Security Technologies: VPNs & Firewalls & IDS 4.4 Flashcards
Provides a real-time analysis or security alerts generated by network hardware and applications
gathers data and logs from all sorts or different systems
Security Information and Event Management (SIEM)
Routes and encrypts only the traffic bound for the headquarters over the VPN, and sends the rest of that traffic to the regular internet
Split Tunnel VPN
Routes and encrypts all network requests through the VPN connection back to the headquarters
Full Tunnel VPN
Creates a secure, remote-access VPN tunnel using a web browser without requiring a software or hardware client
Clientless VPN
Provides cryptography and reliability using the upper layers of the OSI model, specifically Layers 5,6, and 7
Secure Socket Layer (SSL)
Provides secure web browsing over HTTPS
Transport Layer Security (TLS)
Older protocol. Lacks security features like an encryption by default and needs to be combined with an extra encryption layer for protection
Layer 2 Tunneling Protocol VPN (L2TP)
Provides a tunneling protocol for the P2P protocol but also lacks native security and encryption features
Layer 2 Forwarding (L2F)
Older version of a VPN. Supports dial-up networks but also lacks native security features except when used with Microsoft Windows
Point-to-Point Tunneling Protocol (PPTP)
Provides Authentication and encryption of packets to create a secure encrypted communication path between two computers
IP Security (IPSec)
is a master node. Sends and receives data from managed devices back to a centralized network management station
Simple Network Management Protocol (SNMP)
The structure of the management data of a device subsystem using a hierarchical namespace containing object identifiers
Management Information Base (MIB)
Provides three security enhancements which added integrity, authentication, and confidentiality to the SNMP protocol
SNMPv3
Sends the client a string of random text called a challenge which is then encrypted using a password and sent back to the server
Challenge Handshake Authentication Protocol (CHAP)
Sends usernames and passwords in plain text for authentication
Password Authentication Protocol (PAP)
Syslog Severity Levels 0-7
0-Emergency
1-Alert
2-Critical
3-Error
4-Warning
5-Notice
6-Information
7-Debugging
Uses a set of rules defining the types of traffic permitted or denied through the device
Firewall
Permits or denies traffic based on packet header
Packet-Filtering Firewall
Inspects traffic as part of a session and recognizes where the traffic originated
Stateful Firewall
Third generation firewall that conducts deep packet inspection and packet filtering
NextGen Firewall (NGFW)
Set of rules applied to router interfaces that permit or deny certain traffic
Access Control List (ACL)
Connects to devices that should have restricted access from the outside zone (like web servers)
Demilitarized Zone (DMZ)
Combines firewall, router, intrusion detection/prevention system, anti-malware, and other features into a single device
Unified Threat Management (UTM) Device
Signature contains strings of bytes (a pattern) that triggers detection
Signature-based Detection
Relies on a specific declaration of the security policy
Policy-based detection
Watches traffic patterns to build a baseline
Statistical Anomaly-based detection
Adminstrator defines the patterns/baseline
Non-statistical Anomaly-based detection
A network device protects entire network. Can be used to prevent DDoS attack
Network-based (NIDS.NIPS)
Software-based and installed on servers and clients. Can be used to prevent people from installing or running software. Prevents Malware attacks.
Host-based (HIDS/HIPS)
