Chapter 6 Flashcards
a set of rules to permit or restrict data from flowing into or out of a network
access control list (ACL)
a configuration in which all load balancers are always active
active-active
a configuration in which the primary load balancer distributes the network traffic to the most suitable server while the secondary load balancer operates in a “listening mode.”
active-passive
a scheduling protocol that distributes the load based on which devices can handle the load more efficiently.
affinity
a network access control (NAC) agent that is not installed on an endpoint device but is embedded within a microsoft windows active directory domain controller
agentless NAC
the absence of any type of connection between devices.
air gap
A VPN that allows the user to always stay connected instead of connecting and disconnecting from it.
always-on VPN
a monitoring technique used by an intrusion detection system (IDS) that creates a baseline of normal activities and compares actions against the baseline. Whenever there is a significant deviation from this baseline, an alarm is raised.
anomaly monitoring
A defense used to protect against IP spoofing that imitates another computer’s IP address.
antispoofing
A special proxy server that “knows” the application protocols that is supports.
application/multipurpose proxy
a firewall that functions at the OSI application layer
application-based firewall
A monitoring technique used by an intrusion detection system (IDS) that uses the normal processes and actions as the standard and compares actions against it.
behavioral monitoring
A hardware device or software that is used to join two separate computer networks to enable communication between them.
bridge
A system of security tools that is used to recognize and identify data that is critical to the organization and ensure that it is protected.
data loss prevention (DLP)
A separate network that rests outside the secure network perimeter: untrusted outside users can access the DMZ but cannot enter the secure network.
demilitarized zone (DMZ)
A network access control (NAC agent that disappears after reporting information to the NAC device.
dissolvable NAC agent
A private network that can also be accessed by authorized external customers, vendors, and partners.
extranet
the failure to raise an alarm when there is abnormal behavior
false negative
alarm that is raised when there is no actual abnormal behavior.
false positive
hardware or software that is designed to limit the spread of malware.
firewall
A defense against a MAC flooding attack. see also port security.
flood guard
a computer or an application program that intercepts user requests from the from the internal secure network and then processes those requests on behalf of the users.
forward proxy
A VPN technology in which all traffic is sent to the VPN concentrator and is protected.
full tunnel
A separate open network that anyone can access without prior authorization.
guest network
A dedicated cryptographic processor that provides protection for cryptographic keys.
hardware security module (HSM)
A monitoring technique used by an intrusion detection system (IDS) that uses an algorithm to determine if a threat exists.
heuristic monitoring
Reports sent by network access control (NAC) “agents” installed on devices to gather information and report back to the NAC device
host agent health checks
A software firewall that runs as a program on a local computer to block or filter traffic coming into and out of the computer.
host-based firewall
A software-based application that runs on a local host computer that can detect an attack as it occurs.
host-based intrusion detection system (HIDS)
A technology that monitors a local system to immediately react to block a malicious attack.
host-based intrusion prevention system (HIPS)
a more recent and advanced electronic email system for incoming mail.
IMAP ( internet mail access protocol)
the principle of being always blocked by default.
implicit deny
an intrusion detection system (IDS) implemented through the network itself by using network protocols and tools.
in-band IDS
an intrusion detection system (IDS) that is directly connected to the network and monitors the flow of data as it occurs
inline IDS
a private network that belongs to an organization that can only be accessed by approved internal users.
intranet
a device that detects an attack as it occurs.
Intrusion detection system (IDS)
a dedicated network device that can direct requests to different servers based on a variety of factors.
load balancer
a means to mitigate broadcast storms using the IEEE 802.1d standard spanning-tree algorithm (STA)
loop prevention
A system that monitors emails for unwanted content and prevents these messages from being delivered.
mail gateway
A device that converts media data from one format to another.
media gateway
A technique that examines the current state of a system or network device before it can connect to the network.
network access control (NAC)
a technique that allows private IP addresses to be used on the public internet.
network address translation (NAT)
A technology that watches for attacks on the network and reports back to a central device.
network intrusion detection system (NIDS)
A technology that monitors network traffic to immediately react to block a malicious attack.
prevention system (NIPS)
a firewall that functions at the OSI network layer (Layer 3)
network-based firewall
An intrusion detection system (IDS) that uses an independent and dedicated channel to reach the device.
out-of-band IDS
An intrusion detection system (IDS) that is connected to a port on a switch in which data is fed to it.
passive IDS
A network access control (NAC) agent that resides on end devices until uninstalled.
permanent NAC agent
Isolating the network so that it is not accessible by outsiders.
physical network segregation
a flood guard technology that restricts the number of incoming MAC addresses for a port
port security
an earlier mail system responsible for incoming mail.
post office protocol (POP)
A user-to-LAN VPN connection used by remote users.
remote access VPN
A proxy that routes requests coming from an external network to the correct internal server.
reverse proxy
a scheduling protocol rotation that applies to all devices equally
round-robin
a device that can forward packets across computer networks.
router
A product that consolidates real-time monitoring and management of security information with analysis and reporting of security events.
security and information event management (SIEM)
a SIEM feature that combines data from multiple data sources (network security devices, servers, software applications, etc.) to build a comprehensive picture of attacks.
SIEM aggregation
A SIEM feature that can inform security personnel of critical issures that need immediate attention.
SIEM automated alerting and triggers
A SIEM feature that searches the data acquired through SIEM aggregation to look for common characteristics, such as multiple attacks coming from a specific source.
SIEM correlation
A SIEM feature that can help filter the multiple alerts into a single alarm.
SIEM event duplication
A SIEM feature that records events to be retrained for future analysis and to show that the enterprise has complied with regulations.
SIEM logs
A SIEM feature that can show the order of the events.
SIEM time synchronization
A monitoring technique used by an intrusion detection system (IDS) that examines network traffic to look for well-known patterns and compares the activities against a predefined signature.
signature-based monitoring
an earlier email system that handles outgoing mail.
simple mail transfer protocol (SMTP)
A VPN connection in which multiple sites can connect to others sites over the internet
site-to-site VPN
a VPN technology in which only some traffic is sent to the VPN concentrator and is protected while other traffic directly access the internet.
split tunneling
a spearate device that decrypts SSL traffic
SSL decryptor
a separate hardware card thatinserts into a web server that contains one or more co-processors to andle SSL/TLS processing
SSL/TLS accelerator
a firewall that keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions
stateful packet filtering
a firewall that looks at the incoming packet and permits or denies it based on the conditions that have been set by the administraitor
stateless packet filtering
a device that connects network segments and forwards only frames intended for that specific device or frames sent to all devices.
switch
a proxy that does not require any configurathion on the user’s comuter
transparent proxy
an integrated device that combines several security functions
Unified Threat management (UTM)
a data loss prevention (DLP) technique for blocking the copying of files to a USB flash drive
USB blocking
An IP address and a specific port number that can be used to reference different physical servers.
virtual IP (VIP)
a technology that allows scattered users to be logically grouped together ever though they may be attached to different switches.
virtual LAN (VLAN)
A technology that enables use of an unsecured public network as if it were a secure private network.
virtual private network (VPN)
a device that aggregates hundreds of thousands of VPN connections.
VPN conentrator
a firewall that filters by examining the applications using HTTP.
web application firewall
