Chapter 7: Delving into Network and Security Concepts Flashcards
prevents unauthorized access to the corporate network; we tend to use back-to-back configuration
Firewall
Internal Network
Local Area Network (LAN)
This is an application firewall that is build into desktop operating systems, such as Windows 10 operating system.
Host-Based Firewall
this is a hardware appliance that keeps the network safe. It is vital that only the ports required are open. The network based firewall is placed at the edge of the network to prevent unauthorized access.
Network-Based Firewall
: this looks deep at the application and its traffic to see whether it is allowed through
stateful firewall
could also be called packet-filtering firewall. It only looks at whether the packet is permitted and never looks in depth at the packet format
stateless firewall
is placed on a web server and its role is to protect web-based applications running on the webserver
Web Application Firewall (WAF)
is a multipurpose firewall: it does malware, content, and URL filtering. –all in one security appliance
Unified Threat Management Firewall (UTM)
this is a firewall that is application aware and can be used for both on premise and a cloud environment. It has cloud intelligence and the capabilities of an intrusion prevention system.
Next Generation Firewall (NGFW)
where a request from a private internal IP address is translated to an external IP public address, hiding the internal from the external attack.
Network Address Translation (NAT)
device that connects two different networks when setting up a host machine
-known as the default gateway.
-used by your company to give you access to other networks—for example the internet
Router
ensure applications have the amount of bandwidth they need to operate when there is limited network bandwidth.
Quality of Service (QOS)
when two or more switches are joined together they can create loops that create broadcast storms—Spanning Tree Protocols (STPs) prevent this by blocking, listening, or forwarding ports.
Loop Protection
frames that contain information about the STP
Bridge Protocol Data Units (BPDU)
set up on a port of a switch so that when the data arrives at that port, a splitter sends a copy to another device for later investigation.
-will inform NIDS Network Intrusion Detection System
Port mirror (port spanning)
link aggregation allows you to connect multiple switches so that they work as a single logical unit and prevent looping
Switch 1/Switch 2/Switch 3–>________
Aggregation Switches
when security teams are trying to find out the attack methods that hackers are using, they set up a website similar to the legitimate website with lower security. When the attack commences, the security team monitors the attack methods so that they can prevent future attacks.
Honeypot
Group of honeypots
Honeynet
is a decoy file that is probably called password.txt so that it attracts the attention of an attacker. An alert has been set up to alert the security team once that fie has been opened.
Honey File
where the cybersecurity team notices that an attacker is using tools such as IP or Port Scanner to gain information about your network. They then send false information back to the attacker.
Fake Telemetry
is a server that controls requests from clients seeking resources on the internet or an external network. Think of it as a go between that makes requests on behalf of the client ensure that anyone outside of your network does not know the details of the requesting host.
Proxy Server
3 main functions of a Proxy Server
-URL Filter: companies may not want their employees to go to certain websites so they block them (example: espn.com)
-Content filter: looks at the content on the requested web page. It will block the request depending on what filters are set up. If we block gambling then users that try and visit a poker or horse betting site are blocked.
-Web page caching: purpose is to reduce the bandwidth being used as well to make access to web pages faster as they are actually obtaining content from their LAN
The IT team sets up jobs to cache web pages; for example they cache espn.com at 3am local time to ensure it has the latest results
Active Caching
when new web pages are being requested the pages are fetched and submitted to the requesting a host and a copy is then placed in the cache. That way, the second time it is requested, it is retrieved from the cache
Passive caching
this deals with requests on behalf of another server. It could be, for example, a page within an online ship that loads its content and displays from another location outside the shop
Application Proxy
he flow of traffic from a _______ is incoming traffic from the internet coming into your company network; placed in a boundary network called a screened subnet
reverse proxy
also known as a jump host or jump box, is a hardened host that could be used as an intermediary device or as a gateway for administrators who would then connect to other servers for remote administrators. It would only have secure remote access tools installed. It could be used to SSH into the screened subnet or an Azure public network
Jump Server
is a device that is used when there is a high volume of traffic coming into the companys network or web server. It can be used to control access to web servers, video conferencing, or email.
Load Balancer
load balancer knows status of all web servers in the server farm and knows which web servers are least utilized by using a scheduling algorithm.
Least Utilized Host
the request is sent to the same web server based on the requesters IP address. This is also known as persistence or a stick session where the load balancer uses the same server for the session
Affinity
when the request comes in the load balancer contacts the DNS server and rotates the request based on the lowest IP address first
DNS Round Robin
Load balancer configuration where–>load balancers act like an array dealing with the traffic together as they are both active. One load balancer deals with the workload of two
Active/Active
you have a pair of load balancers. The active node is fulfilling load balancing duties and the passive node is listening and monitoring the active node. Should the active node fail, the passive will take over.
Active/Passive
legacy server where dial up network is used. This has been discontinued because no speed
Remote Access Server
located in the company’s network and client has software to allow connection but it utilizes the internet; this makes it cheaper to use.
Virtual Private Network (VPN)
most secure tunneling protocol that can use certification, Kerberos authentication, or a preshared key. Provides both a secure tunnel and authentication
L2TP/IPSec
this works on legacy systems and uses SSL certificates for authentication
Secure Socket Layer (SSL) VPN
similar to SSL VPN it uses certificates for authentication. It is easy to setup just need an HTML 5 browser such as Opera, Edge, Firefox, or Safari.
HTML 5 VPN
consists of either SHA 1 (160 bits) or MD 5 (128 bits) protocols, which ensure the packet header has not been tampered with in transit.
Authenticated Header (AH)
uses DES (56), 3DES(168), or AES (256). Symmetric encryption protocols
Encapsulated Payload (ESP)
–can be used to create a secure session between a client computer and server.
______ Handshake—Internet Key Exchange (IKE)
-Diffie Hellman is used to set up a secure tunnel before the data
*DH uses UDP port 500 to create quick mode—creates secure session so that data can flow through.
IPSec
where IPSec session is used across internet as part of L2TP/IPSec tunnel. AH and ESP are both encrypted
Tunnel Mode
IPSec tunnel is created with an internal network using a client/server to server communication. During transport, only ESP is encrypted
Transport Mode
Low latency Point to point connection between two sites
Always on mode
Layer 1 of OSI Model
The Physical Layer
-physical connection between devices
–hubs, modems, repeaters, cables (bits)
Layer 2 of OSI Model
Data Link Layer
–responsible for the node to node delivery of the message
–Switches/bridge
–frame
Layer 3 of OSI Model
Network Layer
–transmission of data from one host to the other located in different networks
–Router
-packet
Layer 4 of OSI Model
Transport Layer
—refferred to as Segments
–responsible for the End to End Delivery of the complete message
–Firewall
Layer 5 of OSI Model
Session Layer
–establishment of connection, maintenance of sessions, and authentication and also ensures security
–Gateway
–Message
Layer 6 of OSI model
Presentation Layer
—data from application layer is extracted here
–JPEG/MPEG/GIF
–Message
Layer 7 of OSI model
Application layer
–applications produce the data which has to be transferred over the network
–SMTP
–Message
