Term
|
Definition
Packet Filter
Stateful Packet Inspection
Application NGFW |
|
|
Term
| Stateful Packet Inspection Firewall |
|
Definition
Examines packet and keeps packet table of every communication channel.
SPI tracks the entire conversation
-only packets from known active connections are allowed |
|
|
Term
| First Stateful inspection firewall |
|
Definition
| Check Point Software, Firewall-1 in 1994. |
|
|
Term
| WAF (Web Application Firewall) |
|
Definition
-OSI Layer 7
-Analyzes Traffic to web servers and prevents common attacks:
-SQL Injection
-XSS (Cross Site Scripting)
-Forged HTTP requests |
|
|
Term
| Five well known WAF vendors |
|
Definition
Cisco
Citrix
Barracuda
F5
eEye |
|
|
Term
|
Definition
| Firewall that simply uses ACL's to block or allow ports and IP addresses |
|
|
Term
|
Definition
Two components:
The Tunnel
Encrypted data that passes through the tunnel. |
|
|
Term
|
Definition
Creates private connection across a public network
Tunneling Using L2TP, PPTP, IPSec |
|
|
Term
|
Definition
1. Establish Tunnel
2. Setup a connection between two end points |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| Every 30 seconds the number on the token changes |
|
|
Term
|
Definition
|
|
Term
|
Definition
Point to Point, Constant, Between two concentrators (Routers)
Remote user, temporal, VPN Concentrator |
|
|
Term
| Authentication Header (AH) |
|
Definition
-IPSec component performs authentication and integrity check.
-Field added to the IP packet |
|
|
Term
| Encapsulating Secure Payload (ESP) |
|
Definition
-IPSec Transport Encryption
-Confidentiality and optional integrity check value (ICV)
-Adds a header, a trailer, and ICV |
|
|
Term
| NIDS (Network Intrusion Detection System) and NIPS (Network Intrusion Prevention System) |
|
Definition
| Used to log alert and or take action when suspicious activity occurs on the network |
|
|
Term
|
Definition
| Active - Takes action to prevent an attack or suspicious activity |
|
|
Term
|
Definition
| Passive - Records suspicious activity for later analysis. May provide an alert. |
|
|
Term
|
Definition
-Enables prevention such as blocking IP address
-False positives could block legitimate traffic. |
|
|
Term
|
Definition
| Message from the analyzer indicating an "interesting" event has occurred. |
|
|
Term
|
Definition
| Processes data from one or more sensors and looks for suspicious activity; either deterministic or rules based. |
|
|
Term
|
Definition
| Raw data being analyszed - log files, audit logs, system logs, network traffic |
|
|
Term
|
Definition
-Indication that suspicious activity may have occurred. Can trigger an alert or notification.
-Confirmed activities become incidents |
|
|
Term
|
Definition
Intrusion Detection System console
Used to manage system |
|
|
Term
|
Definition
| Process by which operator is alerted to an Event or Incident |
|
|
Term
|
Definition
| User, Admin responsible for the IDS |
|
|
Term
|
Definition
-Primary data collection point for the IDS
-Device driver on a system or a separate physical device attached to the network to collect data. |
|
|
Term
|
Definition
Behavior Based detection
Signature based detection
Anomaly detection
Heuristic |
|
|
Term
|
Definition
| IDS detection method that uses algorithms to analyze traffic as it passes through |
|
|
Term
|
Definition
| IDS Detection Method that learns what is normal and looks for deviations from baseline |
|
|
Term
|
Definition
| IDS detection method that recognizes a fingerprint or pattern and audit trails |
|
|
Term
|
Definition
| IDS Detection that responds to variations in usage, increased traffic, policy violations, etc |
|
|
Term
|
Definition
-Logging the issue
-Notifying the admin
-Shunning or ignore attack |
|
|
Term
|
Definition
-Issues some type of action
-Block Ports
-Reset Connections
-Configuration Changes |
|
|
Term
|
Definition
|
|
Term
|
Definition
Most popular IDS
-open source
-runs on Linux and Windows
Real time monitoring protocol analyzer network sniffer. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Load balancer that makes sure the client uses the same server for the entirety of a session |
|
|
Term
|
Definition
| Load balancer that uses servers sequentially using next available. |
|
|
Term
|
Definition
| Redundant load balancers where one is in a passive state monitoring the active balancer. It becomes the primary if the primary goes down. |
|
|
Term
|
Definition
| All load balancers are active. If one goes down, the service slows down. |
|
|
Term
|
Definition
| Load balancer IP for a pool of load balancers. |
|
|
Term
|
Definition
-Proxy Server
-URL filter
-Blocks P2P sites, file sharing sites
-Data Loss Prevention DLP
-Can Block ActiveX or Java Applets, 3rd party cookies.
-Granular access to web sites |
|
|
Term
|
Definition
| Drops packets after a period of time is expired. |
|
|
Term
| Data Loss Prevention (DLP) |
|
Definition
Protects against potential breaches and exfiltration of data
-End point detection (In-use)
-Network Traffic (in Transit)
-Data Storage (at Rest) |
|
|
Term
|
Definition
| Data being sent over a wired or wireless network |
|
|
Term
|
Definition
| Data that is stored somewhere like USB, Network Storage, Local disk |
|
|
Term
|
Definition
| Data not at rest and only on one particular node on a network. In memory, swap space, temporary location to be worked on. |
|
|
Term
|
Definition
| Elected Center of the network |
|
|
Term
|
Definition
| Forwarder that sends data to the Root Bridge |
|
|
Term
|
Definition
| Port that sends data toward the root bridge. |
|
|
Term
| Access Point WiFi Security |
|
Definition
-Disable SSID
-Use MAC filtering
-Always change def admin username and password
-Use strongest encryption available
-Keep AP updated with latest fw |
|
|
Term
|
Definition
-Data Aggregation
-Correlation
-Automated alerting and triggers
-Time Sychronization
-Event deduplication
-Logs/WORM
-Leaders: IBM Security, HP, Splunk, Intel Security, Log Rhythm. |
|
|
Term
|
Definition
-Good Messaging
-Mobile Iron
-Airwatch |
|
|
Term
|
Definition
| Installed on the host device and runs continuously |
|
|
Term
|
Definition
| Run from a portal. User downloads the agent, it runs once then disappears |
|
|
Term
|
Definition
| Embedded within Active Directory, verifies the host complies with access policy |
|
|
Term
|
Definition
Spam filter
DLP
Encryption
Sits on perimeter
Scans emails in and out for the above |
|
|
Term
|
Definition
| Joins two layer two networks - repeater |
|
|
Term
|
Definition
| Offloads Key Encryption key exchange, etc |
|
|
Term
|
Definition
Network monitoring tool
Exposes hidden threats
Data Exfiltration |
|
|
Term
|
Definition
| Converts one protocol type to another. A translation device or service that converts media streams between disparate telecommunications technologies such as POTS, SS7, Next Generation Networks (2G, 2.5G and 3G radio access networks) or private branch exchange (PBX) systems. |
|
|
Term
| Network Access Control benefits |
|
Definition
| Prevents end-stations that lack antivirus, patches, or host intrusion prevention software from accessing the network and placing other computers at risk of cross-contamination |
|
|
