Network Security Operations Flashcards
Network firewall
Barrier that intercepts and inspects traffic moving from one area of the network to another
Packet filter
A firewall that operates at OSI layers three and four. Packet filters only inspect the address label of the packet but not the contents. (Payload)
Circuit level gateways
Helps conceal the true identity of the client and server. Allows private IPs on the internet.
State
The connection state of a conversation between two computers
Stateful inspection
Allows a firewall to identify traffic as conversational and automatically creates temporary firewall rules to permit the response traffic to flow back to the sender quicker. Requires OSI layers three, four and five
Application level firewall
An OSI layer 7 firewall that acts like a proxy server and actually inspects the packet payloads
Intrusion detection systems (IDS)
Monitors the network passively to detect threats.
Intrusion prevention systems (IPS)
Monitors the network to detect threats and then intercepts and blocks those threats.
Tap mode
Where IDS/IPS is attached to the network as listening devices only. This works well for IDS but not IPS
In-line mode
In order for an IPS to stop traffic, it must be positioned in the middle of the traffic stream
Unencrypted data
Sent or stored in the clear
Encrypted data
Ciphertext