Chapter 8 - Network Security Flashcards
What is a DDoS?
Distributed Denial of Service
What is an IDS
Intrusion Detection System
Why should we use network segmentation?
We can segment a network by dividing it into smaller networks called subnets. In this way subnets can be used to direct the flow of particular traffic, and technical problems can be isolated to a particular subnet and is easier to fix.
What is a choke point?
A choke point is a point where network traffic is filtered to be inspected. Examples of choke points include routers that move traffic from one subnet to another, firewalls, proxies, and applications like email
Why is redundancy a good network design element?
It gives us a backup when parts of our network fail so we can re-route traffic
Define a firewall
a mechanism for maintaining control over the traffic that flows in and out of networks
What is packet filtering and why is it susceptible to attacks?
Packet filtering looks at the content of each packet and makes a decision about whether or not to allow it through the firewall by examining source and destination IP addresses, protocol and port. This type of firewall is susceptible to attack because each packet is examined individually, and individual packets may be able to slip through the cracks
What is a stateful firewall
A stateful firewall takes packet filtering a step further by monitoring traffic on all new or existing connections. Once a connection has been closed, the stateful firewall can identify any remaining packets flowing as illegitimate traffic.
What is deep packet inspection?
Deep packet inspection adds an additional layer to our firewall. Deep packet inspection allows the firewall the ability to reassemble the content of packets to inspect what is inside before delivering it.
What is a proxy server?
Proxy servers are a firewall that can serve as a choke point and also log traffic. Many companies rely on them to filter out malware and spam
What does DMZ stand for and how are they used?
DMZ stands for demilitarized zone. A DMZ is a combo of a firewall and network design that gives an extra layer of protection between an external network and our internal system. We can set up filtering so that the only traffic flowing through a DMZ to our system is relevant and travelling on a particular port. A DMZ is a layer between the internal and external firewall
What is HIDS
Host Based Intrusion Detection System
What is APIDS
Application Based Intrusion Detection System
What is NIDS
Network Based Intrusion Detection System
Why is it important to place a NIDS carefully?
It is important to place NIDS carefully because they can be easily overloaded with traffic. We should place NIDS behind a firewall so that the traffic they have to inspect is not overwhelming