Chapter 3:Understanding Devices and Infrastructure Flashcards
TCP/IP Layers
4) Application
3) Transport
2) Internet
1) Network Interface
Antiquated Protocols
Protocols once needed but now serve no purpose
IPv4 address length
32-bits
IPv6 address length
128-bits
Command to show active ports
netstat -a
Windows Socket (Winsock) API
A Microsoft API used to interact with TCP/IP.
Internet Small Computer Systems Interface (iSCSI)
A protocol that enables the creation of storage area networks (SANs) and is used in sending storage-related commands over IP networks.
Fibre Channel
A high-speed networking technology designed to work like iSCSI but for fiber only. Cannot work across large networks.
Security Benefit of VLANs
Allow users with similar data sensitivity levels to be segmented together
Security Benefit of Tunneling
Sensitive data can be encapsulated into other packets and sent directly from one network to its destination
Point-to-Point Tunneling Protocol (PPTP)
- Encapsulates and encrypts PPP packets
- Weakness is that the negotiation between the two points in done in the clear
Layer 2 Forwarding (L2F)
- Tunneling protocol used primarily for dial-up
- No encryption
Layer 2 Tunneling Protocol (L2TP)
- Hybrid of PPTP and L2F
- Not encrypted by default, but can use IPSec for security needs
Secure Shell (SSH)
-Uses encryption to establish a secure connection between two systems
IPSec
A set of protocols that enable encryption, authentication, and integrity over IP.
IPSec Transport vs. Tunneling Mode
Transport encrypts only the payload whereas tunneling also encrypts everything
RAS
Remote Access Services
The Private IP Addresses
- 0.0.0-10.255.255.255
- 16.0.0-172.31.255.255
- 168.0.0-192.168.255.255
Telephony
Telephone technology combined with information technology
Biggest Security Problem with VoIP
If VoIP and data are on the same line then they are both vulnerable to a private branch exchange (PBX) attack
Appliances
Freestanding devices that operate in a largely self-contained manner.
Packet Filter
- Passes or blocks traffic to specific addresses based on the type of application.
- Decides based on addressing info, not actual content
Proxy Firewall
- Examines data and makes rule-based decisions about whether the data should pass through
- Hides IP addresses
Dual-Homed Firewall
A firewall using two NICs, one connected to the outside network and one connecting to the internal network
Multihomed
More than one IP address
Application-Level Proxy
Reads the individual commands of the protocols that are being served.
Circuit-Level Proxy
Creates a circuit between the client and the server and doesn’t deal with the contents of the packets.
Stateless Firewalls
Make decisions based on the data that comes in and not based on any complex decisions
Stateful Packet Inspection (SPI)
Remembers where the packet came from and where the next one should come from.
Border Router
A router used to translate from LAN framing to WAN framing.
Web Security Gateway
A proxy server with web protection software built in
Activity (IDS)
An element of a data source that is of interest to the IDS.
Administrator (IDS)
The person responsible for setting the security policy, and for making decisions about the IDS.
Data Source (IDS)
The raw info that the IDS uses to detect suspicious activity.
Audit files, system logs, etc.
Manager (IDS)
The component that the operator uses to manage the IDS.
Sensor (IDS)
The IDS component that collects data from the data source and passes it to the analyzer
Behavior-Based IDS
Looks for variations in behavior such as unusually high traffic, policy violations, etc.
Signature-Based IDS
Focused on evaluating attacks based on attack signatures and audit trails.
Misuse-Detection IDS (MD-IDS)
Another name for signature-based IDS
Attack Signature
A generally established method of attacking a system
Anomaly-Detection IDS (AD-IDS)
Looks for things outside of the ordinary
behavior based falls under this category
Heuristic IDS
Uses algorithms to analyze the traffic passing through the network
Passive Responses
Logging, Notification, and Shunning
Shunning
Ignoring an attack because you know it will not be able to hurt you
Active Response
Takes action based on an attack or threat
Deception Active Response
Fools the attacker into thinking they are succeeding, while actually redirecting it to a honeypot and monitoring it
/var/log/faillog
List of users’ failed authentication attempts
/var/log/lastlog
List of users and when they last logged in
/var/log/messages
Could contain login-related entries
/var/log/wtmp
List of users who have authenticated
All-in-one-Appliance
- Appliances that provide a good foundation of security including URL filtering, content inspection, or malware inspection.
- Also known as Unified Threat Management (UTM) and Next Generation Firewall (NGFW)
Web Application Firewall (WAF)
- A real-time appliance that applies a set of rules to block traffic to and from web servers and to try to prevent attacks.
- Specific to web-based servers.
Application -Aware Device
One that has the ability to respond to traffic based on what is there.
PPP
- Widely used for dial-up connections
- Should not be used for a WAN VPN connection
