Section 3 - Implementation Flashcards
Domain name system security extensions (DNSSEC)
Are a set of protocols that add a layer of security to the DNS lookup and exchange processes. In such a way, malicious activities like cache poisoning, pharming, and man-in-the-middle attacks can be prevented.
PGP and S/MIME
The security protocols are created to secure the electronic mail facility. The primary distinction between these protocols is the type of algorithms utilized in their security mechanisms. PGP builds confidence between users by using either key rings or digital certificates. On the other hand, S/MIME makes use of digital signatures, message digests, encryption, etc.
BPDU guard
An enhancement to STP, removes a node that reflects BPDUs back in the network. It enforces the STP domain borders and keeps the active topology predictable by not allowing any network devices behind a BPDU guard-enabled port to participate in STP.
Stateless FW
Makes use of a data packet’s source, destination, and other parameters to figure out whether the data presents a threat. These parameters have to be entered by either an administrator or the manufacturer via rules they set beforehand.
Stateful FW
Keeps track and monitors the state of active network connections while analyzing incoming traffic and looking for potential traffic and data risks. This firewall is situated at Layers 3 and 4
Next-gen firewall (NGFW)
Includes additional features like application awareness and control, integrated intrusion prevention, and cloud-delivered threat intelligence.
Unified threat management (UTM)
Approach to information security where a single hardware or software installation provides multiple security functions.
Jump server
Hardened and monitored device that spans two dissimilar security zones and provides a controlled means of access between them.
Wireless cryptographic protocols
- WiFi Protected Access 2 (WPA2)
- WiFi Protected Access 3 (WPA3)
- Counter-mode/CBC-MAC Protocol (CCMP)
- Simultaneous Authentication of Equals (SAE)
Wireless authentication protocols
- Extensible Authentication Protocol (EAP)
- Protected Extensible Authentication Protocol (PEAP)
- EAP-FAST
- EAP-TLS
- EAP-TTLS
- IEEE 802.1X
- Remote Authentication Dial-in User Service (RADIUS) Federation
East-west traffic
Is the transfer of data packets from server to server within a data center.
Term changes:
DMZ
Man-In-The-Middle Attack
Man trap
Black list
White list
Screened Subnet
On-path attack
Access control vestibule
block list
allow list
Zero Trust
Security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.
Network access control (NAC)
NAC prevents unauthorized users and devices from entering private networks.
Some NAC vendors require users to download agent software on their client devices. The agents then report device characteristics back to the NAC system.
Alternatively, agentless NAC solutions constantly scan the network and inventory devices, relying on device and user behaviors to trigger enforcement decisions.
Out-of-band management
Networking term which refers to accessing and managing network infrastructure at remote locations, and doing it through a separate management plane from the production network.
