network defense Flashcards
on a network device, default accounts and passwords should be
changed immediately
it allows a user to take advantage of a software bug to gain access to system resources that would typically not be available to the user
privilege escalation
an unprotected access method or pathway.
backdoor
a network device that detect attacks and suspicious activity.
intrusion detection system (IDS)
this variation of IDS monitors, logs, and detects security breaches but takes no action to stop or prevent the attack
passive IDS
this variation of IDS performs the functions of an IDS but can also react when security breaches occur.
active IDS
this IDS feature looks for patterns in network traffic and compares it to known attack patterns called
signature recognition
this IDS feature monitors traffic to define a standard activity pattern as “normal.”
anomaly recognition
a IDS is installed on a single host and monitors all traffic it coming in is called
host-based IDS
a IDS dedicated device installed on the network
network-based IDS
a device or virtual machine that entices intruders by displaying a vulnerable trait or flaw or by appearing to contain valuable data
honeypot
a network of honeypots.
honeynet
a honeypot that answers connection requests in such a way that the attacking computer is “stuck” for a period of time
tarpit
the objectives of using honeypots and tarpits are to
distract an attacker
and
observe the attackers
what is a SAN
storage area network
SANs use the ______ protocol for communication between servers and hard disk drives.
SCSI
The SCSI protocol uses _____ to identify logical devices on the SCSI bus
logical unit numbers (LUNs)
SAN information can be protected by
zoning
______ zoning fabric naming service is configured such that a SAN host can only “see” the names of storage devices in the same zone.
soft
____ zoning configures ACLs to restrict communications between SAN hosts and storage devices
hard
______ zoning are defined by assigning SAN switch ports to specific zones
port
_____ can be used to divide a SAN into multiple logical SANs in much the same manner as VLANs do on a standard network
virtual SANs
_____ can be used to bind specific SAN IDs to specific SAN switch ports.
port locking
________ changes the source MAC address on frames sent by the attacker.
MAC spoofing
_______ associates the attacker’s MAC address with the IP address of victim devices.
ARP spoofing/poisoning
______ overloads the switch’s MAC forwarding table to make the switch function like a hub.
MAC flooding
this SAN authentication solution uses passwords for authentication using the Secure Remote Password (SRP) protocol.
Fibre Channel Password Authentication Protocol (FCPAP)
this SAN authentication solution uses digital certificates to mutually authenticate SAN hosts.
Fibre Channel Authentication Protocol (FCAP) uses
Fibre Channel SAN uses ____ authentication protocol
difie-hellman challenge handshake authentication
DH-CHAP
this SAN authentication solution uses a pre-shared key to mutually authenticate SAN hosts.
Fibre Channel SAN
