Network Security 6 Flashcards
A person, device, location, or information that SecOps aims to protect from attack.
*** Firewall Security Threats : Configuration mistakes are equally dangerous to your security and can also leave holes open for would-be attackers, regularly change the password.
asset
An action taken by a threat that exploits a vulnerability that attempts to either block authorized access to an asset, or to gain unauthorized access to an asset.
*** Threat: Something or someone that can exploit a vulnerability to attack an asset.
attack
a discipline within IT responsible for protecting assets by reducing the risk of attacks.
*** Risk: The potential of a threat to exploit a vulnerability via an attack.
SecOps
________ __________ ______ because the virus or malware remains undetected while it sits idle for long periods, perhaps months, just waiting for the right time can be triggered or executed by time.
*** purple team = Some companies use this attack and defend approach but take it to the next level by involving continuous improvement in the process.
APT (Advanced Persistent Threat)
Some intrusion prevention system (IPS) vendors include an option that allows administrators to forward unknown or suspicious code patterns to the vendor for analysis. If enabled, the IPS or firewall device blocks the unknown code the first time it sees it but may permit the code to pass later if the security vendor determines that it is not a risk.
Zero-Day Exploit (Attack)
intellectual property theft through industrial espionage is a very real concern for many companies. The bigger threat is that nation states have substantially larger budgets to hire hackers than the average criminal enterprise.
nation states
“wiretapping”; today, it refers to any process that allows an attacker to electronically eavesdrop on a conversation, whether between two humans or two computers. This form of attack can also include putting special wiretaps in-line with a computer’s network cable and then using a device called a “packet sniffer” to listen and record the traffic on the network.
wiretapping
can systematically check each of these ports by sending thousands of TCP/IP packets to the victim’s computer, each packet on a different TCP port. The victim’s computer will discard requests made to ports that are not assigned to a running application or service. The port scanner is then able to see which ports respond and which do not, allowing the attacker to perform more in-depth scanning to determine what service is running and if there are any known vulnerabilities present in that service.
*** preventetive measure : Minimize your exposure by keeping your operating systems and applications up to date on patches.
port scanner
is a firewall that operates at Layers 3 and 4 of the OSI network model: network and transport. These firewalls inspect incoming (ingress) and outgoing (egress) traffic and compare the following attributes to a database of packet filter rules that determine if the firewall will forward (allow) or drop (deny) the traffic : (1) Protocol (typically IP) - (2) Source IP Address - (3) Destination IP Address - (4) Source TCP/UDP port number - (5) Destination TCP/UDP port number. These firewalls are only concerned with the address label (header) of the packets and perform no level of inspection on the contents of the packet (the payload). Operates at OSI layers 3-4. Compares traffic against pre-established data.
packet filter firewall
is a device that operates as a middleman between two or more systems to help conceal the true identity of the client and server. _______ _____ ________ are the foundation of network address translation (NAT) and port address translation (PAT), which are commonly used in firewalls to allow private IP address ranges to communicate on the internet.
circuit-level gateway
