Security Flashcards
SSL
Secure sockets layer
-cryptographic protocol designed to secure network communications at the upper layers (5,6, and 7)
Stateful Firewall
Inspects traffic as part of a session and recognizes where the traffic originated
-allows traffic that originates from inside the network and go out to the internet
-blocks traffic originated from internet from getting into network
-tracks and is more secure
NextGen Firewall (NGFW)
3rd generation firewall that conducts deep packet inspection and packet filtering
-can operate at layers 2-7 instead of just 2-4
-goes deeper than traditional stateful firewall and can inspect in the application level
-
Stateless Firewall
Checks packets individually before deciding whether or not to permit them
CPP - Control Plane Policing
-QoS filter that manages traffic flow of control plane packets to protect the control plane of Cisco routers and switches against DoS attacks.
Port Security
-persistent MAC learning (or sticky MAC)
-enables switch interface to retain dynamically learned MAC when switch is restarted or interface goes down.
-prevents from someone unplugging a port and plugging in their laptop.
DoS - TCP SYN Flood
Attacker initiates multiple TCP sessions, but never completes them
DoS - ICMP Flood
Attacker sends ping to a subnet broadcast address with source IP spoofed to that of the victim server
DNS poisoning
Attacker manipulates known vulnerabilities within the DNS to reroute traffic from one site to a fake version of that site
UTM device
United Threat Management device
-combines firewall, router, intrusion detection/prevention system, anti malware, and other features into single device
IDS / IPS
-Signature based detection (string of bytes)
-policy based detection (security policy)
-statistical anomaly based detection (watched baseline)
-non statistical anomaly based detection (admin defines patterns)
—Network based (NIDS/NIPS) (entire network)
—host based (HIPS/HIDS) (software based and installed on servers and clients)
-network and host based can work together for more protection
VNC
Virtual Network Computing
-port 5900
-cross platform screen sharing system created to remotely control another computer
-works on client/server model (VNC viewer on the client)
In-Band Management
Managing devices with Telnet or SSH
Out-of-band Management
Connecting to devices with an alternative path to manage like plugging directly to or using a server connected directly to devices
L2TP
Layer 2 Tunneling Protocol
-lacks security features like encryption by default and needs to be combined with an extra encryption layer for protection
-extension of the point to point tunneling protocol (PPTP) used by ISPs to enable VPNs.