Definitions Flashcards
What is a router?
A device that connects two or more packet-switched networks or sub-networks. It manages traffic between these networks by forwarding data packets to their intended IP addresses, and allows multiple devices to use the same Internet connection; operates at layer 3 or network layer of the OSI model.
How does a router work?
A router helps direct data packets to their destination IP address by using an internal routing table — a list of paths to various network destinations. The router reads a packet’s header to determine where it is going, then consults the routing table to figure out the most efficient path to that destination. It then forwards the packet to the next network in the path.
What is a switch?
A networking device operating at layer 2 or data link layer of the OSI model. They connect devices in a network and use MAC addresses to send data packets to selected destination ports, and packet switching to receive or forward data packets or data frames from the source to the destination device.
What is a hub?
Networking devices operating at the physical layer of the OSI model that are used to connect multiple devices in a network. They are generally used to connect computers in a LAN.
A hub has many ports in it. A computer which intends to be connected to the network is plugged in to one of these ports. When a data frame arrives at a port, it is broadcast to every other port, without considering whether it is destined for a particular destination device or not.
What is a gateway?
A network node that forms a passage between two networks operating with different transmission protocols. It acts as the entry – exit point for a network since all traffic that flows across the networks should pass through the gateway. Only the internal traffic between the nodes of a LAN does not pass through the gateway.
A gateway can operate at any of the seven layers of OSI model. The most common type, the network gateway, operates at layer 3 / network layer of the OSI model.
What is a web application firewall?
A security tool for monitoring, filtering and blocking incoming and outgoing data packets from a web application or website. WAFs can be host-based, network-based or cloud-based and are typically deployed through reverse proxies and placed in front of an application or website (or multiple apps and sites).
WAFs can run as network appliances, server plugins or cloud services, inspecting each packet and analyzing application layer (Layer 7) logic according to rules to filter out suspicious or dangerous traffic.
What is a reverse proxy?
A reverse proxy is a server that sits in front of web servers and forwards client (e.g. web browser) requests to those web servers. Reverse proxies are typically implemented to help increase security, performance, and reliability.
By intercepting requests headed for backend servers, a reverse proxy server protects their identities and acts as an additional defense against security attacks. It also ensures that multiple servers can be accessed from a single record locator or URL regardless of the structure of your local area network.
What is a forward proxy?
A forward proxy sits in front of a client and ensures that no origin server ever communicates directly with that specific client.
What is syslog?
Syslog stands for System Logging Protocol and is a standard protocol used to send system log or event messages to a specific server, called a syslog server. It is primarily used to collect various device logs from several different machines in a central location for monitoring and review.
The protocol is enabled on most network equipment such as routers, switches, firewalls, and even some printers and scanners. In addition, syslog is available on Unix and Linux based systems and many web servers including Apache. Syslog is not installed by default on Windows systems, which use their own Windows Event Log. These events can be forwarded via third-party utilities or other configurations using the syslog protocol.
Traditionally, Syslog uses the UDP protocol on port 514 but can be configured to use any port. In addition, some devices will use TCP 1468 to send syslog data to get confirmed message delivery.
Syslog packet transmission is asynchronous. What causes a syslog message to be generated is configured within the router, switch, or server itself.
What are some of the disadvantages of syslog?
The syslog protocol offers no security mechanism. There is no authentication built-in to ensure that messages are coming from the device claiming to be sending them. There is no encryption to conceal what information is being sent to the server. It is particularly susceptible to so-called “playback attacks” where an attacker generates a previous stream of warnings to illicit a response.
One major limitation of the syslog protocol is that the device being monitoring must be up and running and connected to the network to generate and send a syslog event. A critical error from the kernel facility may never send an error at all as the system goes offline. In other words, syslog is not a good way to monitor the up and down status of devices.
What is an intrusion prevention system?
An intrusion prevention system (IPS) is a network security tool (which can be a hardware device or software) that continuously monitors a network for malicious activity and takes action to prevent it, including reporting, blocking, or dropping it, when it does occur.
What is an intrusion detection system?
An intrusion detection system is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management system.
What is an application proxy firewall?
This firewall does not allow any packets to directly pass between protected systems. Instead, the firewall creates a proxy connection on the destination network and then passes traffic through that proxied connection. Proxy firewalls often contain advanced application inspection capabilities, allowing them to detect sophisticated application-layer attacks, such as buffer overflow attempts and SQL injection attacks. They’re much more expensive than stateful inspection firewalls, however, and are normally only used to protect data centers and other networks containing publicly accessible, high-value servers.
What is a proxy server?
Servers that act as an intermediary for internet requests. They are used to mask traffic, protect data, and prevent unauthorized access to a system.
Instead of connecting directly to a server that can fulfill a request for a resource, such as a file or web page, the client directs the request to the proxy server, which evaluates the request and performs the required network transactions. This serves as a method to simplify or control the complexity of the request, or provide additional benefits such as load balancing, privacy, or security. A proxy server functions on behalf of the client when requesting service, potentially masking the true origin of the request to the resource server.
For example, a proxy server can act as a gateway between users and the internet, separating end users from the websites they browse.
What are the security benefits of a proxy server?
Proxies provide a valuable layer of security for your computer. They can be set up as web filters or firewalls, protecting your computer from internet threats like malware. This extra security is also valuable when coupled with a secure web gateway or other email security products.
How does a hardware firewall work?
A hardware firewall is a system that works independently from the computer it is protecting as it filters information coming from the internet into the system. If you have a broadband internet router, it likely has its own firewall.
A hardware firewall checks the data coming in from the various parts of the internet and verifies that it is safe. Hardware firewalls that use packet filtering examine each data packet and check to see where it is coming from and its location. The data the firewall collects about each packet is then compared to a permissions list to see if it fits the profile of data that should be discarded. A hardware firewall can protect all the computers attached to it, making it an easily scalable solution.
What is a firewall?
How does a software firewall work?
A software firewall is a program used by a computer to inspect data that goes in and out of the device. It can be customized by the user to meet their needs. Like hardware firewalls, software firewalls filter data by checking to see if it—or its behavior—fits the profile of malicious code.
Software firewalls can monitor traffic trying to leave your computer as well, preventing it from being used to attack other networks or devices. A software firewall has to be installed on each computer in the network. Therefore, a software firewall can only protect one computer at a time.