Section 13: Network Security Flashcards
What does CIA stand for?
Confidentiality, Integrity, Availability
What is Confidentiality?
Keeping the data private and safe, such as encryption or authentication to access resources
What is Integrity?
Ensures data has not been modified in transit. It verifies the source that traffic originates from
What is Availability?
Measures accessibility of the data.
What is a Threat?
A person or event that has the potential for impacting a valuable resource in a negative manner
What is an Internal Threat?
Any threat that originates within the organization itself
What is an External Threat?
Any threat that could be, like a hacker, or it can be an event or environmental condition
What is a Vulnerability?
A quality or characteristic within a given resource or its environment that might allow the threat to be realized
What are Common Vulnerabilities Exposures (CVE)?
A list of publicly disclosed computer security weaknesses
What is a Zero-Day Vulnerability?
Any weakness in the system design, implementation, software code, or a lack of preventive mechanisms in place
What is an Exploit?
A piece of software code that takes advantage of a security flaw or vulnerability within a system or network
What is the Least Privilege?
Using the lowest level of permissions or privileges needed in order to complete a job function or admin task
What is a Role-Based Access Control?
An access model that is controlled by the system but focuses on a set of permissions versus an individual’s permissions
What is Zero-Trust?
A security framework that requires users to be authenticated and authorized before being granted access to applications and data
What is Defense in Depth?
A cybersecurity approach in which a series of defensive mechanisms are layered in order to protect valuable data and information
What is a Perimeter Network (DMZ)?
Protects an organization’s internal local area network from untrusted traffic
What is Separation of Duties?
Prevent frauds and abuse by distributing various tasks and approval authorities across a number of different users
What is the Network Access Control (NAC)?
Ensures a device is scanned to determine its current state of security prior to being allowed network access
What is a Honeypot?
Attracts and traps potential attackers to counteract any attempts at unauthorized access to a network
What is Risk Management?
The identification, evaluation, and prioritization of risks to minimize, monitor, and control the vulnerability exploited by a threat
What is a Security Risk Assessment?
Used to identify, assess, and implement key security controls within an application, system, or network
What is a Threat Assessment?
Focused on the identification of the different threats that may wish to attack or cause harm to your systems or network
What is a Vulnerability Assessment?
Focused on identifying, quantifying, and prioritizing the risks and vulnerabilities in a system or network
What is a Posture Assessment?
Assesses cyber risk posture and exposure to threats caused by misconfigurations and patching delays
What is a Business Risk Assessment?
Used to identify, understand, and evaluate potential hazards in the workplace
What is a Process Assessment?
The disciplined examination of the processes used by the organization against a set of criteria.
What is a Vendor Assessment?
To determine if they can effectively meet the obligations and the needs of the business
What is Multifactor Authentication?
Authenticates or proves an identity using more than one method
What is Terminal Access Controller Access Control System Plus (TACACS+)?
Used to perform the role of an authenticator in an 802.1x network
What is Single Sign-On (SSO)?
An authentication scheme that allows a user to log in with a single ID and password
What is a Remote Authentication Dial-In User Service (RADIUS)?
Provides centralized administration of dial-up, VPN, and wireless network authentication
What is the Lightweight Directory Access Protocol (LDAP)?
Validates a username and password combination against an LDAP server as a form of authentication
What is Kerberos?
Focused on authentication and authorization within a Windows domain environment
What is Local Authentication?
Process of determining whether someone or something is who or what it claims itself to be
What is 802.1x?
A standardized framework that’s used for port-based authentication on both wired and wireless networks
What is the Extensible Authentication Protocol (EAP)?
Allows for numerous different mechanisms of authentication
What is the EAP-MD5?
Utilizes simple passwords and the challenge handshake authentication process to provide remote access authentication
What is the EAP-TLS?
Uses public key infrastructure with a digital certificate being installed on both the client and the server
What is the EAP-TTLS?
Requires a digital certificate on the server and a password on the client for its authentication
What is the EAP Flexible Authentication via Secure Tunneling (EAP-FAST)?
Uses a protected access credential to establish mutual authentication between devices
What is the Protected EAP (PEAP)?
Uses server certificates and Microsoft’s Active Directory databases to authenticate a client’s password
What is the Lightweight EAP (LEAP)?
A proprietary protocol that only works on Cisco-based devices