Network Security Operations Flashcards
Blank start with understanding how a firewall is used to secure a network
Foundational Network security
What is a barrier that intercepts and inspects traffic moving from one area of the network to another?
Firewall
What may be physical appliances or may be virtual appliances operating as a VMS.
firewall
What is the term for a firewall that operates as apps running on workstations and servers
host-based firewalls
All firewalls have what in common that will determine whether the firewall will permit or deny traffic to pass on to its intended destination
Set of rules
Blank is a firewall that operates on layers 3 & 4.
Packet Filtering
Most networks equate what to layer 3 and what to layer 4
IP address
TCP or UDP port number
Blank inspect incoming (ingress) and outgoing (egress) traffic and compare the attributes to a database of packet filter rules that determine if the movement is permitted
Firewalls
Name the five attributes in a packet filter
Protocol (typically IP)
Source of IP address
Destination IP address
Source TCP or UDP port number
Destination TCP or UDP port number
Packet filters are only concerned with what of the packets and perform no level of inspections on the contents of the package
Address label (header)
What could pass through packet filtering undetected as long as the source and destination values were approved by the firewall rules
Dangerous payloads
What is a device that operates as a middleman between two or more systems to help conceal the true nature of the client and server
Circuit Level Gateways
The circuit level gateway may change what two things to allow two networks to communicate that otherwise could not
IP address and TCP/UDP port number
What does NAT stand for
Network address translation
What does PAT stand for
Port address translation
What refers to the connection state of a conversation between two computers
State
What term operates on levels 3,4,5 that allows a firewall to identify traffic as conversational and automatically create temporary firewall rules to permit the response traffic to flow back to the sender
Stateful Inspection
The goal of stateful inspections is to reduce what?
Firewall rules
To combat malicious traffic passing into the network unchecked (packet filtering) , what was created as a middle-man that reads and parses the traffic payload before forwarding it (if safe)
Proxy servers
Inspection of payload is commonly called what?
Application-aware firewalls or Layer-7 firewalls
What two things are advanced security solutions that can identify malicious traffic based on a database of known behaviors and payload signatures?
IDS and IPS
What monitors networks to detect threats?
IDS
What intercepts and blocks threats?
IPS
What is the term for when IDS and IPS attach to a network in listen-only mode, alerting a network admin if they detect any suspicious behavior
Tap mode