Chapter 3 - Understanding Devices and infrastructure Flashcards
Rene
What consists of TCP 3-way handshake
page 86
SYN > SYN/ACK > ACK
Rene
What is APIs?
page 86
Application Programming Interfaces
Allows programmers to create interfaces to the protocol suite
Rene
What ports does iSCSI use?
page 87
Internet Small Computer Systems Interface
Uses ports 860 and 3260 by default for allowing data storage and transfers across the existing network
Rene
When designing a security topology, what are the 7 common element s to consider?
page 87
- DMZs
- Subnetting
- VLANs
- Remote Access
- NAT
- Telephony
- NACs
Rene
What are the two reasons subnetting is implemented?
page 89
- To use IP address more effectively’
- To make the network more secure and manageable.
Rene
What tunneling protocol supports encapsulation in a single point-to-point environment.
page 90
Point-to-Point Tunneling Protocol (PPTP)
Uses port 1723
Rene
Which Tunneling protocol is a hybrid of PPTP and L2F?
page 91
Layer 2 Tunneling Protocol (L2TP)
It’s primarily a Point-to-Point protocol and supports multiple network protocols and can be used in networks besides TCP/IP.
Rene
What is IPSec?
page 91
Is not a tunneling protocol, but it is used in conjunction with tunneling protocols. IPSec provides secure authentication and encryption of data and headers; this makes a good choice for security.
Rene
What acts as proxy between the local area network, and creates a unique opportunity to assist in the security of a network.
page 93
Network Address Translation (NAT)
Rene
What are the private address ranges?
page 93
- 0.0.0. to 10.255.255.255
- 16.0.0 to 172.31.255.255
- 168.0.0 to 192.168.255.255
Rene
What does Packet Filter Firewalls Do?
page 97
Passes or blocks traffic to specific addresses based on the type of application.
Don’t analyze the data of a packet: it decides whether to pass it based on the packet’s addressing information
Rene
How many NICs does a proxy firewall typically use?
page 99
two, referred to as a dual-home firewall
Rene
Anytime you have a system that is configured with more than one IP address, it can be said to be ____?
page 99
Multi-homed
Rene
What type of proxy function reads the individual commands of the protocols that are being served
page 99
Application-Level
Rene
What type of proxy function creates a circuit between the client and the server and doesn’t deal with the contents of the packets that are being processed?
page 99
Circuit-Level
Rene
What splits the traffic intended for a website into individual requests that are then rotated to redundant servers as they become available and shift a load from one device to another?
page 103
Load Balancer
Rene
What are IDS and how can they be utilized?
page 105
A software that runs either on individual workstations or on network devices to monitor and track network activity.
Can be configured to act as a burglar alarm
Rene
What are several key terms associated with IDS?
page 107
Activity Administrator
Alert Analyzer
Data Source Event
Manager Notification
Operator Sensor
Rene
What are IDS four primary approaches?
page 109 Behavior-Based_Detection IDS Signature-Based-Detection IDS Anomaly-Based-Detection IDS Heuristic IDS
Rene
What attaches itself to the system to a point in the network where it can monitor and report on all traffic, can be in front of or behind the firewall.
page 111
Network-Based IDS (NIDS)
Rene
What is the most common type of response to many intrusions and in general the easiest to develop and implement?
page 113
Passive Response
Rene
What are three types of passive response strategies?
page 113
Logging
Notification
Shunning
Rene
What are three types of active response strategies?
page113
Terminating Processes or Sessions
Network Configuration Changes
Deception
Rene
What are HIDS?
page 116
Host-based IDS
Are designed to run as software on a host computer system
Rene
What TWO major problems HIDS aren’t easily overcome?
page 117
- 1st problem involves a compromise of the system.
- 2nd problem is that it must be deployed on each system that needs it.