Lesson 10: Network Access Security Flashcards by George Joseph

A list of rules or policies programmed into a router or other device to control what can gain access to a network. When used in servers ___s are used to control what resources are available to specific users or devices. When used in routers and firewalls, ___s are used to define what protocols are allowed in a network and what content various protocol packets are allowed to bring into the network.

Access Control List (ACL)

How well did you know this?

Not at all

Perfectly

Rules that define who is permitted access to the network, what methods are permitted to gain that access, and which resources users are permitted to access.

Access Policies

How well did you know this?

Not at all

Perfectly

A mathematical formula that is applied to a data packer or packet header so that the information contained in the packet or header can be encrypted, compressed, checked for errors, or manipulated in some other fashion.

Algorithm

How well did you know this?

Not at all

Perfectly

A type of network protection device that works with protocols and services located on the Application layer of the TCP/IP protocol stack. Administrators can use ___________ ____ ________s to block TELNET, DNS, FTP, HTTP, and any other protocols or services located on the Application layer. Such firewalls are also sometimes known as proxy servers.

Application Layer Firewalls

How well did you know this?

Not at all

Perfectly

A security protocol that is part of the IPsec suite. _ _ provides packet integrity and origin authentication, but it cannot provide encryption.

Authentication Header (AH)

How well did you know this?

Not at all

Perfectly

An assessment recommending the most appropriate method for performing a certain task based on observations of and experience with that task.

Best Practices

How well did you know this?

Not at all

Perfectly

In cryptography, a mathematical formula or algorithm that encrypts the clear text or plaintext of a message in a data packet or packet header.

Cipher

How well did you know this?

Not at all

Perfectly

A service that looks at the actual content of the data coming into the device and evaluates it against a predefined set of guidelines about what is allowed through.

Content Filtering

How well did you know this?

Not at all

Perfectly

A unique pattern that identifies a threat such as malicious software or a network attack. Various network and system defense software programs use definitions to detect and identifY the virus or attack in order to counter the threat.

Definition

How well did you know this?

Not at all

Perfectly

The area created between two firewalls, which functions as a buffer between internal and external networks.

Demilitarized Zone (DMZ)

How well did you know this?

Not at all

Perfectly

A locally-run database service that contains information about network users and resources, typically used to control access to those resources.

Directory Services

How well did you know this?

Not at all

Perfectly

A network defense mechanism that consists of two separate firewalls, one providing protection to the internal network and one providing protection from the outer network. The area between the firewalls is called a demilitarized zone, or DMZ.

Dual Firewall Configuration

How well did you know this?

Not at all

Perfectly

The directory services environment created by Novell for use on Linux and other operating systems.

e-Directory

How well did you know this?

Not at all

Perfectly

A security protocol that is part of the IPsec suite. _ _ _ provides packet integrity, origin
authenrication, and data encryption.

Encapsulating Security Payload (ESP)

How well did you know this?

Not at all

Perfectly

A process that allows either the header or the entire data packet to be encoded using a predetermined algorithm in such a way that if an eavesdropper on the network can intercept the data as it’s transmitted, he still can’t understand it without knowing how to decode it.

Encryption

How well did you know this?

Not at all

Perfectly

A data manipulation technique that firewalls use to protect a network from malicious attacks by preventing data packets that meet certain criteria from entering into the system or network.

Filtering

How well did you know this?

Not at all

Perfectly

A networking device designed
to prevent a hacker or other security
threats from entering the network or -barring
that- limit the ability of threats
to spread through the network using
intrusion detection software generally
into rhe ________ device.

Firewall

How well did you know this?

Not at all

Perfectly

A mechanism
by which humans interact with a
computer using graphics, icons, and windows
instead of simple text characters.

Graphical User Interface (GUI)

How well did you know this?

Not at all

Perfectly

A software package that
runs on a computer platform and evaluates
packets that arrive on the host to
determine whether they are malicious.

Host-Based Firewalls

How well did you know this?

Not at all

Perfectly

Software firewalls installed on
a host computer.

Host-Based Intrusion Detection System (HIDS)/System Intrusion Detection Software (SIDS)

How well did you know this?

Not at all

Perfectly

A host-based intrusion detection
system (HIDS) that also has the
ability to prevent an intrusion or take
action against a detected intrusion.

Host-Based Intrusion Prevention System (HIPS)/System Intrusion Prevention Software (SIPS)

How well did you know this?

Not at all

Perfectly

A type of
communication session in which one
host, such as a workstation, connects to
another host. An example of this type
of communication is a private chat
session.

Host-to-Host Communications

How well did you know this?

Not at all

Perfectly

A protocol
in the IPSec suite that handles the
negotiation of protocols and algorithms
and to generate encryption and authentication
keys.

Internet Key Exchange (IKE)

How well did you know this?

Not at all

Perfectly

A
suite of protocols designed to provide
security options to IP.

Internet Protocol Security (IPSec)

How well did you know this?

Not at all

Perfectly

A tunneling protocol developed by Cisco Systems that encapsulates the PPP data generated by virtual private networks for safe transmission over the Internet.

Layer 2 Forwarding (L2F)

A protocol, designed as an extension of the Point-to-Point Protocol (PPP), that allows PPP to establish a Layer 2 (Data Link layer) connection so that the endpoints can reside on two different devices as long as they are connected by a packet-switched network.

Layer 2 Tunneling Protocol (L2TP)

An application protocol that is the basis for various directory services environments, such as Microsoft's Active Directory and Novell's e-Directory.

Lightweight Directory Access Protocol (LDAP)

A component of PPP that enables it to establish and configure a data-link layer connection between two systems.

Link Control Protocol (LCP)

A technology in which only a preprogrammed MAC address is allowed access to a specific wireless access point (WAP).

MAC Address Filtering

A type of firewall residing on the network that prevents a threat from actually entering the network it's protecting.

Network-Based Firewalls

A component of PPP that enables it to establish and configure different protocols functioning at the network layer of the OSI reference model.

Network Control Protocol (NCP)

Network software designed to look for evidence of threats and report it. Similar to an intrusion detection system (IDS) except that it works for the entire network rather than a single host.

Network Intrusion Detection System (NIDS)

Network software designed to look for evidence of threats, report it, and act to stop the threat. Similar to an intrusion protection system (IPS). NIPSs work on the entire network instead of a single device.

Network Intrusion Prevention System (NIPS)

A type of network protection device that functions on the network layer of the OSI model and primarily targets packet communications.

Network Layer Firewall

A detailed document outlining a large variety of guidelines related to the security of a company or organization's network.

Network Security Policy

A type of communication that occurs when a router on one network communicates with a host, or workstation on another network. An example of this type of communication is remote access.

Network-to-Host Communications

A type of communication that occurs when a router on one network communicates with a router on a different network.

Network-to-Network Communications

Another term for a Network layer firewall that targets packet traffic.

Packet Filters

A collection of standardized criteria that make a password acceptable for network use.

Password Policies

An unencrypted communication packet, message, or password.

Plaintext

A Data Link layer protocol that helps ensure that packets arrive at their destination in sequence without having to find their own routes to the destination.

Point-to-Point Protocol (PPP)

A protocol that allows PPP to be used in an Ethernet environment.

Point-to-Point Protocol over Ethernet (PPPoE)

A tunneling protocol developed by Microsoft for use with virtual private networks (VPNs).

Point-to-Point Tunneling Protocol (PPTP)

A component of network management that concerns how the network is documented.

Policy

A function of Cisco switches that is designed to counter the ability of attackers to share a switch port with the legitimate user to gain access to network resources.

Port Security

A component of network management that lays out how the network should be maintained, what should happen should failure or other such issues occur, and how to implement established policies.

Procedure

A server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers.

Proxy Server

A group of technologies used to facilitate remote access to a computer network.

Remote Access Services (RAS)

A service that provides a method of centralized AAA (authentication, authorization, accounting) between a computer and a managed network.

Remote Authentication Dial-In User Service (RADIUS)

The client program for Microsoft's proprietary Remote Desktop Protocol (RDP).

Remote Desktop Connection

A proprietary protocol from Microsoft used to create a graphical interface from one computer to another.

Remote Desktop Protocol (RDP)

The server program for Microsoft's proprietary Remote Desktop Protocol (RDP).

Remote Desktop Service

The ability of a firewall to scan packets and protocols for specific threats.

Scanning Services

A networking protocol that, in conjunction with other protocols, provides security for Internet-based communications.

Secure Sockets Layer (SSL)

A specific implementation of a virtual private network (VPN) that allows secure VPN sessions to be set up from within a browser.

Secure Sockets Layer VPN (SSL VPN)

Unique patterns of threats, whether viruses or network attacks, that uniquely identifY them.

Signature

A process that many firewalls, IDSes, and antivirus programs use to identifY threats.

Signature Identification

A simple securiry configuration that uses only one firewall to protect the network.

Single Firewall Configuration

A type of network protection device which uses stateful packet inspection to filter communications.

Stateful Firewall

A form of packet filtering that is based on a packet's state which includes as IP address, port number, sequence number, what session it is part of, and packet type.

Stateful Inspection

A type of packer inspection that treats each packet as if it were a separate entity without regard to session or state.

Stateless Packet Inspection

A server component in Windows that is now referred to as Remote Desktop Services.

Terminal Services

The equivalent of remote desktop connection (RDC) in earlier versions of windows.

Terminal Services Client

An operational mode of lPSec in which only the payload or the data in a packet is encrypted.

Transport Mode

An operational mode of IPSec that encrypts the entire packet and then surrounds it with a new IP packet containing a new IP header.

Tunnel Mode

A suite of algorithms designed to add security on top of what wired equivalent privacy (WEP) provides.

Temporal Key Integrity Protocol (TKIP)

The process of establishing a connection through a public nerwork that looks like a point-to-point connection to the devices on either end of it, but in reality is not.

Tunneling

A term originally used by Cisco to describe virtual private networks.

Virtual Dial-Up

An open-source standard that gives users remote access to a desktop computer, much like Microsoft's Remote Desktop Protocol (RDP).

Virtual Network Computing (VNC)

A technology used to establish a connection from a client computer outside a local nerwork to an enterprise LAN using the Internet or other public nerwork. ___ is commonly used by corporations to allow their users to gain remote access to their corporate servers.

Virtual Private Network (VPN)

A device created by Cisco that is designed ro concentrate multiple virtual private network (VPN) connections into a single device.

VPN concentrator

A specific implementation of virtual private networking rhar allows secure VPN sessions ro be set up from within a browser.

Web VPN

A specification or certification that ensures a certain level of securiry for every wireless device that claims ro be WPA.

Wi-Fi Protected Access (WPA)

A deprecated securiry algorithm for IEEE 802.11 to make wireless communications just as secure and private as wired communications.

Wired Equivalent Privacy (WEP)

A part of the underlying components used by the various Linux GUis, such as GNOME. Other underlying components include X-Windows, and X-Server.

X11

A rype of router firewall based on interface groups instead of on individual interfaces, unlike other firewalls.

Zone-Based Firewall