Security Technologies Flashcards
Stateful Firewall
Inspects traffic as a part of a session & recognizes where the traffic originated
NGFW (NextGen Firewall)
Third-generation firewall that conducts deep packet inspection & packet filtering (Layer 7)
ACL
Access Control List:
A set of rules applied to router interfaces that permit/deny traffic
(IP/MAC)
Switch Firewall
IP address or port:
Source/destination IP
Source/destination Port
Source/destination MAC
NIDS/NIPS & HIDS/HIPS
Admin defines patterns:
NIDS/NIPS (Network-Based): A network device protects the network
HIDS/HIPS (Host-Based): Software-based & installed on servers/clients
Network & Host-Based systems can work together for more complete protection
RDG
Remote Desktop Gateway:
Provides a secure connection using SSL/TLS protocols to the server via RDP
Encrypted connection
Control access to network resources based on permissions/group roles
Maintain/enforce authorization policies
Monitor the status of the gateway & any RDP connections passing through the gateway
VNC
Virtual Network Computing (Port 5900):
Designed for thin client architectures & things like VDI
In-Band Management
Managing devices using Telnet/SSH protocols over the network
VPN
Extends a private network across public networks & enables sending/receiving data cross shared/public networks
(Site-to-site, Client-to-site, Clientless)
Full Tunnel VPN
Routes & encrypts all network requests through the VPN connection back to the headquarters
Split Tunnel VPN
Routes & encrypts only the traffic bound for the headquarters over the VPN, & sends the rest of the traffic to the regular internet
(Better performance than full tunnel, less secure)
Clientless VPN
Creates a secure, remote-access VPN tunnel using a web browser without requiring a software/hardware client
SSL
Secure Socket Layer:
Provides cryptography/reliability using the upper OSI layers (5/6/7)
TLS
Transport Layer Security:
Provides secure web browsing over HTTPS
SSL/TLS use TCP to establish secure client/server connections
DTLS
Datagram Transport Layer Security:
UDP-based version of the TLS protocol which operates a bit faster due to having less overhead