Lesson 10: Network Access Security Flashcards
A list of rules or policies programmed into a router or other device to control what can gain access to a network. When used in servers ___s are used to control what resources are available to specific users or devices. When used in routers and firewalls, ___s are used to define what protocols are allowed in a network and what content various protocol packets are allowed to bring into the network.
Access Control List (ACL)
Rules that define who is permitted access to the network, what methods are permitted to gain that access, and which resources users are permitted to access.
Access Policies
A mathematical formula that is applied to a data packer or packet header so that the information contained in the packet or header can be encrypted, compressed, checked for errors, or manipulated in some other fashion.
Algorithm
A type of network protection device that works with protocols and services located on the Application layer of the TCP/IP protocol stack. Administrators can use ___________ ____ ________s to block TELNET, DNS, FTP, HTTP, and any other protocols or services located on the Application layer. Such firewalls are also sometimes known as proxy servers.
Application Layer Firewalls
A security protocol that is part of the IPsec suite. _ _ provides packet integrity and origin authentication, but it cannot provide encryption.
Authentication Header (AH)
An assessment recommending the most appropriate method for performing a certain task based on observations of and experience with that task.
Best Practices
In cryptography, a mathematical formula or algorithm that encrypts the clear text or plaintext of a message in a data packet or packet header.
Cipher
A service that looks at the actual content of the data coming into the device and evaluates it against a predefined set of guidelines about what is allowed through.
Content Filtering
A unique pattern that identifies a threat such as malicious software or a network attack. Various network and system defense software programs use definitions to detect and identifY the virus or attack in order to counter the threat.
Definition
The area created between two firewalls, which functions as a buffer between internal and external networks.
Demilitarized Zone (DMZ)
A locally-run database service that contains information about network users and resources, typically used to control access to those resources.
Directory Services
A network defense mechanism that consists of two separate firewalls, one providing protection to the internal network and one providing protection from the outer network. The area between the firewalls is called a demilitarized zone, or DMZ.
Dual Firewall Configuration
The directory services environment created by Novell for use on Linux and other operating systems.
e-Directory
A security protocol that is part of the IPsec suite. _ _ _ provides packet integrity, origin
authenrication, and data encryption.
Encapsulating Security Payload (ESP)
A process that allows either the header or the entire data packet to be encoded using a predetermined algorithm in such a way that if an eavesdropper on the network can intercept the data as it’s transmitted, he still can’t understand it without knowing how to decode it.
Encryption
A data manipulation technique that firewalls use to protect a network from malicious attacks by preventing data packets that meet certain criteria from entering into the system or network.
Filtering
A networking device designed
to prevent a hacker or other security
threats from entering the network or -barring
that- limit the ability of threats
to spread through the network using
intrusion detection software generally
into rhe ________ device.
Firewall
A mechanism
by which humans interact with a
computer using graphics, icons, and windows
instead of simple text characters.
Graphical User Interface (GUI)
A software package that
runs on a computer platform and evaluates
packets that arrive on the host to
determine whether they are malicious.
Host-Based Firewalls
Software firewalls installed on
a host computer.
Host-Based Intrusion Detection System (HIDS)/System Intrusion Detection Software (SIDS)
A host-based intrusion detection
system (HIDS) that also has the
ability to prevent an intrusion or take
action against a detected intrusion.
Host-Based Intrusion Prevention System (HIPS)/System Intrusion Prevention Software (SIPS)
A type of
communication session in which one
host, such as a workstation, connects to
another host. An example of this type
of communication is a private chat
session.
Host-to-Host Communications
A protocol
in the IPSec suite that handles the
negotiation of protocols and algorithms
and to generate encryption and authentication
keys.
Internet Key Exchange (IKE)
A
suite of protocols designed to provide
security options to IP.
Internet Protocol Security (IPSec)
A tunneling
protocol developed by Cisco Systems
that encapsulates the PPP data generated by virtual private networks for safe transmission over the Internet.
Layer 2 Forwarding (L2F)
A protocol, designed as an extension
of the Point-to-Point Protocol (PPP),
that allows PPP to establish a Layer 2
(Data Link layer) connection so that
the endpoints can reside on two different
devices as long as they are connected
by a packet-switched network.
Layer 2 Tunneling Protocol (L2TP)
An application protocol that
is the basis for various directory services
environments, such as Microsoft’s Active
Directory and Novell’s e-Directory.
Lightweight Directory Access Protocol (LDAP)
A component of PPP that enables it to establish
and configure a data-link layer connection
between two systems.
Link Control Protocol (LCP)
A technology in
which only a preprogrammed MAC
address is allowed access to a specific
wireless access point (WAP).
MAC Address Filtering
A type of firewall
residing on the network that prevents
a threat from actually entering the network
it’s protecting.
Network-Based Firewalls
