Term
Layered Security OR Defense In Depth |
|
Definition
Using multiple types of security devices to protect a network. |
|
|
Term
|
Definition
Device or software that captures packets in order to decode and analyze them. |
|
|
Term
|
Definition
Network layer that a hub operates at? |
|
|
Term
|
Definition
Network layer that a switch operates at? |
|
|
Term
|
Definition
Allows a network administrator to copy port traffic to a designated monitoring port (mirror port) in order to monitor the network traffic. |
|
|
Term
Network Tap (Test Access Point) |
|
Definition
Network traffic monitoring method that involves installing a separate monitoring hardware device to the network. |
|
|
Term
|
Definition
Network layer that a router operates at? |
|
|
Term
Load Balancing/Load Balancer |
|
Definition
Technology that helps to evenly distribute traffic across a network./Software or hardware device that performs this function. |
|
|
Term
Transport (Layer 4) OR Application (Layer 7) (Depends on the specific device) |
|
Definition
Network layers that a load balancer operates at? |
|
|
Term
|
Definition
A special proxy server that knows the application protocols that it supports. |
|
|
Term
|
Definition
Proxy server that routes incoming requests to the correct server. |
|
|
Term
Application-Aware Firewall OR Next-Generation Firewall (NGFW) |
|
Definition
An intelligent firewall that makes decisions based on identifying the applications that are sending packets, rather than filtering packets based only on the packet protocol or port. |
|
|
Term
|
Definition
A dedicated virtual private network hardware device which aggregates a large number of VPN connections. |
|
|
Term
|
Definition
A device that filters web-based traffic and can block malicious content in real time. |
|
|
Term
Intrusion Detection System (IDS) |
|
Definition
A device or application that detects an attack as it occurs. |
|
|
Term
|
Definition
Monitoring method designed for detecting statistical anomalies by detecting significantly deviating behavior as compared to a baseline of compiled normal activities. |
|
|
Term
Signature-based Monitoring |
|
Definition
Monitoring method that compares network activities to an updated database of predefined signatures. |
|
|
Term
Behavior-based Monitoring |
|
Definition
Monitoring method that continuously analyzes normal processes and programs, and alerts the user if abnormal actions are detected. |
|
|
Term
|
Definition
Monitoring method that uses uses an algorithm to determine the existence of a threat. |
|
|
Term
Host-based Intrusion Detection System (HIDS) |
|
Definition
Intrusion detection software that runs on a local host computer that can detect an attack as it occurs. This application typically monitors system calls, file system access, system registry settings, and host i/o. |
|
|
Term
Network Intrusion Detection System (NIDS) |
|
Definition
Intrusion detection application installed on network devices that watches for attacks on the network and reports the information it gathers to a central device and performs specified actions as necessary. |
|
|
Term
|
Definition
Intrusion detection system capable of using contextual knowledge, such as information about the OS or running applications, in real time. |
|
|
Term
Intrusion Prevention System (IPS) |
|
Definition
A device or application that monitors in order to detect malicious activities, as well as attempts to prevent attacks by stopping them. |
|
|
Term
Network Intrusion Prevention System (NIPS) |
|
Definition
Intrusion prevention system installed on a network device that monitors network traffic in order to immediately react to a malicious attack. |
|
|
Term
|
Definition
Intrusion prevention system capable of using contextual knowledge, such as information about the OS or running applications, in real time in order to provide a higher degree of accuracy about potential attacks. |
|
|
Term
Unified Threat Management (UTM) |
|
Definition
Multipurpose security appliance that provides a range of various security functions that can include: antivirus/malware/spyware, antispam/phishing, content/web filtering, firewall, encryption, intrusion protection, and other functions. |
|
|
Term
Network Address Translation (NAT) |
|
Definition
Technique that allows a private IP address (such as those in the 10.0.0.0, 172.16.0.0, and 192.168.0.0 ranges) to be used on a public network such as the internet. |
|
|
Term
Port Address Translation (PAT) |
|
Definition
Technique that allows a single public IP address to be assigned to multiple users by assigning different TCP port numbers to the same IP address. |
|
|
Term
Network Access Control (NAC) |
|
Definition
A technique that examines the current state of a system or network device before it is allowed to connect to the network. Devices that do not meet the specified criteria are only allowed to connect to a separate quarantine network, rather than the normal network. |
|
|
Term
|
Definition
A separate network that rests outside of a secure network perimeter. Untrusted users are only allowed to access this network, and cannot access the secure network. |
|
|
Term
Network, Subnet, and Host |
|
Definition
The three parts of a subnet? |
|
|
Term
Internet Control Message Protocol (ICMP) |
|
Definition
Low level TCP/IP protocol that handles communication between devices such as for informational, testing, or error feedback purposes. It contains four fields: type, code, checksum, and message body. |
|
|
Term
|
Definition
Type of attack that sends ICMP requests such as echo requests or address mask requests, in order to gain information about the network. |
|
|
Term
|
Definition
Attack that involves a ping request being sent to all computers on the network, but the attacker masks the requesting address to make it appear to be another system such as the server. The pinged computers then respond to the request at once, causing the targeted system to have instability issues. |
|
|
Term
|
Definition
An attack that involves sending an ICMP redirect packet to the target which asks the host to send its packets to another router, which is an intentionally malicious device. |
|
|
Term
|
Definition
An attack that involves sending a malformed, unusually large sized ping request in order to cause the target to crash. |
|
|
Term
Simple Network Management Protocol (SNMP) |
|
Definition
Protocol used to manage network equipment that allows administrators to remotely monitor, manage, and configure devices on the network. |
|
|
Term
|
Definition
A password required in order to access administrative functions of a SNMP-managed device. |
|
|
Term
(1) BIND (Berkeley Internet Name Domain) (2) DNSSEC (Domain Name System Security Extensions) |
|
Definition
(1) DNS server software that makes DNS servers less trusting of information given to them by other DNS servers in order to reduce risk of attacks (2) DNS server software that allows DNS information to be digitally signed in order to avoid forged DNS information |
|
|
Term
|
Definition
An attack that involves requesting a zone transfer from a DNS server in order to gain information about the DNS server's internal network. |
|
|
Term
Trivial File Transfer Protocol (TFTP) |
|
Definition
FTP-like protocol that uses a small amount of memory and has limited functionality, and is often used for the automated transfer of configuration files between devices. |
|
|
Term
|
Definition
Protocol that, using two TCP ports, uses FTP along with either SSL (Secure Sockets Layer) or TLS (Transport Layer Security) to encrypt commands sent over the control port (port 21) in an FTP session. |
|
|
Term
|
Definition
Protocol that, using a single TCP port, encrypts and compresses all data and commands sent using FTP. |
|
|
Term
Secure Copy Protocol (SCP) |
|
Definition
Enhanced version of the RCP (Remote Copy Protocol) used primarily on *nix platforms to encrypt files and commands in order to securely transport files. |
|
|
Term
Storage Area Network (SAN) |
|
Definition
A dedicated network storage facility that provides access to data storage over a high-speed network. |
|
|
Term
(1) Fibre Channel (FC) (2) Fibre Channel Over Ethernet (FCoE) |
|
Definition
(1) High-speed storage network protocol that can transmit up to 16 gigabits per second. (2) A variation of FC that that encapsulates FC frames over Ethernet networks. |
|
|
Term
iSCSI (Internet Small Computer System Interface) |
|
Definition
An IP-based storage networking standard for linking data storage facilities. |
|
|
Term
|
Definition
Two older protocols that contain many vulnerabilities and, in most cases, should be disabled for security purposes? |
|
|
Term
|
Definition
The process of administration that relies on following procedural and technical rules. |
|
|
Term
(1) Procedural Rules (2) Technical Rules |
|
Definition
Types of network security administration rules: (1) The authoritative and prescribed direction for conduct - both external (legal rules) and internal (company policies/procedures) (2) Security rules configured within a system or software (ex. firewall configuration) |
|
|
Term
|
Definition
Controls a device’s tolerance for unanswered service requests and helps to prevent a DoS attack. Commonly found in firewalls, IDS, and IPS. |
|
|
Term
(1) Security Log (2) Access Log (3) Audit Log (4) Event Log |
|
Definition
Types of logs: (1) Reveals attacks that are being directed at the network and whether those attacks are successful. (2) Provides details regarding requests for specific files on a system. (3) Records which user performed an action and what the action was. (4) Documents unsuccessful events and significant successful events. |
|
|
Term
|
Definition
Technique that uses IEEE 802.1d (STA - Spanning-tree Algorithm) to prevent broadcast storms (a network flooding problem caused by a switching loop due to network devices repeatedly sending broadcast messages in search of the destination of a packet whose destination is unknown) |
|
|
Term
(1) Software as a Service (SaaS) (2) Platform as a Service (PaaS) (3) Infrastructure as a Service (IaaS) |
|
Definition
Three cloud computing services models: (1) Applications running on a cloud infrastructure that can be accessed remotely rather than needing to be installed and configured on the user's local machine. (2) Cloud infrastructure service that deploys applications to be installed and configured by the user on their local machine. (3) Cloud infrastructure service that allows users to deploy and install their own software, including operating systems. |
|
|
Term
(1) Piconet (2) Scatternet |
|
Definition
(1) Bluetooth network topology consisting of multiple Bluetooth devices that have automatically connected to each other. One device serves as the master and one or more other devices serve as an active slave or a parked slave. (2) A group of piconets. |
|
|
Term
|
Definition
Attack that sends unsolicited messages to Bluetooth devices. |
|
|
Term
|
Definition
Attack that accesses unauthorized information from a wireless device via Bluetooth. |
|
|
Term
Near Field Communication (NFC) |
|
Definition
Standard used to establish communication between devices in close proximity. |
|
|
Term
(1) An antenna and radio transmitter/receiver (2) Special bridging software used to interface wireless devices (3) A wired network interface used to connect to a wired network |
|
Definition
Three major parts of an AP? |
|
|
Term
|
Definition
Unauthorized AP that allows the attacker to bypass most network security configurations and opens the network to attacks. |
|
|
Term
|
Definition
AP set up by an attacker for malicious purposes that is designed to mimic a legitimate AP so that a user may unknowingly connect to it instead of the real AP. |
|
|
Term
|
Definition
Man-in-the-middle attack in which the attacker captures data that is being transmitted, records it, and sends it to the original recipient without the attacker's presence being detected. |
|
|
Term
|
Definition
An attack in which an attacker intentionally floods the RF spectrum with extraneous RF signal “noise” that creates interference and prevents communications from occurring. |
|
|
Term
Initialization Vector (IV) |
|
Definition
A 24-bit value used in WEP that changes each time a packet is encrypted. |
|
|
Term
Wi-Fi Protected Setup (WPS) |
|
Definition
A method of configuring security on WLANs that is designed for users with little to no knowledge of WLAN security. It consists of either typing in a PIN or pressing a button on the device, and the device will automatically configure its security settings. |
|
|
Term
(1) Organizationally Unique Identifier (OUI) OR Company ID (2) Individual Address Block (IAB) |
|
Definition
(1) The first 24 bits of a MAC address which references the company that produced the hardware (2) The last 24 bits of a MAC address, which is unique to that particular piece of hardware |
|
|
Term
Temporal Key Integrity Protocol (TKIP) |
|
Definition
Encryption technology that functions as a wrapper around WEP by adding an additional layer of security while still serving WEP's basic functionality. |
|
|
Term
|
Definition
A value that has been shared via communication between parties that only have approved devices. It must be entered manually in order to access the WLAN. |
|
|
Term
|
Definition
AP which uses a web browser both to present information to the user about the AP, and to authorize the user in order to access the AP. |
|
|
Term
|
Definition
An in-depth analysis of a WLAN site. |
|
|
Term
(1) To act as the base station for the wireless network. (2) To act as a bridge between wired and wireless networks. |
|
Definition
Two basic functions of an AP? |
|
|
Term
|
Definition
Process in which a wireless device looks for beacon frames. |
|
|