Chapter 1 Flashcards
What is Network Security?
The collection of security components assembled in a network to support secure internal and external communications. Network security depends upon host security. Network security operates to protect the network as a whole, rather than as individual systems.
What is trust?
Confidence in the expectation that others will act in your best interest, or that a resource is authentic. On computer networks, trust is the confidence that other users will act in accordance with the organization’s security rules and not attempt to violate stability, privacy or integrity of the network and its resources.
Who or What is Trustworthy?
Known quantities, trust builds over time through correct actions
Why should you care about Network Security?
Who is responsible for Network Security?
What does a Common network look like?
What do common network attacks look like?
MITM, Hijacking, Replay
Access Control
The process or mechanism of granting or denying use of a resource; typically applied to users or generic network traffic.
Appliance
A hardware product that is dedicated to a single primary function. The operating system or firmware of the hardware device is hardened and its use is limited to directly and exclusively supporting the intended function. Firewalls, routers, and switches are typical appliances.
Asset
Anything you use in a business process to accomplish a business task.
Auditing
Act of conducting an audit. Auditing can be the action of a system that is recording user activity and system events into an audit log. Auditing can also be the action of an auditor who checks for compliance with security policies and other regulations
Auditor
Either an outside consultant or an internal member of the information technology staff. The auditor performs security audits, confirms that auditing is sufficient, and investigates audit trails produced by system auditing. In the case of regulatory compliance, auditors should be external and independent of the organization under audit.
Authentication
The security service of the combination of authentication and access control (authorization) that provides either the identity of the sender of a message or controls who is the receiver of a message.
Authorization
Defining what users are allowed and not allowed to do. Also known as access control.
Availability
When a system is usable for its intended purpose. The security service that supports access to resources in a timely manner. If avail-ability becomes compromised, a denial of service is taking place.
Backdoor
Unauthorized access to a system. A backdoor is any access method or pathway that circumvents access or authentication mechanisms.
Blacklist
A type of filtering in which all activities or entities are permitted except for those on the blacklist. Also known as a block list.
Bottleneck
Any restriction on the performance of a system. Can be caused by a slower component or a pathway with insufficient throughput. A bottle-neck causes other components of system to work slower than their optimum rate.
Breach
Any compromise of security. Any violation of a restriction or rule whether caused by an authorized user or an unauthorized outsider.
Bridge
A network device that forwards traffic between networks based on the MAC address of the Ethernet frame. A bridge forwards only packets whose destination address is on the opposing network.
Business Task
Any activity necessary to meet an organization’s long-term goals. Business tasks are assigned to employees and other authorized personnel via their job descriptions.
Caching
Retention of Internet content by a proxy server. Various internal clients may access this content and provide it to subsequent requesters without the need to retrieve the same content from the Internet repeatedly.
Chokepoint
Similar to a bottleneck, but deliberately created within a network infrastructure. A chokepoint is a controlled pathway through which all traffic must cross. At this point, filtering to block unwanted communication or monitoring can occur.
Client
A host on a network. A client is the computer system, which supports user interaction with the network. Users employ a client to access resources from the network. Users can also employ a client generically as any hardware or software product to access a resource. For example, standard e-mail software is a client.
Client/server network
A form of network where certain computers are designated as “servers” to host resources shared with the network. The remaining computers are designated as “clients” to enable users to access shared resources. Most client/server networks employ directory services and single sign-on. Also known as a domain.
Confidentiality
The security service of preventing access to resources by unauthorized users, while supporting access to authorized users.
Defense in depth
A tactic of protection involving multiple layers or levels of security components. Based on the idea that multiple protections create a cumulative effect that will require an attacker to breach all layers, not just one.
Demilitarized zone (DMZ)
A type of perimeter network used to host resources designated as accessible by the public from the Internet.
Denial of service (DOS) attack
A form of attack that attempts to compromise availability. DoS attacks are usually of two types: flaw exploitation and flooding. DDoS (Distributed Denial of Service) often involves the distribution of robots, zombies, or agents to thousands or millions of systems that are then used to launch a DoS attack against a primary target.
Directory service
A network service that maintains a searchable index or database of network hosts and shared resources. Often based on a domain name system (DNS). An essential service of large networks.
Domain
A client/server network managed by a directory service.
Domain Name System (DNS)
A network service that resolves fully qualified domain names (FQDNs) into their corresponding IP address. DNS is an essential service of most networks and their directory services.
Downtime
Any planned or unplanned period when a network service or resource is not avail-able. Downtime can be caused by attack, hardware failure, or scheduled maintenance. Most organizations strive to minimize downtime through security and system management.
Egress Filtering
Filtering traffic as it attempts to leave a network, which can include monitoring for spoofed addresses, malformed packets, unauthorized ports and protocols, and blocked destinations.
Encapsulation
The process of enclosing or encasing one protocol or packet inside another protocol or packet. Also known as “tunneling.” Encapsulation allows for communications to cross intermediary networks that might be incompatible with the original protocol. Encapsulation is distinct from encryption, but many encapsulation protocols include encryption.
Encryption
The process of converting original data into a chaotic and unusable form to protect it from unauthorized third parties. Decryption returns the data back to its original, usable form.
Exploit
An attack tool, method, or technique a hacker uses to take advantage of a known vulnerability or flaw in a target system.
Extranet
A type of perimeter network used to host resources designated as accessible to a limited group of external entities, such as business partners or suppliers, but not by the public. Often, access to an extranet requires the use of a virtual private network or VPN, especially when access originates from the Internet.
Filtering
The process of inspecting content against a set of rules or restrictions to enforce allow-and-deny operations on that content. Firewalls and other security components use filtering.
Firewall
A network security device or host soft-ware that filters communications, usually network traffic, based on a set of predefined rules. Unwanted content is denied and authorized content is allowed. Also known as a sentry device.