Term
| information security deals with what? |
|
Definition
| information and information systems |
|
|
Term
|
Definition
| computer processing is distributed over two or more computers |
|
|
Term
| what is a computer network |
|
Definition
| a collection of computers connected together to enable sharing of resources |
|
|
Term
| a computer is connected to a network via a ____ |
|
Definition
|
|
Term
|
Definition
| computer sending info on network |
|
|
Term
|
Definition
| requires addressing to get to |
|
|
Term
| ISO OSI reference model shows what |
|
Definition
| the many things that are needed to coordinate between two devices in order to communicate |
|
|
Term
| what does the ISO OSI reference model use? |
|
Definition
|
|
Term
| 7 layers in client server |
|
Definition
1 application
2 presentatino
3 session
4 transport
5 network
6 data link
7 physical |
|
|
Term
| what 3 layers are called packet layers? |
|
Definition
| network, data link, and physical |
|
|
Term
| OSI is theoretical tool....most common implementation is ____ |
|
Definition
|
|
Term
| challenge with connecting internal network to internet is ____ |
|
Definition
| inability to provide physical security |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
| IPSec is used with IPv4 and IPv6 and has what 2 protocols? |
|
Definition
authentication header - provides the services authentication of origin and data integrity
encapsulating security payload - provides the service of confidentiality by encrypting data |
|
|
Term
| IPSec has 2 modes what are they? |
|
Definition
|
|
Term
| IPSec transport mode is applies to the IP payload...the payload is protected by the IP header is not....this si good for what? |
|
Definition
| end-to-end communication between hosts |
|
|
Term
| IPSec tunnel mode is applies to the entire IP packet...header and payload is sent encrypted...this is good for what? |
|
Definition
| intermediate devices in a communications path |
|
|
Term
| Secure Sockets Layer (SSL) is internet standard known as Transport Layer Security (TLS)...it allows what? |
|
Definition
| allows two systems to negotiate algorithms, transfer data with MACs for authentication or origin and data integrity, encrypted for confidentiality |
|
|
Term
|
Definition
| a system component designed to provide security between a trusted internal network and untrusted external network |
|
|
Term
| simplest type of fire wall is a ___ filter...what does it do |
|
Definition
| stateless packet filter....examines the header of an IP packet and uses programmed policy rules to determine whether the packet should be forwarded or not |
|
|
Term
|
Definition
| servers that are designed to serve requests from outside are placed in DMZ |
|
|
Term
| DMZ screened host..what is it |
|
Definition
| place DMZ behind fire wall separate from trusted network |
|
|
Term
| DMZ screened subnet is what? |
|
Definition
| DMZ is hidden between external router and internal router |
|
|
Term
| DMZ multi_homed host is used for what? and what is it? |
|
Definition
| used to implement policy rules regarding transfer of data between the three zones...requests from outside are never allowed to internal servers, only to DMZ servers that then forward it to internal server |
|
|
Term
| what is Network address translation (NAT)? |
|
Definition
| a technique that allows a network device to associate an external IP address with one or more internal IP addresses that are non-routable and translate addresses fro data traffic in each direction |
|
|
Term
|
Definition
| allows multiple devices to share an single IP address |
|
|
Term
|
Definition
network-based
host-based - usually a server
application-based |
|
|
Term
| Signature based IDS does what? |
|
Definition
| examings the data content of network packets, files and other data resources and recognizing signatures |
|
|
Term
| anomaly based IDS does what? |
|
Definition
| compaing the activities of one process with the expected behavior/profile for that type of process |
|
|
Term
|
Definition
| a host designed to attract attackers |
|
|
Term
|
Definition
| when an IDS detects an attack in progress...it sends data to a padded cell where a hacker can try to cause damage but cant |
|
|
