Security Technologies Flashcards

1
Q

Stateful Firewall

A

Inspects traffic as a part of a session & recognizes where the traffic originated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

NGFW (NextGen Firewall)

A

Third-generation firewall that conducts deep packet inspection & packet filtering (Layer 7)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

ACL

A

Access Control List:
A set of rules applied to router interfaces that permit/deny traffic
(IP/MAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Switch Firewall

A

IP address or port:
Source/destination IP
Source/destination Port
Source/destination MAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

NIDS/NIPS & HIDS/HIPS

A

Admin defines patterns:
NIDS/NIPS (Network-Based): A network device protects the network
HIDS/HIPS (Host-Based): Software-based & installed on servers/clients

Network & Host-Based systems can work together for more complete protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

RDG

A

Remote Desktop Gateway:
Provides a secure connection using SSL/TLS protocols to the server via RDP

Encrypted connection
Control access to network resources based on permissions/group roles
Maintain/enforce authorization policies
Monitor the status of the gateway & any RDP connections passing through the gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

VNC

A

Virtual Network Computing (Port 5900):
Designed for thin client architectures & things like VDI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In-Band Management

A

Managing devices using Telnet/SSH protocols over the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

VPN

A

Extends a private network across public networks & enables sending/receiving data cross shared/public networks
(Site-to-site, Client-to-site, Clientless)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Full Tunnel VPN

A

Routes & encrypts all network requests through the VPN connection back to the headquarters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Split Tunnel VPN

A

Routes & encrypts only the traffic bound for the headquarters over the VPN, & sends the rest of the traffic to the regular internet
(Better performance than full tunnel, less secure)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Clientless VPN

A

Creates a secure, remote-access VPN tunnel using a web browser without requiring a software/hardware client

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

SSL

A

Secure Socket Layer:
Provides cryptography/reliability using the upper OSI layers (5/6/7)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

TLS

A

Transport Layer Security:
Provides secure web browsing over HTTPS

SSL/TLS use TCP to establish secure client/server connections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

DTLS

A

Datagram Transport Layer Security:
UDP-based version of the TLS protocol which operates a bit faster due to having less overhead

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

L2TP

A

Layer 2 Tunneling Protocol:
Lacks security features like encryption by default
Needs to be combined with extra encryption layer for protection

17
Q

L2F

A

Layer 2 Forwarding:
Provides a tunneling protocol for the P2P protocol, but also lacks native security/encryption

18
Q

PPTP

A

Point-to-Point Tunneling Protocol:
Supports dial-up networks but also lacks native security
(Except for when using with Windows)

19
Q

SNMP: Managed Device

A

Any device that can communicate with an SNMP manager known as the MIB (Management information base)

20
Q

SNMP

A

Simple Network Management Protocol (Port 161):
Used to send/receive data from managed devices back to a centralized network management station

21
Q

SNMP: Granular

A

Sent trap messages get a unique objective identifier to distinguish each message as a unique message being received

22
Q

SNMP: MIB

A

Management Information Base:
An SNMP Manager

The structure of the management data of a device subsystem using a hierarchical namespace containing object identifiers

23
Q

SNMP: Verbose

A

SNMP traps may be configured to contain all the info about a given alert/event as a payload

24
Q

SNMPv1 & SNMPv2

A

Use a community string to give them access to the device as their security mechanism

Default community strings of public (read-only) or private (read-write) devices are considered a security risk

25
Q

SNMPv3

A

Provides 3 security enhancements which added integrity, authentication, & confidentiality to the SNMP protocol

Integrity - Message hashing
Authentication - Source validation
PoE+ 802.3at Confidentiality - DES 56-bit encryption

26
Q

Syslog

A

System Logging Protocol:
Sends system log or event messages to a central server, called a syslog server

SIM - Security Information Management
SEM - Security Event Management
SIEM - Security Information & Event Management

27
Q

Syslog Levels

A

0 - Emergency - System has become unstable
1 - Alert - A condition should be corrected immediately
2 - Critical - A failure in the system’s primary application requires immediate attention
3 - Error - Something is preventing proper system function
4 - Warning - An error will occur if action is not taken soon
5 - Notice - The events are unusual
6 - Information - Normal operational message (no action required)
7 - Debugging - Useful info for developers

28
Q

Syslog: Traffic Log

A

Contains info about the traffic flows on the network

Allows for investigation of any abnormalities

29
Q

Syslog: Audit Log/Audit Trail

A

Contains a sequence of events for a particular activity

30
Q

Syslog: Application Log

A

Contains info about software running on a client/server
(Informational, Warning, Error)

31
Q

Syslog: Security Log

A

Contains info about security of client/server

32
Q

Syslog: System Log

A

Contains info about the operating system itself

33
Q

SIEM

A

Security Information & Event Management:
Provides real-time or near-real-time analysis of security alerts generated by network hardware & applications

34
Q

SIEM: Systems it gathers data from…

A

Log Collection
Normalization - Maps log messages into a common data model
Correlation - Links logs/events form different systems into a single feed
Aggregation - Reduces volume of event data via consolidation of duplicate events
Reporting