Security Infrastructure Flashcards
What is port 21 used for?
FTP – TCP – used to transfer files between computers.
FTP 文件传输协议,用来在电脑之间传文件(像上传、下载)。
What is port 22 used for?
SSH – TCP – used for secure remote login to servers.
SSH 安全远程登录协议,像用命令行远程控制服务器,很安全。
What is port 23 used for?
Telnet – TCP – used for remote login, but not secure.
Telnet 远程登录协议,数据是明文的,很不安全,已经淘汰。
What is port 25 used for?
SMTP – TCP – used to send emails.
SMTP 发送邮件用的协议,常用于发邮件服务器之间通信。
What is port 53 used for?
DNS – TCP/UDP – used to turn website names into IP addresses.
DNS 域名解析,把网址(例如 google.com)转换成 IP 地址。
What is port 80 used for?
HTTP – TCP – used for browsing regular (non-encrypted) websites.
HTTP 协议,用来打开普通网页(没有加密)。
What is port 443 used for?
HTTPS – TCP – used for secure websites (encrypted).
HTTPS 是加密版的 HTTP,用来打开安全网页,比如银行网站。
What is port 110 used for?
POP3 – TCP – used to receive email and download it to your device.
POP3 是旧版收邮件协议,收到邮件后就下载到本地。
What is port 143 used for?
IMAP – TCP – used to read email without downloading it.
IMAP 是新版收邮件协议,邮件保存在服务器上,可以多设备同步。
What is port 3389 used for?
RDP – TCP – used for remote desktop access to Windows systems.
RDP 是远程桌面协议,用来远程操作 Windows 电脑。
What is a firewall?
A firewall is a device or software that controls network traffic based on rules.
防火墙是控制网络流量的设备或软件,根据规则允许或阻止连接。
What is the main function of a firewall?
To block unauthorized access and allow safe traffic.
防止未经授权的访问,同时允许合法流量通过。
What is a packet filtering firewall?
It checks IP addresses and port numbers, but not content.
它只检查 IP 和端口,不看数据内容,工作在第4层。
What is a stateful firewall?
It tracks connection status and allows return traffic for valid sessions.
它会“记住连接”,允许合法请求返回的数据通过。
What is a proxy firewall?
It makes requests on behalf of the user and filters traffic at the application layer.
它代表用户与外部通信,能看懂内容,过滤更精准。
What is a Next-Generation Firewall (NGFW)?
It adds deep packet inspection, application control, and built-in IPS.
比普通防火墙更强大,可以检查数据内容、识别 App,还能防攻击。
What is a Web Application Firewall (WAF)?
A firewall that protects websites from attacks like SQL injection and XSS.
专门保护网站,能防止 SQL 注入、跨站脚本等攻击。
What is a screened subnet (DMZ)?
A separate network zone that hosts public services and isolates them from internal systems.
放网站服务器的“中间地带”,跟内网隔开,防止被入侵波及。
What is the difference between Layer 4 and Layer 7 firewalls?
Layer 4 checks ports/protocols; Layer 7 checks app-level content like URLs.
第4层看端口和协议,第7层能看懂网页内容或App行为。
What’s a key takeaway about firewalls?
Firewalls enforce rules to protect the network—some are basic, others are advanced with app awareness and attack prevention.
防火墙通过规则保护网络,有的简单,有的能识别应用甚至防攻击。
What is an Access Control List (ACL)?
A set of rules used by firewalls to allow or deny traffic.
ACL 是一组防火墙规则,用来决定哪些流量可以通过,哪些要被拦。
What are the common components of an ACL rule?
Source IP, destination IP, port, and action (allow/deny).
来源 IP、目标 IP、端口号、允许或拒绝的动作。
Why is rule order important in ACLs?
The firewall checks rules top-down and stops at the first match.
规则是从上往下执行的,遇到匹配的就不再继续查了。
What is the best practice for ACL rule order?
Put specific rules first and general “deny all” last.
越具体的规则越往上放,最底下一般是“全部拒绝”。
What does “implicit deny” mean in firewalls?
If no rules match, traffic is denied by default.
如果没有匹配到规则,默认就拒绝这条流量(不需要你手动写)。
How can ACLs be configured?
Using either a web interface (GUI) or command line (CLI).
可以通过图形界面(像网页)或命令行界面来配置。
What’s the purpose of logging in firewall configuration?
To track blocked traffic and troubleshoot issues.
记录被拦的流量,方便排错和安全审计。
What happens if multiple ACL rules match a packet?
Only the first matching rule is applied.
只执行第一条匹配到的规则,后面的忽略。
What is a “deny all” rule used for?
To block all traffic that wasn’t explicitly allowed.
拦住所有没有被允许的流量,是最后的安全底线。
What’s a key takeaway about firewall rule configuration?
Rule order matters a lot—firewall rules are like traffic signs, one mistake can block everything.
规则顺序特别重要,像路标一样,顺序错了可能全网都不通。
What is an IDS?
IDS (Intrusion Detection System) detects suspicious traffic and sends alerts.
IDS 是入侵“检测”系统,发现可疑流量后会报警,但不会拦。
What is an IPS?
IPS (Intrusion Prevention System) detects and blocks malicious traffic.
IPS 是入侵“防御”系统,发现威胁后会直接阻止它进入。
What’s the difference between IDS and IPS?
IDS only alerts; IPS alerts and blocks.
IDS 只报警,IPS 会拦截。一个是观察者,一个是战斗者。
What are the main types of IDS?
NIDS (Network), HIDS (Host), WIDS (Wireless).
网络型 IDS(NIDS)、主机型(HIDS)、无线型(WIDS)。
What does a NIDS monitor?
Traffic across the whole network.
NIDS 监控整个网络的流量,像个“交通摄像头”。
What does a HIDS monitor?
Activity on a specific computer or server.
HIDS 监控某台设备内部的行为,比如文件被改、进程异常等。
What is signature-based detection?
It looks for known attack patterns.
它靠数据库识别“已知攻击”,像查杀毒软件的病毒库。
What is anomaly-based detection?
It detects behavior that’s different from normal patterns.
它通过比较“平时行为”和“现在行为”发现异常。
How is an IDS usually deployed?
In passive mode—traffic is mirrored to it for monitoring.
IDS 是旁路监听,复制一份流量来看,不影响原始通道。
What’s the key takeaway about IDS and IPS?
IDS watches and alerts; IPS steps in to block—use both for layered defense.
IDS 是眼睛,IPS 是盾牌,配合使用最安全。
What is a load balancer?
It distributes traffic across multiple servers to prevent overload.
它把访问请求平均分配给多台服务器,防止某台被挤爆。
What does a proxy server do?
It forwards requests on behalf of users and can filter or cache content.
它代替用户发请求,可做内容过滤、加速、隐藏 IP。
What is a jump server (jump box)?
A secure gateway used by admins to access internal systems.
管理员登录服务器前必须先通过的中转机,提高安全性和审计能力。
What does a network sensor do?
It monitors and analyzes traffic to detect unusual activity.
它用来“监听”流量,发现异常行为,是 IDS 的好搭档。
What’s the purpose of a proxy cache?
It saves copies of frequently accessed content to speed up requests.
缓存常访问的网页或文件,提高访问速度,节省带宽。
What is the difference between a load balancer and a proxy?
Load balancer splits traffic across servers; proxy forwards client requests.
负载均衡器分发“服务端”,代理服务器代替“客户端”。
How do sensors help in cybersecurity?
They provide real-time traffic data to IDS/IPS for threat detection.
它把实时流量送给 IDS/IPS 检查,用来发现攻击或异常。
What is an Application Delivery Controller (ADC)?
An advanced load balancer with security, compression, and optimization features.
增强版负载均衡器,还能加速、加密、防攻击。
What’s a key benefit of using a jump server?
It controls and logs admin access, reducing attack surface.
集中控制管理员登录,减少攻击面,还能记录操作。
What’s the key takeaway about network appliances?
Each appliance has a unique job—together, they make networks faster, safer, and more manageable.
每个设备都各司其职,组合使用能让网络更快、更安全、更好管理。
What is port security?
A switch feature that restricts which devices can connect based on MAC address.
交换机上的一种安全功能,根据 MAC 地址限制谁能接入网络。
Why is port security important?
It prevents unauthorized devices from connecting to the internal network.
防止外人插网线就进来,保护内部网络不被随意访问。
What does a switch use to identify devices?
MAC address – the unique hardware address of each network device.
MAC 地址,每台设备都有唯一编号,交换机靠它来识别。
What is sticky MAC?
The switch automatically learns the MAC and locks it to the port.
交换机会自动“记住”第一个接入的 MAC,并把它绑定在端口上。
What happens when an unauthorized device connects?
The switch can shut the port, restrict traffic, or just alert (based on config).
交换机会根据设置选择:关掉端口、报警、或只拒绝该设备。
What is MAC spoofing?
When a device pretends to use another device’s MAC address to bypass security.
伪装成别人的 MAC 地址,试图混进网络,是一种攻击手段。
What is 802.1X used for?
It provides authentication before network access is allowed.
它是一种端口级认证,必须先验证身份才能连接网络。
What are the three roles in 802.1X?
Supplicant (user), Authenticator (switch), Authentication Server (RADIUS).
用户端(请求者)、交换机(验证者)、认证服务器(RADIUS)。
What is the difference between RADIUS and TACACS+?
RADIUS is faster and works for many platforms; TACACS+ offers more control and is Cisco-specific.
RADIUS 快、跨平台;TACACS+ 更细致、更安全,但偏 Cisco。
What’s the key takeaway about port security?
It protects the physical entry point of your network—combine it with 802.1X for best results.
它是网络的“第一道门禁”,配合 802.1X 认证效果更强大。
What is the purpose of a VPN?
It creates an encrypted tunnel over the internet to keep data safe.
它在公共网络上建立“加密隧道”,让你的数据传输更安全。
What is the difference between full tunnel and split tunnel VPN?
Full: all traffic goes through VPN. Split: only work traffic goes through VPN.
全隧道:所有流量都走 VPN;分隧道:只有公司流量走 VPN,其它走本地。
What is IPSec used for?
It encrypts and authenticates IP traffic, often used in VPNs.
IP 层的加密协议,常用于 VPN,保护数据不被篡改或偷看。
What’s the difference between Transport Mode and Tunnel Mode in IPSec?
Transport: encrypts only the data. Tunnel: encrypts entire packet.
传输模式只加密数据部分;隧道模式把整个包都包起来再发,常用于站点对站点。
What is ESP in IPSec?
Encapsulating Security Payload – encrypts and authenticates packets.
ESP 是用来加密和验证数据包的核心组件。
What is TLS used for?
TLS encrypts data at the transport layer (like HTTPS).
TLS 是传输层加密协议,比如你打开 https 网站就用了 TLS。
What is DTLS and when is it used?
Datagram TLS – like TLS but for UDP, used in video calls or VoIP.
UDP 版的 TLS,常用于视频会议、语音聊天等需要速度的应用。
What are site-to-site and client-to-site VPNs?
Site-to-site connects two networks; client-to-site connects a user to the office.
站点对站点是公司与公司之间;客户端对站点是个人远程连公司。
What does a clientless VPN use?
It uses a web browser (via HTTPS) to access resources—no software needed.
不需要安装软件,用浏览器登录就能访问公司资源。
What’s the key takeaway about secure communication?
Encrypt data in transit, choose VPN and protocols based on risk and use case.
数据传输时一定要加密,选对 VPN 模式和协议,才能安全又高效。
What is SD-WAN?
Software-Defined Wide Area Network – it manages WAN connections using software.
软件定义广域网,用软件来控制和优化公司各地之间的网络连接。
Why do companies use SD-WAN?
To improve performance, flexibility, and security for branch connections.
它让分公司连总部更快、更稳、更安全,还能省网络成本。
How is SD-WAN different from traditional WAN?
Traditional WAN is hardware-based; SD-WAN is software-controlled and cloud-friendly.
传统 WAN 靠硬件配置;SD-WAN 全靠软件控制,更适合连接云服务。
What is SASE?
Secure Access Service Edge – combines network and security services in the cloud.
安全接入边缘,把网络功能和安全功能放到云端的一体化解决方案。
What does SASE include?
It includes VPN, firewall, zero trust access, and cloud security tools.
包含 VPN、防火墙、零信任访问、云访问控制等一整套安全服务。
Why is SASE important for modern businesses?
Because users work from anywhere and access cloud apps—it keeps everything secure.
因为员工在任何地方办公、用云服务,SASE 能统一加密、认证、防攻击。
What are the benefits of SD-WAN?
It’s cost-effective, boosts app performance, and simplifies WAN management.
省钱、提速、好管理,非常适合有分支机构的公司。
Which cloud providers support SASE-like services?
AWS, Azure, and Google Cloud all offer virtual networking and security tools.
AWS、Azure、Google Cloud 都有虚拟网络 + 云安全组合服务。
Is SD-WAN or SASE better?
They work together—SD-WAN for connection, SASE for security.
它们是搭档,SD-WAN 解决“怎么连”,SASE 负责“连了怎么保护”。
What’s the key takeaway about SD-WAN and SASE?
SD-WAN connects branches efficiently, SASE makes those connections secure and cloud-ready.
SD-WAN 负责连接各地网络,SASE 让这些连接更安全、更适应云时代。
Why is device placement important in network design?
Proper placement ensures fast, secure, and efficient communication.
合理摆放能提高速度、增强安全、防止瓶颈或盲点。
What is a screened subnet (DMZ)?
It separates public-facing servers from internal systems to reduce risk.
放网站、邮件等服务的“中间地带”,防止外部攻击波及内网。
What is an attack surface?
All the places where an attacker can try to get in.
攻击者可能入侵的所有入口,总之越多越危险。
How can we reduce the attack surface?
Disable unused services, restrict access, and close unneeded ports.
关掉没用的服务、端口和权限,做到最小开放。
What are common connectivity types?
Wired (stable), Wireless (flexible), VPN (remote access), Cloud links.
有线稳、无线灵、VPN 安全远程、云连接灵活但要加密。
What is the difference between active and passive devices?
Active devices can take action (e.g. IPS); passive only monitor (e.g. IDS).
主动设备能“动手”(拦截),被动设备只观察不干预。
What does inline vs tap mean?
Inline = traffic must pass through. Tap = monitor copy only.
Inline 是“主路”拦截,Tap 是“旁路”偷窥,不会影响流量。
What is a fail-open vs fail-closed device?
Fail-open lets traffic through if device fails; fail-closed blocks all.
Fail-Open:设备挂了就放行(保可用);Fail-Closed:挂了就拦(保安全)。
When would you choose fail-closed?
When security is more important than uptime, like in banks.
比如银行、政府,宁愿停运也不能让攻击流入。
Key takeaway of infrastructure considerations?
Network design must balance performance, risk, and security by placing devices smartly.
设计网络时要合理布置设备,才能在速度、安全和稳定之间找到最佳平衡。
What does “least privilege” mean?
Give users only the access they absolutely need—no more.
只给用户完成工作所需的最低权限,越少越安全。
What is “defense in depth”?
Use multiple layers of security, so if one fails, others still protect.
像套娃一样多层保护,就算一层失效,还有其它层挡住攻击。
What does a risk-based approach mean?
Focus on protecting the most important or vulnerable assets first.
优先保护最容易被攻击、最关键的系统或数据。
What is lifecycle management of controls?
Regularly update, review, and retire controls as things change.
控制措施不是一设就完,要定期评估、更新或淘汰。
What is the “open design principle”?
Security should be transparent and testable—not based on secrecy.
安全设计应该可以公开验证,而不是靠“藏着掖着”来安全。
What’s the first step in selecting controls?
Assess the current state—know your assets, gaps, and risks.
先搞清楚你有什么系统,有什么漏洞,有多大风险。
Why is stakeholder involvement important in security planning?
So controls match business needs and get supported.
安全方案得让业务配合,否则再强也推不动。
What is benchmarking in security control selection?
Compare with industry standards like NIST or ISO.
对照 NIST、ISO 等标准,看看有没有遗漏或不达标的地方。
What types of controls exist?
Technical (firewall), Administrative (policy), Physical (locks).
技术控制(如防火墙)、管理控制(如策略)、物理控制(如门禁)。
Key takeaway of selecting infrastructure controls?
Use a structured, risk-aware, and flexible method to choose layered protections.
用有逻辑、懂风险、能调整的方法搭建多层次的安全体系。
