Misc Implementation Flashcards
Too many passwords to remember?
Password vault
Split-tunnel VPN
Sends only traffic destined for the remote network over the VPN, with all other traffic split away to use the VPN system or a user’s primary network connection. This reduces overall traffic sent through the VPN but means that traffic cannot be monitored and secured via the VPN
Hardening
the process of improving the security of an operating system or application. One of the primary methods of hardening a trusted OS is to eliminate unneeded protocols. This is also known as creating a secure baseline that allows the OS to run safely and securely
OpenID
an authentication service often done by a third party, and it can be used to sign into any website that accepts OpenID
Kerberos
a network authentication protocol for use within a domain.
Shibboleth
Single sign-on system that works with federated systems
Line of sight?
Infrared
Storm control
Enabling storm control on a switch will limit the amount of total bandwidth that broadcast packets can use, preventing broadcast storms from taking down the network
firewall
stops traffic based on rules
Fuzzing
a technique whereby the tester intentionally enters incorrect values into input fields to see how the application will handle it
Loop protection
sends packets that include a PDU, or protocol data unit. These are detected by other network devices and allow the network devices to shut down ports from which they receive those packets
Stateful packet filtering firewall
A stateful inspection firewall examines the content and context of each packet it encounters. This means that a stateful packet inspection (SPI) firewall understands the preceding packets that came from the same IP address, and thus the context of the communications. This makes certain attacks, like a SYN flood, almost impossible
ad hoc wireless network
operate on point-to-point topology (star and bus models are used in wired networks)
What channels do NOT cause issues with channel overlap or overlap in U.S. installations of 2.4 GHz Wi-Fi networks?
1, 6, 11. Other channels will overlap
Jump box
a common solution for providing access to a network with a different security profile
What is the size of the wrapper TKIP places around the WEP encryption with a key that is based on things such as the MAC address of your machine and the serial number of the packet?
TKIP places a 128-bit wrapper around the WEP encryption with a key that is based on things such as the MAC address of the host device and the serial number of the packet
Samantha is looking for an authentication method that incorporates the X.509 standard and will allow authentication to be digitally signed. Which of the following authentication methods would BEST meet these requirements?
Digital certificates use the X.509 standard (or the PGP standard) and allow the user to digitally sign authentication requests.
Isabel is responsible for security at a mid-sized company. She wants to prevent users on her network from visiting job-hunting sites while at work. Which of the following would be the BEST device to accomplish this goal?
Proxy Server - A web proxy can be used to block certain websites. It is common practice for network administrators to block either individual sites or general classes of sites (like job-hunting sites).
