Module 9 Flashcards

1
Q

What is a firewall?

A
  • Hardware or software that is designed to limit the spread of malware.
    • uses bidirectional inspection to examine both outgoing and incoming network packets
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

List some examples of firewall rules:

A
  • Source address*. The source address is the location of the origination of the packet (where the packet is from). Addresses generally can be indicated by a specific IP address or range of addresses, an IP mask, the MAC address, or host name.
  • Destination address*. This is the address the connection is attempting to reach (where the packet is going to). Destination addresses can be indicated in the same way as the source address.
  • Source port*. The source port is the TCP/IP port number used to send packets of data. Options for setting the source port often include a specific port number or a range of numbers.
  • Destination port*. This setting gives the port on the remote computer or device that the packets will use. Options are the same as for the source port.
  • Protocol.* The protocol defines the network protocol (such as TCP, UDP, TCP or UDP, ICMP, or IP) used when sending or receiving packets of data.
  • Direction. This is the direction of traffic for the data packet (Incoming*, Outgoing, or Both).
  • Priority*. The priority determines the order in which the rule is applied.
  • Time*. Rules can be set so they are active only during a scheduled time.
  • Context*. A rule can be created that is unique for specific circumstances (contexts). For example, different rules may be in effect depending on whether a laptop is on-site or is remote
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a policy based firewall?

A
  • This type of firewall allows more generic statements instead of specific rules.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is content/URL filtering?

A
  • A process used by a firewall to monitor websites accessed through HTTP to create custom filtering profiles.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is stateful vs stateless packeting? (in terms of firewalls)

A
  • Stateless packeting: A firewall that looks at the incoming packet and permits or denies it based on specific conditions.
  • Stateful packeting: A firewall that keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the difference between open-source firewalls and proprietary firewalls?

A
  • Open-source firewalls: A firewall that is freely available.
  • Proprietary firewalls: A firewall that is owned by an entity who has an exclusive right to it.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the difference between a hardware firewall vs a software firewall?

A
  • Software firewall:A firewall that runs as a program or service on a device, such as a computer or router.
  • Hardware firewall: A firewall that runs on a separate device.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the difference between a host, appliance, and virtual firewall?

A
  • Host-based firewall: A software firewall that runs as a program on the local device to block or filter traffic coming into and out of the computer.
  • Appliance Firewall: A separate hardware device designed to protect an entire network.
  • Virtual Firewall: A firewall that runs in the cloud. Virtual firewalls are designed for settings, such as public cloud environments, in which deploying an appliance firewall would be difficult or even impossible.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a web application firewall?

A

A firewall that filters by examining the applications using HTTP. (type of specialized firewall)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a Network address translation (NAT)?

A

A cloudbased technology that performs NAT translations for cloud services. (type of specialized firewall)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is next generation firewall?

A

A firewall that has additional functionality beyond a traditional firewall such as the ability to filter packets based on applications. (type of specialized firewall)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is unified threat management?

A

An integrated device that combines several security functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a forward proxy?

A
  • A computer or an application program that intercepts user requests from the internal secure network and then processes those requests on behalf of the users.
    • (devices act as substitutes on behalf of the primary device)
  • Can intercept malware before it reaches internal endpoint
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a reverse proxy?

A
  • A proxy that routes requests coming from an external network to the correct internal server.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a honeypot?

A
  • A computer located in an area with limited security that serves as “bait” to threat actors and is intentionally configured with security vulnerabilities.
  • Generally has two goals:
    1. Deflect: Deflect threat actors’ attention away from legitimate servers by encouraging them to spend their time and energy on the decoy server
    2. Discover: trick threat actors into revealing their attack techniques.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the difference between a low interaction honeypot and a high interaction honeypot?

A
  • Low interaction honeypot: only records login attempts and provides information on the threat actor’s IP address of origin
  • High interaction honeypot: configured with a default login and loaded with software, data files that appear to be authentic but are actually imitations of real data files (collects information on attack techniques for example)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a honeynet?

A

A network set up with intentional vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is a DNS sinkhole?

A

A technique that changes a normal DNS request to a preconfigured IP address pointing to a device that will drop all received packets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the difference between an intrusion detection system vs an intrusion prevention system? (IDS vs IPS)

A
  • Intrusion detection system (IDS): Can detect attacks as they occur
  • Intrusion prevention system (IPS): Attempts to block the attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is an inline system?

A

A system that is connected directly to the network and monitors the flow of data as it occurs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is a passive system?

A

A system that is connected to a device that receives a copy of network traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is in band management vs out bound management? (referring to IDS systems)

A
  • In band management: through the network itself by using network protocols and tools
  • Out bound management: using an independent and dedicated channel to reach the device.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are the four monitoring methodologies?

A
  1. Anomaly monitoring: creates a baseline of normal activities and compares actions against the baseline. Whenever there is a significant deviation from the baseline, an alarm is raised. (used by IDS)
  2. signature-based monitoring: examines network traffic to look for well-known patterns and compares the activities against a predefined signature.
  3. Behavioral monitoring: uses the normal processes and actions as the standard and compares actions against it.
  4. heuristic monitoring: uses an algorithm to determine if a threat exists.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is a network intrusion detection system (NIDS)?

A

A technology that watches for attacks on the network and reports back to a central device.

25
Q

What is a network intrusion prevention system (NIPS)?

A

A technology that monitors network traffic to immediately react to block a malicious attack.

26
Q

What is a hardware security model (HSM)?

A

removable external cryptographic device.

27
Q

What is a network hardware security module?

A

A special trusted network computer that performs cryptographic operations.

28
Q

What is a secure baseline configuration?

A

A set of security settings that are the initial starting point and the minimum settings.

29
Q

Standard naming conventions

A

Using the same conventions for assigning names to appliances.

30
Q

What is an internet protocol schema?

A

A standard guide for assigning IP addresses to devices.

31
Q

What are diagrams?

A

A visual mapping of security appliances.

32
Q

What is access control list (ACL)?

A
  • A set of permissions or rules attached to an object that administer its availability by granting or denying access.
    • Includes Filesystem ACLs (filter access to files and directories on an endpoints) and Networking ACLs (filter access to a network)
33
Q

What is a virtual private network (VPN)?

A

A technology that enables the use of an unsecured public network as if it were a secure private network.

34
Q

What is a remote access VPN?

A

A user-to-LAN VPN connection for remote users.

35
Q

What is a site to site VPN?

A

A VPN connection in which multiple sites can connect to other sites over the Internet.

36
Q

What is an always-on VPN?

A

A VPN that allows the user to stay connected at all times instead of connecting and disconnecting from it.

37
Q

What is a full tunnel and split tunnel in relation to VPNs?

A
  • Full Tunnel: A VPN technology in which all traffic is sent to the VPN concentrator and is protected.
  • Split Tunnel: A VPN technology in which only some traffic is sent to the VPN concentrator and is protected, while other traffic directly accesses the Internet.
38
Q

What is Layer 2 Tunneling Protocol (L2TP)?

A

A VPN protocol that does not offer any encryption or protection so it is usually paired with IPsec.

39
Q

What is network access control (NAC)?

A
  • A technique that examines the current state of a system or network device before it is allowed to connect to the network.
    • Some NAC’s use agents: Software that is installed on endpoints to gather information for a NAC.
40
Q

What is data loss prevention (DLP)?

A
  • A system of security tools used to recognize and identify data that is critical to the organization and ensure it is protected. (rights management)
    • Uses tools such as:
      • content inspection to look at security levels of data
      • Index Matching
      • Masking creates a copy of the original data but obfuscating (making unintelligible) any sensitive elements
      • Tokenization: obfuscates sensitive data elements, such as an account number, into a random string of characters (token)The original sensitive data element and the corresponding token are then stored in a database called a token vault
41
Q

What is route security?

A

The trust of packets sent through a router.

42
Q

What is broadcast storm prevention?

A
  • Steps that can be taken to avert a broadcast storm, such as using loop prevention (technology that uses the IEEE 802.1d standard spanning-tree protocol (STP) to avert a network loop.)
43
Q

What is spanning tree protocol?

A

uses an algorithm that creates a hierarchical “tree” layout that spans the entire network. It determines all the redundant paths that a switch has to communicate, recognizes the best path, and then blocks out all other paths.

44
Q

What is BPDU Guard? (t bridge protocol data units)

A

A feature on a switch that creates an alert when a BPDU is received from an endpoint.

45
Q

What is DHCP snooping?

A

A security technology in a switch that drops unacceptable DHCP traffic.

46
Q

What is port TAP (test access point)?

A

A device that transmits the send and receive data streams simultaneously on separate dedicated channels so that all data arrives at the monitoring tool in real time.

47
Q

What is port mirroring/port scanning?

A

A technology on a managed switch that copies traffic that occurs on some or all ports to a designated monitoring port on the switch.

48
Q

List some examples of devices that can be place on a network to gather information:

A
  • network sensors to monitor traffic (for network intrusion detection and prevention devices), collectors to gather traffic (for SIEM devices), and aggregators to combine multiple network connections into a single link.
49
Q

What is a monitoring service?

A

An external third-party service that can provide additional resources to assist an organization in their cybersecurity defenses.

50
Q

What is a file integrity monitor?

A

A system that detects any changes within the files that may indicate a cyberattack.

51
Q

What is Quality of Service (QoS)?

A

A set of network technologies used to guarantee a network’s ability to dependably serve resources and high-priority applications to endpoints.

52
Q

What is zero trust?

A

A strategic initiative about networks that is designed to prevent successful attacks by eliminating the concept of trust from an organization’s network architecture.

53
Q

What is a virtual LAN (VLAN)?

A

A technology that allows scattered users to be logically grouped together even though they may be attached to different switches.

54
Q

What is demilitarized zone (DMZ)?

A

functions as a separate network that rests outside the secure network perimeter: untrusted outside users can access the DMZ but cannot enter the secure network.

55
Q

What is load balancing?

A

A technology that can help to evenly distribute work across a network. (includes active-active and active-passive configuration)

56
Q

What is active-passive configuration?

A

A configuration in which the primary load balancer distributes the network traffic to the most suitable server while the secondary load balancer operates in a “listening mode.”

57
Q

What is active-active configuration?

A

A configuration in which all load balancers are always active.

58
Q

What is a virtual IP (VIP) address?

A

An IP address and a specific port number that can be used to reference different physical servers.

59
Q

What is session persistence?

A

process in which a load balancer creates a link between an endpoint and a specific network server for the duration of a session.