Udemy Sections 12-14: Perimeter Security, Cloud Security, and Automation Flashcards
Security devices focused on the boundary between the LAN and the WAN in your organization’s network
Perimeter security
A security solution that screens traffic between two portions of a network
Firewall
A type of firewall that is run as a piece of software on a host or server
Software firewall
A physical device that filters traffic going into a computer, network, or server
Hardware firewall
One function out of many on a single device that filters traffic going into a computer, network, or server
Embedded firewall
A method used by firewalls. They inspect each packet passing through the firewall and accepts or rejects it based on defined rules (configuration, ACLs)
Packet filtering
A type of packet filtering where packets are accepted or rejected based on the IP address and port number requested.
Stateless packet filtering
A type of packet filtering where the firewall keeps track of which internal requests use which port numbers, and use that information to examine the headers of inbound packets. If the headers of the IP packets match what the firewall was expecting to receive, it is allowed; If not, it is rejected.
This type of packet filtering all but eliminates IP spoofing.
Stateful packet filtering
A type of filtering that filters traffic based upon the ports being utilized and the type of connection (TCP or UDP).
This type of filtering keeps track of which computer made a request by assigning each request a port number. If the incoming packet is not the response that the firewall expected on the port that it expected, it will reject the packet.
NAT filtering
ALG stands for
Application-layer gateway
AKA application proxy gateway
AKA Layer 7 firewall
A security solution that applies security mechanisms to specific applications, such as FTP or Telnet. It conducts an inspection based upon the application the incoming packet is destined for. It does NOT conduct these inspections based on port numbers; this firewall operates at Layer 7.
If a packet is destined for an application that it is protecting, it blocks it.
ALG (application-layer gateway)
AKA application proxy gateway
AKA Layer 7 firewall
Application-specific translation agents that allow an application on a host in one address realm to connect to its counterpart running on a host in a different realm transparently.
Application-level gateway
AKA application proxy gateway
AKA Layer 7 firewall
A security policy domain defined for a web or application server
Realm
A firewall that operates at the Session layer and only inspects the traffic during the establishment of the initial session over TCP or UDP.
After the session is established, the packets pass without any checks.
Circuit-level gateway
A type of filtering where a firewall filters traffic based on MAC addresses
MAC filtering
When traffic is allowed to enter or leave the network because there is an ACL rule that specifically allows it
Explicit allow
Translate this firewall rule:
allow TCP 10.0.0.2 any port 80
The host with the IP address 10.0.0.2 can send packets to any other IP address as long as it is requesting it over port 80.
When traffic is denied the ability to enter/leave the network because there is an ACL rule that specifically denies it
Explicit deny
Translate this firewall rule:
deny TCP any any port 23
Prevents any device in the network from sending packets to any device outside of the network over port 23
When traffic is denied the ability to enter or leave the network because there is no specific rule that allows it
Implicit deny
Translate this firewall rule:
deny TCP any any port any
Any host inside the network can’t send TCP packets to any host outside the network no matter which port it goes through.
What do firewalls do at Layer 3?
Block IP addresses
Layer 3 is the Network layer
What do firewalls do at layer 4?
Block ports
Layer 4 is the Transport layer
A type of firewall installed to protect your server by inspecting traffic being sent to and from your web application. It stands between the user and the web application to filter traffic.
Prevents XSS, SQL injection, and cookie poisoning
WAF (Web Application Firewall)
WAF stands for
Web Application Firewall
What type of firewall largely prevents XSS, cookie poisoning, and SQL injection?
WAF (Web Application Firewall)
A device that acts as a middle man between a device and a remote server
Proxy server
A type of proxy server that is used to secure a network by keeping its machines anonymous during web browsing
IP proxy
A type of proxy server that attempts to serve client requests by delivering content from itself without actually contacting the remote server.
It does this by saving a copy of the results from previous requests and reusing the copy when the same requests happens.
Caching proxy
The most common type of caching proxy
HTTP proxy
Why are caching proxy not as effective as they used to be?
Because of the Web 2.0 structure giving each user customized information. For example, Facebook. Each person’s Facebook page looks extremely different.
PAC stands for
Proxy Auto-Configuration file
Files that contain configuration information to automatically configure a proxy server
PAC (Proxy Auto-Configuration) files
T/F: It is best practice to configure proxy servers via the PAC files
False
Attackers can modify these files
A type of proxy server used in organizations to prevent users from accessing prohibited websites and other content
Internet content filter
A type of proxy server that is used as a go-between that scans devices for viruses, filters unwanted content, and performs data loss prevention functions.
Like an internet content filter, but with more functions.
Web security gateway
A single computer (or file, group of files, or unused IP range) that might be considered attractive to an attacker
Honeypot
A group of computers, servers, or networks used to attract an attacker
Honeynet
What are honeypots used for?
Security research
Systems designed to protect data by conducting content inspection of data being sent OUT of the network
DLP (Data Loss Prevention)
AKA ILP (Information Leak Prevention)
AKA EPS (Extrusion Prevention Systems)
DLP stands for
Data Loss Prevention
ILP stands for
Information Leak Protection
EPS stands for
Extrusion Prevention Systems
T/F: DLP, ILP, and EPS are all used interchangeably
True
A security system that attempts to detect, log, and alert on malicious network activities
NIDS (Network Intrusion Detection System)
NIDS stands for
Network Intrusion Detection System
What mode are NIDS placed in so they can see all network traffic on a segment?
Promiscuous mode
A system that attempts to remove, detain, or redirect malicious traffic
NIPS (Network Intrusion Prevention System)
NIPS stands for
Network Intrusion Prevention System
A term meaning that a device is directly in the path of incoming traffic
Inline
Where should a NIPS be placed so that it is directly in the path of network traffic?
Inline
A term meaning that if a NIPS fails, it allows all traffic through.
Fail open
A term meaning that if a NIPS fails, it blocks all traffic
Fail shut
Which is more secure: fail open or fail shut?
Fail shut
But it means that the network will essentially be shut down.
What do most organizations choose to do when they are faced with the choice between having their NIPS fail open or fail shut?
They choose fail open.
This is because a fail shut would cause their network to go down. They choose to rely on other defensive layers when their NIPS fails, rather than take their whole network down.
Software products that are used to capture packets, allow an administrator to analyze the packets, and help with troubleshooting by viewing patterns within the packet captures.
Protocol analyzer
T/F: NIDS and NIPS can also perform protocol analyzer functions
True
Examples of protocol analyzers
Wireshark, Network Monitor
UTM stands for
Unified Threat Management
A single device that acts as a combination of network security devices and technologies to provide more defense in depth within a single device
This device can act as a firewall, NIDS/NIPS, content filter, anti-malware, DLP, and VPN
UTM (Unified Threat Management) system
NGFW stands for
Next Generation Firewall
T/F: UTM systems are usually placed as the outermost device in a LAN, replacing a firewall
True
T/F: UTM system and NGFW are used interchangeably
True
A way of offering on-demand services that extend the traditional capabilities of a computer or network out into the internet
Cloud computing
An IT framework that combines storage, computing, and networking into a single system that can reduce data center complexity and increase scalability. This framework relies on virtualization.
Hyperconvergence
Allows a cloud provider to offer a full desktop OS to an end user from a centralized server
VDI (Virtual Desktop Infrastructure)
VDI stands for
Virtual Desktop Infrastructure
VDI desktops are non-persistent. What does this mean for security?
Even if an attacker compromises one of the virtual desktops, it can quickly be deleted, and the attacker is blocked out again. This destroys the ability for the attacker to be persistent on the desktop.
A protected memory region that provides confidentiality for data and code execution. While the data is being processed and kept in memory, it is encrypted and isolated, thus protecting data from the OS and hypervisors.
Secure enclave
A method of keeping data at rest confidential. When data on the volume is needed, a secure volume is mounted and decrypted to allow access. When the data is no longer needed, it is re-encrypted and is unmounted from the virtual server.
Secure volume
4 different cloud types
Public
Private
Hybrid
Community
A service provider makes resources available to the end users over the internet. The most common type of cloud architecture.
Public cloud