerts and logging or in an active manner by disconnecting an offending session.
52
Intrusion prevention system (IPS)
A security mechanism to detect and prevent attempts to breach security.
53
Job description
An essential part of security and an extension of the written security policy. The job description defines the business tasks for each person within the organization. This in turn prescribes the authorization personnel need to accomplish these assigned tasks.
54
Local area network (LAN)
A network confined to a limited geographic distance. Generally, a LAN is comprised of segments that are fully owned and controlled by the host organization as opposed to using lines leased from telcos
55
Log
A log is a recording or notation of activities. Many security services, applications, and network resources automatically create a log of all events. Also known as an event log or a log file.
56
Logging
The act of creating or recording events into a log. Similar to auditing and monitoring.
57
Malicious Code
Any software that was written with malicious intent. Administrators use anti-virus and anti-malware scanners to detect and prevent malicious code (also known as malware) from causing harm within a private network or computer.
58
Man-in-the-middle attack
This attack occurs when a hacker is positioned between a client and a server and the client is fooled into connecting with the hacker computer instead of the real server. The attack performs a spoofing attack to trick the client. As a result, the connection between the client and server is proxied by the hacker. This allows the hacker to eavesdrop and manipulate the communications.
59
Media access control (MAC) address
The physical address assigned to a network interface by the manufacturer. The MAC address is a 48-bit binary address presented in as hexadecimal pairs separated by colons. The first half of a MAC address is known as the Organizationally Unique Identifier (OUI) or vender ID, the last half is the unique serial number of the NIC.
60
Monitoring
The act of watching for abnormal or unwanted circumstances. Commonly used inter-changeably with logging and auditing.
61
Network access control (NAC)
A mechanism that limits access or admission to a network based on the security compliance of a host.
62
Network address translation (NAT)
A service that converts between internal addresses and external public addresses. This conversion is performed on packets as they enter or leave the network to mask and modify the internal client's configuration. The primary purpose of NAT is to prevent internal IP and network configuration details from being discovered by external entities, such as hackers.
63
Permission
An ability to interact with a resource that is granted or denied to a user through some method of authorization or access control, such as access control lists (ACLs)
64
Port Address Translation (PAT)
An extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be mapped to a single public IP address.
65
Privacy
Keeping information about a network or system user from being disclosed to unauthorized entities. While typically focused on private information like a Social Security number, medical records, credit card number, cellular phone number, etc., privacy concerns extend to any data that represents personally identifiable information (also known as PII).
66
Private IP Address
The ranges of IP addresses defined in RFC 1918 for use in private networks that are not usable on the Internet.
67
Privilege
An increased ability to interact with and modify the operating system and desktop environment granted or denied to a user through some method of authorization or access control, such as user rights on a Windows system
68
Proxy server
A network service that acts as a "middle man" between a client and server. A proxy can hide the identity of the client, filter content, perform NAT services, and cache content.
69
Public IP address
Any address that is valid for use on the Internet. This excludes specially reserved addresses such as loopback (127.0.0.1– 127.255.255.255), RFC 1918 addresses, and the Windows APIPA addresses (169.254.0.0– 169.254.255.255). Organizations lease public addresses from an Internet Service Provider (ISP).
70
Redundancy
The feature of network design that ensures the existence of multiple pathways of communication. The purpose is to prevent or avoid single points of failure.
71
Remote access
A communications link that enables access to network resources using a wide area network (WAN) link to connect to a geographically distant network. In effect, remote access creates a local network link for a system not physically local to the network. Over a remote access connection, a client system can technically perform all the same tasks as a locally connected client, with the only difference being the speed or the bandwidth of the connection.
72
Remote access server (RAS)
A network server that accepts inbound connections from remote clients. Also known as a network access server (NAS).
73
Remote control
The ability to use a local computer system to remotely take control of another computer over a network connection. Often used for remote technical assistance
74
Replay attack
This attack occurs when a hacker uses a network sniffer to capture network traffic and then retransmits that traffic back on to the network at a later time. Replay attacks often focus on authentication traffic in the hope that retransmitting the same packets that allowed the real user to log into a system will grant the hacker the same access.
75
Resources
Any data item or service available on a computer or network accessible by a user to perform a task.
76
RFC 1918 addresses
IP addresses that, by convention, are not routed outside a private or closed network. Class A: 10.0.0.0–10.255.255.255; Class B: 172.16.0.0–172.31.255.255; Class C: 192.168.0.0–192.168.255.255
77
Risk
The likelihood or potential for a threat to take advantage of a vulnerability and cause harm or loss. Risk is a combination of an asset's value, exposure level, and rate of occurrence of the threat. A goal of security is to recognize, understand, and eliminate risk.
78
Roles
or job role A collection of tasks and responsibilities defined by a security policy or job description for an individual essential productivity, or security position.
79
Router
A network device responsible for directing traffic towards its stated destination along the best-known current available path.
80
Security Objective
Sets of stated purposes or targets for network security activity. Standard objectives are confidentiality, integrity, and avail-ability. Objectives are generally more oriented towards achieving or maintaining the goals, such as ensuring the confidentiality of resources.
81
Security Policy
A written document prescribing security goals, missions, objectives, standards, procedures, and implementations for a given organization. Also identifies what assets need protection based on their value.
82
Senior Management
The individual or group of highest controlling and responsible authority within an organization. Ultimately the success or failure of network security rests with senior management.
83
Server
A host on a network. A server is the computer system that hosts resources accessed by users from clients.
84
Single point of failure
Any element of a system or network infrastructure, which is the primary or only pathway through which a process occurs. The compromise of such an element could result in system failure. Network design should avoid single points of failure by including redundancy and defense in depth.
85
Sniffer
A software utility or hardware device that captures network communications for investigation and analysis. Also known as packet analyzer, network analyzer, and protocol analyzer.
86
SOHO (small office, home office)
Any small network, workgroup, or client/server, deployed by a small business, a home-based business, or just a family network in a home.
87
Switch
A device, which provides network segmentation through hardware. Across a switch, temporary dedicated electronic communication pathways are created between the endpoints of a session (such as a client and server). This switched pathway prevents collisions. Additionally, switches allow the communication to use the full potential throughput capacity of the network connection, instead of 40 percent or more being wasted by collisions (as occurs with hubs).
88
Telco
Short for telecommunications company or corporation. Used to refer to any company that sells or leases WAN connection services whether wired or wireless.
89
Terminal Services/Server/Session
A modern form of legacy thin client operation. A thin client software utility connects to a central terminal server, which simulates remote control. A terminal service system can support multiple simultaneous terminal client connections. When terminal services are in use, the client workstation coverts to thin client status. All operations of storage and processing then take place on the terminal server.
90
Thin client computing
A legacy terminal concept used to control mainframes. Thin clients had no local processing or storage capability. Modern thin clients simulate these limitations and perform all operations on the terminal server, remote control server, or thin client server
91
Threat
Any potential harm to a resource or node on the network. Threats can be natural or artificial, caused by mother nature or man, or by the result of ignorance or malicious intent. Threats originate internally and externally.
92
Trust
Confidence in the expectation that others will act in your best interest, or that a resource is authentic. On computer networks, trust is the confidence that other users will act in accordance with the organization's security rules and not attempt to violate stability, privacy, or integrity of the network and its resources.
93
Tunneling
The act of transmitting a protocol across an intermediary network by encapsulating it in another protocol.
See also Encapsulation.
94
Virtual private network (VPN)
A mechanism to establish a secure remote access connection across an intermediary network, often the Internet. This allows inexpensive insecure links to replace expensive security links. VPNs allow for cheap long-distance connections established over the Internet. Both endpoints need only a local Internet link. The Internet itself serves as a "free" long-distance carrier. VPNs employ encapsulation and tunneling protocols, such as IPSec.
95
Vulnerability
A weakness or flaw in a host, node, or any other infrastructure component that a hacker can discover and exploit. Security manage-ment aims to discover and eliminate such vulnerabilities.
96
Whitelist
A type of filtering concept where the network denies all activities except for those on the white list. Also known as an "allow" or "permissions list."
97
Wide area network (WAN)
A network not limited by any geographic boundaries. A WAN network can span a few city blocks, reach across the globe, and even extend into outer space. A distinguishing characteristic of a WAN is its use of leased or external connections and links. Often, telcos own these external connections.
98
Workgroup
A form of networking where each computer is a peer. Peers are equal to each other in terms of how much power or controlling authority any one system has over the other members of the same workgroup. All workgroup members are on equal footing because they can manage their own local resources and users, but not those of any other workgroup member.
99
Zero day exploits
New and previous unknown attacks for which are there no current specific defenses. "Zero day" refers to the newness of an exploit, which may be known in the hacker community for days or weeks. When such an attack occurs for the first time, defenders are given zero days of notice (hence the name.) Such attacks usually exploit previously unidentified system flaws.
100
Zeroization
The process of purging a storage device by writing zeros to all addressable locations on the device. A zeroized device contains no data remnants that other users could potentially recover.
101
Single sign-on (SSO)
A network security service that allows a user to authenticate to an entire domain through a single client log on process. All domain members will accept this single authentication. Local authorization is used to control access to individual resources. Such a single authentication can be more complex, since multiple logons for each individual server are not required.
