Network Security 4.1 Flashcards
A perimeter network that protects an organization’s internal local area network from untrusted traffic
DMZ
Subnet in the network architecture that uses a single firewall with three interfaces to connect three dissimilar networks
Screen Subnet
Prevents frauds and abuse by distributing various tasks and approval authorities across a number of different users
Separation of Duties
Two people each have half of the knowledge of how to do something
Split Knowledge
Attracts and traps potential attackers to counteract any attempts at unauthorized access to a network. Used a form of research to learn the tools involved in network attacks
Honeypot/Honeynet
Using the lowest level of permissions of privileges needed in order to complete a job function or admin task
Least Privilege
An access control model that is controlled by the system but focuses on a set of permissions versus an individual’s permissions
Role-Based Access (RBAC)
An access control method where access is determined by the owner of the resource
Directionary Access Control (DAC)
An access control policy where the computer system gets to decide who gets access to what objects. Used in the government for security clearance.
Mandatory Access Control (MAC)
A security framework that requires users to be authenticated and authorized before being granted access to applications and data
Zero-Trust
Authenticates or proves an identity using more than one method
Multifactor Authentication
Tries every possible combination until they figure out the password
Brute Force Attack
Combination of dictionary and brute force attacks
Hybrid Attack
The process of determining whether someone or something is who or what it claims itself to be
Authentication Methods
A database used to centralize information about your clients and your objects on your network
Lightweight Directory Access Protocol (LDAP) – Port 389
Organizes and manages everything on the network, including clients, servers, devices and users
Active Directory
validates usernames and password combination against an LDAP server as a form of authentication
Lightweight Directory Access Protocol (LDAP) – Port 389
Focused on authentication and authorization within a Windows domain environment
Kerberos
used to give a default user profile for each of their users and rank that profile to all different resources users will have access to. Can use strong password or MFA for authentication
Single Sign-On
uses port 88
Kerberos
Provides centralized administration of dial up, VPN, and wireless network authentication
Remote Authentication Dial-In User Service (RADIUS) - UDP
Operates on Layer 7 - TACACAS or RADIUS?
Remote Authentication Dial-In User Service (RADIUS) - UDP
Used to perform the role of an Authenticator in an 802.1x network
Terminal Access Controller Access Control System Plus (TACACS+) - TCP
A standardized framework that’s used for port-based authentication on both wired and wireless networks
802.1x
The device requesting access to the network
Supplicant
The device through which the supplicant is requesting to access the network (ex: Switch, Access point, VPN concentrator)
Authenticator
Centralized device that performs the Authorization (RADIUS or TACACS+ server)
Authentication Server
Allows for numerous different mechanisms of authentication
Extensible Authentication Protocol (EAP)
Utilizes simple passwords and the challenge handshake authentication process to provide remote access authentication
EAP – MD5
Uses public key infrastructure with a digital certificate being installed on both the client and the server
EAP-TLS
Requires a digital certificate on the server and a password on the client for its authentication
EAP-TTLS
Uses a protected access credential to establish mutual authentication between devices
EAP Flexible Authentication via Secure Tunneling (EAP-FAST)
Uses server certificates and Microsoft’s Active Directory databases to authenticate a client’s password
Protected EAP (PEAP)
