Network+ 15 Flashcards
System Life Cycle : Conceptual design, Preliminary system design, Detail design and development, Production and construction, Utilization and support, Phase-out, Disposal.
problem solving steps : gather info, duplicate problem if possible, question users, identify symptoms, determine if anything has changed, approach multiple problems individually.
Problem Solving Methodology : (1) Define the problem, (2) hypothesize the probable cause, (3) Test hypothesis, (4) create an action plan, (5) implement action plan or escalate as necessary, (6) verify full system functionality and if applicable implement preventative measures, (7) document findings, actions and outcomes.
System Life Cycle Etc …
Network layer–related issues could also include duplicate IPs, speed and duplex mismatch, routing loops, incorrect IP, incorrect default gateway, network interface card (NIC) hardware failure, misconfigured Dynamic Host Configuration Protocol (DHCP), misconfigured DNS, incorrect cable or port, incomplete routing tables, NIC misconfiguration, or malware running on the computer that’s preventing normal network behavior by the computer.
Network Related Issues
Lightweight Directory Access Protocol (LDAP) permits a set of standards for the storage and access of user account information. Many proprietary user stores support LDAP for ease of access. This includes Microsoft’s Active Directory.
A captive portal is a web page that appears before the user is able to access the network resource; this web page accepts the credentials of the user for authentication and presents them to the authentication server.
LDAP etc …
packet-filtering firewall: firewalls inspect traffic based solely on a packet’s header, filters based on ACLs. Stateful Firewall : can recognize that a packet is part of a session that might have originated inside the local network or outside the local network, The process of inspecting traffic to identify unique sessions is called stateful inspection.
The firewall interface connecting to the inside network (trusted network) is configured as belonging to the INSIDE zone. The firewall interface connecting to the Internet (an untrusted network) is configured as belonging to the OUTSIDE zone.
firewalls
unified threat management (UTM) firewall or gateway is a device that attempts to bundle multiple security functions into a single physical or logical device, Features of an ideal UTM could include a network intrusion prevention system (IPS), network-based antivirus/antimalware, URL and content filtering, antispam, data loss prevention (DLP), regulatory compliance checking, stateful filtering, VPN services, multiple interfaces for DMZs, load balancing, user-based access control and filtering, Network Address Translation (NAT), transparent or routed implementation, Secure Sockets Layer (SSL) interception, application layer content analysis, posture assessment for a connecting computer, and more.
UTM
Client-to-site VPN: A client-to-site VPN (also known as a remote-access VPN) interconnects a remote user with a site, as an alternative to dial-up or ISDN connectivity, at a reduced cost.
Site-to-site VPN: A site-to-site VPN interconnects two sites, as an alternative to a leased line, at a reduced cost.
Layer 2 Forwarding (L2F) is a VPN protocol designed (by Cisco Systems) with the intent of providing a tunneling protocol for PPP. Like L2TP, L2F lacks native security features.
VPN
AH / ESP : Transport mode: Uses a packet’s original IP header, as opposed to adding an additional tunnel header. This approach works well in networks where increasing a packet’s size might cause an issue. Also, transport mode is often used for client-to-site VPNs, where a PC running VPN client software connects back to a VPN termination device at a headquarters location.
Tunnel mode: Unlike transport mode, tunnel mode encapsulates an entire packet. As a result, the encapsulated packet has a new header (an IPSec header). This new header has source and destination IP address information that reflects the two VPN termination devices at different sites. Therefore, tunnel mode is often used in an IPSec site-to-site VPN.
AH/ESP (Transport, Tunnel Mode)
Layer 2 Tunneling Protocol (L2TP) is a VPN protocol that lacks security features, such as encryption. However, L2TP can still be used for a secure VPN connection if it is combined with another protocol that does provide encryption.
Point-to-Point Tunneling Protocol (PPTP) is an older VPN protocol (which supported the dial-up networking feature in older versions of Microsoft Windows). Like L2TP and L2F, PPTP lacks native security features. However, Microsoft’s versions of PPTP bundled with various versions of Microsoft Windows were enhanced to offer security features.
Layer 2 Tunneling Protocol Etc …
Signature-Based Detection : A signature could be a string of bytes, in a certain context, that triggers detection.
Policy-Based Detection : With a policy-based approach, the IDS/IPS device needs a specific declaration of the security policy.
Anomaly-Based Detection : Statistical anomaly detection: This approach watches network-traffic patterns over a period of time and dynamically builds a baseline. Then, if traffic patterns significantly vary from the baseline, an alarm can be triggered.
(2) Nonstatistical anomaly detection: This approach allows an administrator to define what traffic patterns are supposed to look like.
Detections
DLP = client level (data in operation), network level (data in transit), storage level (data at rest)
Incident Response Policies = Prepare: This often involves being able to identify the start of an incident, preparing a recovery plan, how to get everything back to normal, and creating established security policies.
Recover: This phase often includes service restoration as well as a recertification of network devices and systems.
DLP Etc …
