Chapter 3: Understanding Devices and Infrastructure Flashcards
A table or data file that specifies whether a user or group has access to a specific resource on a computer or network.
Access Control List (ACL)
The point at which access to a network is accomplished. This term is often used in relation to a wireless access point.
Access Point (AP)
A response generated in real time.
Active Response
A notification that an unusual condition exists and should be investigated.
Alarm
A notification that an unusual condition could exist and should be investigated.
Alert
An appliance that performs multiple functions.
All-in-one Appliance; also known as Unified Threat Management (UTM) and Next Generation Firewall (NGFW)
The component or process that analyzes the data collected by the sensor.
Analyzer
Variations from normal operations.
Anomalies
An anomaly-detection intrusion detection system that works by looking for deviations from a pattern of normal network traffic.
Anomaly-Detection IDS (AD-IDS)
A freestanding device that operates in a largely self-contained manner.
Appliance
A device or software that recognizes application–specific commands and offers granular control over them.
Application-Level Proxy
An IPSec header used to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replays.
Authentication Header (AH)
A method of balancing loads and providing fault tolerance.
Clustering
Gap controls that fill in the coverage between other types of vulnerability mitigation techniques (where there are holes in coverage, we compensate for them.)
Compensating controls
Any systems that identify, monitor, and protect data to prevent it from unauthorized use, modification, destruction, egress, or exfiltration from a location.
Data Loss Prevention (DLP)
An IPSec header used to provide a mix of security services in IPv4 and IPv6. It can be used alone or in combination with the IP Authentication Header.
Encapsulating Security Payload (ESP)
The process of enclosing data in a packet.
Encapsulating
An event that should be flagged but isn’t.
False negative
A flagged event that isn’t really an event and has been falsely triggered.
False positive
A combination of hardware and software filters placed between trusted and untrusted networks intended to protect a network from attack by hackers who could gain access though public networks, including the Internet.
Firewall
An intrusion detection system that is host based. An alternative is an intrusion detection system that is network based.
Host-Based IDS (HIDS)
A software or appliance stand-alone used to enhance security and commonly used with PKI systems.
Hardware Security Module (HSM)