Section 4 Security Applications and Devices Flashcards
Software applications that protect a single computer from unwanted internet traffic (Host Based Firewalls)
Personal Firewalls
Every windows computer has already a software based firewall built in and available. Two types included is a basic version and a more advanced version called the Windows Firewall with advanced security.
Windows Firewall
Built in software firewall for Mac users. Basic version is accessed through the system preference panel.
OSX (Apple’s Firewall)
Can be configured through the command line using different accept and reject rules based upon the type of network traffic that’s expected and the part being utilized for that communication.
iptables (Linux Firewall)
Device or software application that monitors a system or network and analyzes the data passing through it in order to identify an incident or attack.
Intrusion Detection System (IDS)
This usually takes the form of a piece of software that’s installed on your computer or on a server and it will protect it.
HIDS
A piece of hardware that is installed on your network and all the traffic that goes through the switch and then will receive a copy to be sent down the Network Intrusion Detection System.
NIDS
A specific string of bytes triggers on alert.
Signature Based Detection
Relies on specific declaration of the security policy.
Policy Based Detection
Analyzes the current traffic against an established baseline and triggers on alert if outside the statistical average.
Anomaly Based Detection
Blocking of external files containing JavaScript, images, or web pages, from loading in a browser.
Content Filters
Monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data.
Data Loss Prevention (DLP)
Software based client that monitors the data in use on a computer and can stop a file transfer or alert on admin of the occurence.
Endpoint DLP System
Software or hardware based solution that is installed on the perimeter of the network to detect data in transit.
Network DLP System
Software installed on servers in the datacenter to inspect the data at rest.
Storage DLP System
Cloud software as a service that protects data being stored in cloud services.
Cloud DLP System
Firmware that provides the computer instructions for how to accept input and send output.
Basic Input Output System (BIOS)
Technical limitations placed on a system in regards to the utilization of USB storage devices and other removable devices.
Removable Media Controls
Storage devices that connect directly to your organizations network.
Network Attached Storage (NAS)
Network designed specifically to perform block storage functions that may consist of NAS devices.
Storage Area Network (SAN)
Storage device that performs whole disk encryption by using embedded hardware.
Self Encryption Drive (SED)
Chip residing on the motherboard that contains an encryption key.
Trust Platform Module (TPM)
Symmetric key encryption that supports 128 bit and 256 bit keys.
Advanced Encryption Standard
Physical devices that act as a secure crypto processor during the encryption process.
Hardware Security Module (HSM)
Software capable of detecting and removing virus infections and (in most cases) other types of malware, such as worms, trojans, rootkits, adware, spyware, password crackers, network mappers, DoS tools and others.
Anti-Virus (AV)
A type of IDS or IPS that monitors as computer system for unexpected behavior or drastic changes to the system’s state on an endpoint.
Host Based IDS/IPS (HIDS/HIPS)
A software agent that collects system data and logs for analysis by monitoring system to provide early detection of threats.
Endpoint Detection and Response (EDR)
A system that can provide automated identification of suspicious activity by user accounts and computer hosts.
User and Entity Behavior Analytics (UEBA)
