Chapter 5 Key Terms

Question 1

Security Zone

Answer 1

Portions of the network or system that have specific security concerns or requirements.

Question 2

Wireless network

Answer 2

A network that does not require a physical connection.

Question 3

Guest network

Answer 3

A network that grants internet access only to guest users. A guest network has a firewall to regulate guest user access.

Question 4

Honeynet

Answer 4

A special zone or network created to trap potential attacks.

Question 5

Ad hoc

Answer 5

A decentralized network that allows connections without a traditional base station or router. It allows users to connect two or more devices directly to each other for a specific purpose.

Question 6

Intranet Zone

Answer 6

A private network that employs internet information services for internal use only.

Question 7

Internet

Answer 7

A public network that includes all publicly available web servers, FTP servers, and other services.

Question 8

Extranet

Answer 8

A privately-controlled network distinct from but located between the internet and a private LAN.

Question 9

Demilitarized zone

Answer 9

A network that contains publicly accessible resources and is located between the private network and an untrusted network, such as the internet. It is protected by a firewall.

Question 10

Proxy server

Answer 10

A type of firewall that stands as an intermediary between clients requesting resources from other servers.

Question 11

Internet content filter

Answer 11

Software used to monitor and restrict content delivered across the web to an end user.

Question 12

Network access control

Answer 12

Software that controls access to the network by not allowing computers to access network resources unless they meet certain predefined security requirements.

Question 13

All-in-one security appliance

Answer 13

An appliance that combines many security functions into a single device.

Question 14

Application-aware devices

Answer 14

A device that has the ability to analyze and manage network traffic based on the application-layer protocol.

Question 15

Demilitarized zone (DMZ)

Answer 15

A buffer network (or subnet) that is located between a private network and an untrusted network, such as the internet.

Question 16

Bastion or Sacrificial Host

Answer 16

Any host that is exposed to attack and has been hardened or fortified against attack.

Question 17

Screening router

Answer 17

The router that is most external to the network and closest to the internet.

Question 18

Duel-homed gateway

Answer 18

A firewall device that typically has three network interfaces. One interface connects to the internet, one interface connects to the public subnet, and one interface connects to the private network.

Question 19

Screened-host gateway

Answer 19

A device residing within the DMZ that requires users to authenticate in order to access resources within the DMZ or the intranet.

Question 20

Screened subnet

Answer 20

A subnet protected by two firewalls; an external firewall is connected to the internet and an internal firewall is connected to a private network.

Question 21

Network Address Translation

Answer 21

A method used by routers to translate multiple private IP addresses into a single registered IP address.

Question 22

Internal network

Answer 22

The private network where devices use private IP addresses to communicate with each other.

Question 23

Internal address

Answer 23

The private IP address that is translated to an external IP address by NAT.

Question 24

External network

Answer 24

The public network that a NAT device connects to with a single public IP address.

Question 25

External address

Answer 25

The public IP address that NAT uses to communicate with the external network.

Question 26

Port Address Translation (PAT)

Answer 26

An extension of NAT that associates a port number with a request from a private host.

Question 27

Virtual Private Network

Answer 27

A remote access connection that uses encryption to securely send data over an untrusted network.

Question 28

Tunneling

Answer 28

Communication method that encrypts packet contents and encapsulates them for routing through a public network.

Question 29

Point-to-Point Tunneling Protocol (PPTP)

Answer 29

A early tunneling protocol developed by Microsoft.

Question 30

Layer 2 Forwarding (L2F)

Answer 30

A tunneling protocol developed by Cisco to establish virtual private network connections over the internet.

Question 31

Layer 2 Tunneling Protocol (L2TP)

Answer 31

An open standard for secure multi-protocol routing.

Question 32

Internet Protocol Security (IPsec)

Answer 32

A set of protocols that provides security for Internet Protocol (IP) can be used in conjunction with L2TP or to set up a VPN solution.

Question 33

Secure Sockets Layer (SSL)

Answer 33

A well-established protocol to secure IP protocols, such as HTTP and FTP.

Question 34

Transport Layer Security (TLS)

Answer 34

A protocol that evolved from SSL and provides privacy and data integrity between two communicating applications.

Question 35

Web Filter

Answer 35

A content filter that prevents users from visiting restricted websites.

Question 36

Web threat filter

Answer 36

A filter that prevents users from visiting websites with known malicious content.

Question 37

Spam

Answer 37

Irrelevant or inappropriate email sent to a large number of recipients.

Question 38

Spam filter

Answer 38

An email filter that prevents the delivery of irrelevant or inappropriate email known as spam.

Question 39

Anti-phishing software

Answer 39

Software that scans content to identify and dispose of phishing attempts.

Question 40

Network access control

Answer 40

A policy-driven control process that allows or denies network access to devices connecting to a network.

Question 41

Bring Your Own Device (BYOD)

Answer 41

A policy that allows an employee to use a personal device, such as a laptop computer or phone, to connect to the organization’s network to accomplish daily work tasks.

Question 42

Active attack

Answer 42

An attack in which perpetrators attempt to compromise or affect the operations of a system in some way.

Question 43

Passive attack

Answer 43

An attack in which perpetrators gather information without affecting the targeted network’s flow of information.

Question 44

External attack

Answer 44

An attack in which unauthorized individuals try to breach a network from outside the network.

Question 45

Inside attack

Answer 45

An attack initiated by authorized individuals inside the network’s security perimeter who attempt to access systems or resources to which they’re not authorized.

Question 46

Entry point

Answer 46

An entry point is a location or device that allows network access and is vulnerable to attacks.

Question 47

Network baseline

Answer 47

The network baseline is the normal network activity including typical traffic patterns, data usage, and server loads. Activity that deviates from the baseline can indicate an attack.

Question 48

Network segmentation

Answer 48

Network segmentation is the division of a network into smaller networks or pieces for performance or security reasons.

Question 49

Privilege escalation

Answer 49

A software bug or design flaw in an application that allows an attacker to gain access to system resources or additional privileges that aren’t typically available.

Question 50

Backdoor

Answer 50

An unprotected and usually lesser known access method or pathway that may allow attackers access to system resources.

Question 51

Zero-day vulnerability

Answer 51

A software vulnerability that is unknown to the vendor that can be exploited by attackers.

Question 52

Common Vulnerabilities and Exposures (CVEs)

Answer 52

A repository of vulnerabilities hosted by MITRE Corporation.

Question 53

Peer to peer software

Answer 53

Software that allows users to share content without centralized servers or centralized access control.

Question 54

Instant messaging

Answer 54

Real-time text messaging communication that supports picture, music, and document exchange.

Question 55

Virtual LAN (VLAN)

Answer 55

A logical grouping of computers based on switch port.

Question 56

MAC filtering/port security

Answer 56

A switch feature that restricts connection to a given port based on the MAC address.

Question 57

Port Authentication

Answer 57

A switch feature that follows the 802.1x protocol to allow only authenticated devices to connect.

Question 58

Content-addressable
memory (CAM) table

Answer 58

A table maintained by a switch that contains MAC addresses and their corresponding port locations.

Question 59

Dynamic Host Configuration protocol (DHCP) snooping

Answer 59

A security feature on some switches that filters out untrusted DHCP messages.

Question 60

Dynamic ARP
Inspection (DAI)

Answer 60

A security feature on some switches that verifies each ARP request has a valid IP to MAC binding.

Question 61

MAC flooding

Answer 61

An attack that overloads a switch’s MAC forwarding table to make the switch function like a hub.

Question 62

ARP spoofing

Answer 62

An attack in which the attacker’s MAC address is associated with the IP address of a target’s device.

Question 63

VLAN hopping

Answer 63

An attack in which the source MAC address is changed on frames sent by the attacker.

Question 64

Double tagging

Answer 64

An attack in which the source MAC address is changed on frames sent by the attacker.

Question 65

MAC spoofing

Answer 65

An attack in which the source MAC address is changed in the header of a frame.

Question 66

Dynamic Trunking
Protocol (DTP)

Answer 66

An unsecure protocol that could allow unauthorized devices to modify a switch’s configuration.

Question 67

Virtual LAN (VLAN)

Answer 67

A logical collection of devices that belong together and act as if they are connected to the same wire or physical switch.

Question 68

Router

Answer 68

A network device that transmits data from one network to another.

Question 69

Access control list (ACL)

Answer 69

A router filter that controls which network packets are permitted (forwarded) or denied (dropped) in or out of a network.