Chapter 6 - Network Security Devices, Design, And Technology Flashcards
Bridge
A hardware device or software that is used to join two separate computer networks to enable communication between them.
Switch
A device that connects network segments and forwards only frames intended for that specific device or frames sent to all devices.
Operates at data link layer
Loop prevention
A means to mitigate broadcast storms using the IEEE 802.1d standard spanning-tree algorithm (STA).
MAC flooding attack
Overflowing the switch with Ethernet frames that have been spoofed so that each frame contains a different source MAC address each appearing to come from a different computer. This consumes all the memory for the MAC address table. Once full, the switch enters fail-open mode and functions like a network hub.
Flood guard
A defense against a MAC flooding attack.
Port security
A flood guard technology that restricts the number of incoming MAC addresses for a port.
Router
A device that can forward packets across computer networks.
Operates at network layer.
Access Control List (ACL)
A set of rules to permit or restrict data from flowing into or out of a network.
Antispoofing
A defense used to protect against IP spoofing that imitates another computer’s IP address.
Load balancing
A technology that can help to evenly distribute work across a network.
Load balancer
A dedicated network device that can direct requests to different servers based on a variety of factors.
Round-robin
A scheduling protocol rotation that applies to all devices equally.
Affinity
A scheduling protocol that distributes the load based on which devices can handle the load more efficiently.
Active-passive configuration
A confirmation in which the primary load balancer distributed the network traffic to the most suitable server while the secondary load balancer operates in a “listening mode”.
Active-active configuration
A configuration in which all load balancer are always active.
Forward proxy
A computer or an application program that intercepts user requests from the internal secure network and then processes those requests on behalf to f the users.
Application/multipurpose proxy
A special proxy server that “knows” the application protocols that it supports.
Reverse proxy
A proxy that routes requests coming from an external network to the correct internal server.
Transparent proxy
A proxy that does not require any configuration in the users computer.
Firewall
Hardware or software that is designed to limit the spread of malware.
Host-based firewall
A software firewall that runs as a program on the local computer to block or filter traffic coming into and out of the computer.
Implicit deny
The principle of being always blocked by default.
Network-based firewall
A firewall that functions at the OSI Network layer (Layer 3).
Stateless packet filtering
A firewall that looks at the incoming packet and permits or denies it based on the conditions that have been set by the administrator.
Stateful packet filtering
A firewall that keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions.
Application-based firewall
A firewall that functions at the OSI application layer (layer 7).
Web application firewall
A firewall that filters by examining the applications using HTTP.
Virtual private network (VPN)
A technology that enables use of an unsecured public network as if it were secure private network.
Remote access VPN
A user-to-LAN VPN connection used by remote users.
Site-to-site VPN
A VPN connection in which multiple sites can connect to other sites over the internet.
Always-on VPN
A VPN that allows the user to always stay connected instead of connecting and disconnecting from it.
VPN concentrator
A device that aggregates hundreds or thousands of VPN connections.
Full tunnel
A VPN technology in which all traffic is sent to the VPN concentrator and is protected.
Split tunneling
A VPN technology in which only some traffic is sent to the VPN concentrator and is protected while other traffic directly accesses the internet.
SMTP
Simple mail transfer protocol email system that handles outgoing mail.
POP3
An earlier mail system responsible for incoming mail.
IMAP (Internet Mail Access Protocol)
A more recent and advanced electronic email system for incoming mail.
Mail gateway
A system that monitors emails for unwanted content and prevents these messages from being delivered.
Intrusion detection system (IDS)
A device that detects an attack as it occurs.
Inline IDS
An IDS that is directly connected to the network and monitors the flow of data as it occurs.
Passive IDS
An IDS that is connected to a port on a switch in which data is fed to it.
In-band
An IDS implemented through the network itself by using network protocols and tools.
Out-of-band
An IDS that uses an independent and dedicated channel to reach the device.
Anomaly monitoring
A monitoring technique used by an intrusion detection system (IDS) that creates a baseline of normal activities and compares actions against the baseline. Whenever there is a significant deviation from this baseline, an alarm is raised.
False positives
Alarm that is raised when there is no actual abnormal behavior.
False negative
The failure to raise an alarm when there is abnormal behavior.
Signature-based monitoring
A monitoring technique used by an intrusion detection system (IDS) that examines network traffic to look for well-known patterns and compares the activities against a predefined signature.
Behavioral monitoring
A monitoring technique used by an IDS that uses the normal processes and actions as the standard and compares actions against it.
Heuristic monitoring
A monitoring technique used by an IDS that uses an algorithm to determine if a threat exists.
Two types of IDS that exist
1) host-based intrusion detection system (HIDS)
2) network intrusion detection system (NIDS)
Host-based intrusion detection system (HIDS)
A software based application that runs on a local host computer than can detect an attack as it occurs.
Network intrusion detection system (NIDS)
A technology that watches for attacks on the network and reports back to a central device.
Intrusion prevention system (IPS)
Not only monitors to detect malicious activities like an IDS, but also attempt to prevent them by stopping the attack.
Network intrusion prevention system (NIPS)
A technology that monitors network traffic to immediately react to block a malicious attack.
Host-based intrusion prevention system (HIPS)
A technology that monitors a local system to immediately react to block a malicious attack.
Security and information event management (SIEM)
A product that consolidates real-time monitoring and management of security information with analysis and reporting of security events.
Demilitarized zone (DMZ)
A separate network that rests outside the secure network perimeter: untrusted outside users can access the DMZ but cannot enter the secure network.
Network address translation (NAT)
A technique that allows private IP addresses to be used on the public internet.
Physical network segregation
Isolating the network so that it is not accessible by outsiders.
Air gap
The absence of any type of connection between devices.
Virtual lan (VLAN)
A technology that allows scattered users to be logically grouped together even though they may be attached to different switches.
Network access control (NAC)
A technique that examines the current state of a system or network device before it can connect to the network.
Host agent health checks
Reports sent by network access control (NAC) “agents” installed on devices to gather information and report back to the NAC device.
Permanent NAC agent
A network access control (NAC) agent that resides on end devices until uninstalled.
Dissolvable NAC agent
A network access control (NAC) agent that disappears after reporting information to the NAC device.
Agentless NAC
A network access control (NAC) agent that is not installed on an endpoint device but is embedded within a Microsoft Windows active directory domain controller
Data loss prevention (DLP)
A system of security tools that is used to recognize and identify data that is critical to the organization and ensure that it is protected.
