Network Security Operations Flashcards
packet filtering firewall
inspects source and destination IP, limit placed on packets that can enter the network - operates at layer 3 and 4
stateful inspection firewall
every packet is analyzed, categorized, and a security decision is made - operates at layers 3, 4, 5
stateless firewalls
does not keep track of traffic flows, needs 2 rules to reach destination point
application level firewall
blocks program-level traffic and analyzes packet content - operates at level 7 (and below)
application layer attack - SQL injection attack solution
leverage a reverse proxy system and scan incoming packets for malicious behavior
presentation layer attack - man in the middle attack solution
mitigate using an application-layer proxy or IPS, and train users about fake security certificates
session layer attack - RPC solution
mitigate with regular OS and application patching
transport layer attack - port scanner solution
mitigate by using a packet filtering firewall
network layer attack - ping sweep attack solution
mitigate by using packet filtering firewall
data link layer - VLAN hopping solution
configure the VLAN tagging per the switch vendor’s recommendations
physical layer - wiretapping solution
look for physical vulnerabilities, check locks on doors, racks, wiring closets
WEP
use pre-shared key and RC4 algorithms, weak
WPA
uses RC4 algorithms and TKIP which rekeys every 10,000 packets (better than WEP)
WPA2
uses AES and CCMP (most used)
WPA3
strongest but newer, not so much used
ad-hoc wireless infrastructure mode
all wireless communication is performed in a peer-to-peer fashion and does not require a WAP
infrastructure wireless network infrastructure mode
a WAP or wireless router is used to connect wireless devices to the network
symmetric encryption
uses the same key
asymmetric encryption
one public and one private key
SSL - secure socket layer
uses an asymmetric key pair, end-to-end encryption
TLS - transport layer security
successor to SSL
IDS (intrusion detection system)
designed to monitor both inbound and outbound data traffic and report on any suspicious activity
IPS (intrusion preventions system)
has capability to stop or prevent malicious attacks that is detects in real time by integrating with the firewall
packet shaper
device that sits between a campus network and an outside network and is configured with a set of rules used to prioritize data traffic for shaping bandwidth
PIPEDA requires orgs to do this with people’s information
explain how personal identifiable info is collected, used, and disclosed
wireless encryption method that includes each device using a unique encryption key
WPA3
primary goal of separation of duties in IT security
prevent fraud and unauthorized data access by requiring more than one person to complete certain tasks
redesigning protocols to fit more naturally into daily workflows for people serves what security principle?
psychological acceptability
in discretionary access control systems, who typically has authority to set or change permissions?
owner of the resource
wireless encryptions from weakest to strongest
WEP -> WPA -> WPA2 -> WPA3
sophisticated firewall that examines individual packets and their collective grouping represents what type of access control?
context based
