Chapter 6 - Network Security Devices, Design, And Technology

Question 1

Bridge

Answer 1

A hardware device or software that is used to join two separate computer networks to enable communication between them.

Question 2

Switch

Answer 2

A device that connects network segments and forwards only frames intended for that specific device or frames sent to all devices.

Operates at data link layer

Question 3

Loop prevention

Answer 3

A means to mitigate broadcast storms using the IEEE 802.1d standard spanning-tree algorithm (STA).

Question 4

MAC flooding attack

Answer 4

Overflowing the switch with Ethernet frames that have been spoofed so that each frame contains a different source MAC address each appearing to come from a different computer. This consumes all the memory for the MAC address table. Once full, the switch enters fail-open mode and functions like a network hub.

Question 5

Flood guard

Answer 5

A defense against a MAC flooding attack.

Question 6

Port security

Answer 6

A flood guard technology that restricts the number of incoming MAC addresses for a port.

Question 7

Router

Answer 7

A device that can forward packets across computer networks.

Operates at network layer.

Question 8

Access Control List (ACL)

Answer 8

A set of rules to permit or restrict data from flowing into or out of a network.

Question 9

Antispoofing

Answer 9

A defense used to protect against IP spoofing that imitates another computer’s IP address.

Question 10

Load balancing

Answer 10

A technology that can help to evenly distribute work across a network.

Question 11

Load balancer

Answer 11

A dedicated network device that can direct requests to different servers based on a variety of factors.

Question 12

Round-robin

Answer 12

A scheduling protocol rotation that applies to all devices equally.

Question 13

Affinity

Answer 13

A scheduling protocol that distributes the load based on which devices can handle the load more efficiently.

Question 14

Active-passive configuration

Answer 14

A confirmation in which the primary load balancer distributed the network traffic to the most suitable server while the secondary load balancer operates in a “listening mode”.

Question 15

Active-active configuration

Answer 15

A configuration in which all load balancer are always active.

Question 16

Forward proxy

Answer 16

A computer or an application program that intercepts user requests from the internal secure network and then processes those requests on behalf to f the users.

Question 17

Application/multipurpose proxy

Answer 17

A special proxy server that “knows” the application protocols that it supports.

Question 18

Reverse proxy

Answer 18

A proxy that routes requests coming from an external network to the correct internal server.

Question 19

Transparent proxy

Answer 19

A proxy that does not require any configuration in the users computer.

Question 20

Firewall

Answer 20

Hardware or software that is designed to limit the spread of malware.

Question 21

Host-based firewall

Answer 21

A software firewall that runs as a program on the local computer to block or filter traffic coming into and out of the computer.

Question 22

Implicit deny

Answer 22

The principle of being always blocked by default.

Question 23

Network-based firewall

Answer 23

A firewall that functions at the OSI Network layer (Layer 3).

Question 24

Stateless packet filtering

Answer 24

A firewall that looks at the incoming packet and permits or denies it based on the conditions that have been set by the administrator.

Question 25

Stateful packet filtering

Answer 25

A firewall that keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions.

Question 26

Application-based firewall

Answer 26

A firewall that functions at the OSI application layer (layer 7).

Question 27

Web application firewall

Answer 27

A firewall that filters by examining the applications using HTTP.

Question 28

Virtual private network (VPN)

Answer 28

A technology that enables use of an unsecured public network as if it were secure private network.

Question 29

Remote access VPN

Answer 29

A user-to-LAN VPN connection used by remote users.

Question 30

Site-to-site VPN

Answer 30

A VPN connection in which multiple sites can connect to other sites over the internet.

Question 31

Always-on VPN

Answer 31

A VPN that allows the user to always stay connected instead of connecting and disconnecting from it.

Question 32

VPN concentrator

Answer 32

A device that aggregates hundreds or thousands of VPN connections.

Question 33

Full tunnel

Answer 33

A VPN technology in which all traffic is sent to the VPN concentrator and is protected.

Question 34

Split tunneling

Answer 34

A VPN technology in which only some traffic is sent to the VPN concentrator and is protected while other traffic directly accesses the internet.

Question 35

SMTP

Answer 35

Simple mail transfer protocol email system that handles outgoing mail.

Question 36

POP3

Answer 36

An earlier mail system responsible for incoming mail.

Question 37

IMAP (Internet Mail Access Protocol)

Answer 37

A more recent and advanced electronic email system for incoming mail.

Question 38

Mail gateway

Answer 38

A system that monitors emails for unwanted content and prevents these messages from being delivered.

Question 39

Intrusion detection system (IDS)

Answer 39

A device that detects an attack as it occurs.

Question 40

Inline IDS

Answer 40

An IDS that is directly connected to the network and monitors the flow of data as it occurs.

Question 41

Passive IDS

Answer 41

An IDS that is connected to a port on a switch in which data is fed to it.

Question 42

In-band

Answer 42

An IDS implemented through the network itself by using network protocols and tools.

Question 43

Out-of-band

Answer 43

An IDS that uses an independent and dedicated channel to reach the device.

Question 44

Anomaly monitoring

Answer 44

A monitoring technique used by an intrusion detection system (IDS) that creates a baseline of normal activities and compares actions against the baseline. Whenever there is a significant deviation from this baseline, an alarm is raised.

Question 45

False positives

Answer 45

Alarm that is raised when there is no actual abnormal behavior.

Question 46

False negative

Answer 46

The failure to raise an alarm when there is abnormal behavior.

Question 47

Signature-based monitoring

Answer 47

A monitoring technique used by an intrusion detection system (IDS) that examines network traffic to look for well-known patterns and compares the activities against a predefined signature.

Question 48

Behavioral monitoring

Answer 48

A monitoring technique used by an IDS that uses the normal processes and actions as the standard and compares actions against it.

Question 49

Heuristic monitoring

Answer 49

A monitoring technique used by an IDS that uses an algorithm to determine if a threat exists.

Question 50

Two types of IDS that exist

Answer 50

1) host-based intrusion detection system (HIDS)

2) network intrusion detection system (NIDS)

Question 51

Host-based intrusion detection system (HIDS)

Answer 51

A software based application that runs on a local host computer than can detect an attack as it occurs.

Question 52

Network intrusion detection system (NIDS)

Answer 52

A technology that watches for attacks on the network and reports back to a central device.

Question 53

Intrusion prevention system (IPS)

Answer 53

Not only monitors to detect malicious activities like an IDS, but also attempt to prevent them by stopping the attack.

Question 54

Network intrusion prevention system (NIPS)

Answer 54

A technology that monitors network traffic to immediately react to block a malicious attack.

Question 55

Host-based intrusion prevention system (HIPS)

Answer 55

A technology that monitors a local system to immediately react to block a malicious attack.

Question 56

Security and information event management (SIEM)

Answer 56

A product that consolidates real-time monitoring and management of security information with analysis and reporting of security events.

Question 57

Demilitarized zone (DMZ)

Answer 57

A separate network that rests outside the secure network perimeter: untrusted outside users can access the DMZ but cannot enter the secure network.

Question 58

Network address translation (NAT)

Answer 58

A technique that allows private IP addresses to be used on the public internet.

Question 59

Physical network segregation

Answer 59

Isolating the network so that it is not accessible by outsiders.

Question 60

Air gap

Answer 60

The absence of any type of connection between devices.

Question 61

Virtual lan (VLAN)

Answer 61

A technology that allows scattered users to be logically grouped together even though they may be attached to different switches.

Question 62

Network access control (NAC)

Answer 62

A technique that examines the current state of a system or network device before it can connect to the network.

Question 63

Host agent health checks

Answer 63

Reports sent by network access control (NAC) “agents” installed on devices to gather information and report back to the NAC device.

Question 64

Permanent NAC agent

Answer 64

A network access control (NAC) agent that resides on end devices until uninstalled.

Question 65

Dissolvable NAC agent

Answer 65

A network access control (NAC) agent that disappears after reporting information to the NAC device.

Question 66

Agentless NAC

Answer 66

A network access control (NAC) agent that is not installed on an endpoint device but is embedded within a Microsoft Windows active directory domain controller

Question 67

Data loss prevention (DLP)

Answer 67

A system of security tools that is used to recognize and identify data that is critical to the organization and ensure that it is protected.