Enterprise Network Security Architecture Flashcards
Vulnerability
definition
2023.12.28 - new card split from prev card
- a weakness that comprises either the security or the functionality of the system
Exploit
definition
2023.12.28 - new card split from prev card
- mechanism used to leverage a vulnerability to compromise the security or functionality of a system
Threat
definition
2023.12.28 - new card split from prev card
- any circumstance or event with the potential to cause harm to an asset in the form of destruction, disclosure, adverse modification of data, or DoS
Risk
definition
2023.12.29 - new card split from prev card
- the likelihood that a particular threat using a specific attack will exploit a particular vulnerability of an asset that results in a undesirable consequence
DOS / DDOS
- define
DoS attacks attempt to consume all a critical computer or network resource to make it unavailable for valid use
Spoofing
-define
An attacker injects traffic that appears to be sourced from a legitimate system.
Reflection
define
A type of DoS attack where the attacker sends a flood of protocol request packets to various IP hosts. The attacker spoofs the source IP such that each packet has as its src, the IP of the intended target rather than the IP of the attacker. The hosts that receive these packets respond by sending response packets to the spoofed address (the target), thus flooding the unsuspecting target.
Social Engineering
define
Manipulating people and capitalizing on expected behaviors.
Phishing
define
Pretend to be from a large legitimate organization and request personal information.
Password Attacks
define
Access protected resources by obtaining a user’s password. Methods include guessing, brute force, and dictionary attacks.
Reconnaissance Attacks
define
An attempt to learn more about the intended victim, often using DNS tools like nslookup
Buffer Overflow Attacks
define
An attacker can provide input that is larger than expected, and the service will accept the input and write it to memory, filling up the associated buffer and overwriting adjacent memory.
Man-in-the-Middle Attacks
define
A system that has the ability to view the communication between two systems imposes itself in the communication path between those other systems.
Malware
define
Malicious software that comes in several forms, including viruses, worms, and Trojan horses
Vectors of Data Loss and Exfiltration
define
Refers to the means by which data leaves the organization without authorization.
Hacking tools
A penetration test legitimately uses tools to attempt to penetrate an organization’s defenses.
IPS Traffic Inspection Methods
1) Signature-based inspection
2) Anomaly-based inspection
Signature-based inspection
define
2023.12.29 - new card
- examines the packet headers or data payloads in network traffic and compares the data against a database of known attack signatures
Anomaly-based inspection
define
2023.12.29 - new card
observe network traffic and act if a network event outside normal network behavior is detected
Anomaly-based Network IPS Types
1) Statistical anomaly detection (network behavior analysis)
2) Protocol verification
3) Policy-based inspection
VPN
- defined in RFC 2828
- carries private traffic over a public or shared infrastructure (such as the Internet)
Link Encryption
The entire frame is encrypted between two devices. This is used on point-to-point connections of directly connected devices
Packet payload encryption
Only the packet payload is encrypted, which allows this form of encryption to be routed across a L3 network, such as the Internet
VPN Classification Criteria
1) Deployment mode: Site-to-site VPN and remote-access VPN (e.g. home users)
2) Underlying technology: IPSec VPN, SSL VPN, MPLS VPN, other L2 technologies such as Frame Relay or ATM, and hybrid VPNs combining multiple technologies
Cisco Email Security Appliance (ESA)
a type of firewall and threat monitoring appliance for SMTP traffic
1) capability to quickly block new email-based blended attacks
2) capability to control or encrypt sensitive outbound email
3) a rapid spam capture rate and few false positives
4) a proven zero-hour antivirus solution
Cisco Web Security Appilance (WSA)
- provides secure web access, content security, and threat mitigation for web services
1) Advanced malware protection
2) Application Visibility and Control
3) Insightful reporting
4) Secure mobility
Logging Destinations
1) Console
2) Monitor
3) Memory buffer
4) Syslog server
5) SNMP Trap
6) Flash memory
ASA posture module vs ISE posture module
2023.12.29 - new card
- ISE is client based; ISE sends requirements to endpoint, and relies on endpoint to assess. remediation based on quarantining the endpoint
- ASA is server-based; ASA asks for a list of endpoint attributes and AnyConnect client gathers info. Remediation is limited to working with software already installed on the endpoint