7 Network Security – Flashcards

115 test answers

Unlock all answers in this set

Unlock answers 115
question
ISO Model. What does ISO stand for?
answer
International Organizational for Standardization
question
ISO Model
answer
A set of specifications on how dissimilar computers can connect on network.
question
OSI
answer
Open Systems Interconnection. Illustrates how a network devices prepares data for delivery. and how it is handled.
question
What is the key to OSI?
answer
Layers.
question
How many layers are there in OSI?
answer
7
Unlock the answer
question
Name the layers to OSI
answer
1. Physical Layer 2. Data Link layer 3. Network layer 4. Transport layer 5. Session layer 6. Presentation layer 7. Application layer
Unlock the answer
question
Describe: Physical Layer
answer
The job of this layer is to send the signal to the network or recieve it from network. bits.
Unlock the answer
question
Data Link Layer
answer
Responsible for dividing the data into frames. Smaller tasks: error detection, correction. (like if something is not properly received). bit/frame.
Unlock the answer
question
Network Layer
answer
picks the route the packet is to take. handles addressing of packets. packet/datagram
Unlock the answer
question
Transport Layer
answer
provides connection establishment, management and termination as well as acknowledgement. It is really kind of the highway for the info and the vehicles. segment
Unlock the answer
question
Session Layer
answer
Allows device to establish and manage sessions. the highway toll taker? data
Unlock the answer
question
Presentation Layer
answer
IS concerned with how data is presented. formatted. translation, encryption, compression... data
Unlock the answer
question
Application Layer
answer
Provides services for user applications. this is the email app for communication so to speak.. data
Unlock the answer
question
Mnemonic for the OSI?
answer
Please Do Not Through Sausage Pizza Away.
Unlock the answer
question
Switches
answer
hubs. switch.
Unlock the answer
question
hubs
answer
physical layer. meaning they did not read the info flowing through them. multiport repeater.
Unlock the answer
question
flaws to hub
answer
because repeated all frames unnecessarily increased traffic. and security risk.
Unlock the answer
question
protocol analyzer
answer
hardware or software that captures and decodes packets.
Unlock the answer
question
network switch
answer
operates at layer 2. a device that connects network devices together. unlike hub has degree of intelligence. can unicast and broadcast
Unlock the answer
question
unicast
answer
forward frames to specific device.
Unlock the answer
question
broadcast
answer
frames sent to all devices
Unlock the answer
question
Media Access control
answer
MAC
Unlock the answer
question
How does switch examine MAC?
answer
Examines the MAC address of its frames to send frames to the identified port.
Unlock the answer
question
Two ways to monitor traffic on switch
answer
1st. use ethernet network that supports Port Mirroring. This allows admin to copy info of ports for monitoring 2nd. install network tap
Unlock the answer
question
network tap
answer
test access point. separate device. best for high speed networks.
Unlock the answer
question
Routers
answer
layer 3. Network layer. device that can forward packets accross computer network. it can be configured to filter out types of network traffic. invalid address, disallow ip
Unlock the answer
question
Load balancing
answer
technology that helps evenly distribute work accross networks.
Unlock the answer
question
advantages of load balancing
answer
Reduced chance of overload. Benefit of optimized bandwidth. Network downtime reduced.
Unlock the answer
question
Load balancer
answer
Layer 4 and layer 7. Hardware device that load balances.
Unlock the answer
question
layer 4 load balancers
answer
Act on data from transport and network layer protocols. IP, TCP, FTP, UDP
Unlock the answer
question
Layer 7 load balancers
answer
distributed request based on data found in application layer. HTTP
Unlock the answer
question
IP Spraying
answer
When load balancing is used for distributing HTTP requests recieved.
Unlock the answer
question
Security advantages of load balancing?
answer
these are found between router and server. they can detect and prevent DoS. and protocol attacks. types that cripple a single server. Some Load balancers can hide ID header and error pages
Unlock the answer
question
proxies
answer
Proxy server. Application Aware proxy. Reverse Proxy
Unlock the answer
question
Proxy Server
answer
This proxy works by taking made requests from clients and seeing if it has a cache of made request. If not it then addresses the real server, that it is proxy for, and forwards that info on to client.
Unlock the answer
question
Benefits of proxy server
answer
Increased speed. If in the cache, info will come wuicker. Reduced cost. bandwidth used is decreased. Improved Management. Can block bad sites or categories. Stronger Security. only it's IP is used on internet.
Unlock the answer
question
Application Aware Proxy
answer
Special proxy server that knows the application protocol it supports. Like FTP.
Unlock the answer
question
Reverse Proxy
answer
On the opposite end of the proxy server. Processes server requests or routes incoming requests from internet to correct servers.
Unlock the answer
question
Network Security Hardware
answer
Network Firewall, Spam Filters, Virtual private Network concentrators, internet content filters, web security gateways, intrusion detection and prevention systems and unified threat management appliances.
Unlock the answer
question
Network Firewall
answer
Same job as single computer firewall. To inspect packets and either accept or deny entry. first line of defense as hardware.
Unlock the answer
question
packets can be filtered one of two ways
answer
Stateless packet and stateful packet
Unlock the answer
question
Stateless packet filtering
answer
Either accept or deny. based on admin settings
Unlock the answer
question
Stateful packet filtering
answer
keeps a record between internal computer and external device. then makes decision based on connection and conditions.
Unlock the answer
question
Different actions a firewall can take?
answer
Allow. drop. reject. ask.
Unlock the answer
question
allow
answer
let's packet pass through
Unlock the answer
question
drop
answer
prevents packet from its journey with no response
Unlock the answer
question
reject
answer
prevents packet from journey but sense a message to sender.
Unlock the answer
question
ask
answer
inquires which action to take.
Unlock the answer
question
The actions are determined by 2 methods
answer
Rule-based. and application based.
Unlock the answer
question
Rule based firewalls
answer
uses set of instructions to control firewall.
Unlock the answer
question
firewall rules
answer
single line of textual info.
Unlock the answer
question
info in firewall rules
answer
Source address, Desination Address, Source port, Destination port, protocol. direction, action.
Unlock the answer
question
Source address
answer
where the packet is from. identified by ip address, ip mask, MAC address or host name.
Unlock the answer
question
Desination Address
answer
where the packet is going.
Unlock the answer
question
Source port
answer
TCP/IP port number being used to send data (the highway the packet is traveling on)
Unlock the answer
question
Destination port
answer
gives port on remote computer.
Unlock the answer
question
protocol
answer
defines the protocol. TCP, UDP, ICMP, IP
Unlock the answer
question
direction
answer
direction for data packet. in out or both
Unlock the answer
question
action
answer
as listed above. Allow. drop. reject. ask.
Unlock the answer
question
Application Aware firewalls
answer
the more intelligent firewall. Next generation firewall.
Unlock the answer
question
Web application firewall
answer
Type of application aware firewall. this looks at applications that use HTTP.
Unlock the answer
question
Spam filters
answer
...
Unlock the answer
question
Email system uses two TCP/IP protocols to send and receive.
answer
SMTP. Simple Mail Transfer Protocol., which handles outgoing mail. port 25. POP Post office protocol. POP3which handles incoming. port 110.
Unlock the answer
question
IMAP
answer
while POP3 is a store and forward service IMAP is remote email storage.
Unlock the answer
question
Two options for installing spam filter.
answer
Install with SMTP server. simple and most effective. Install the spam filter or the POP3 server. this allows all the spam to first go through the 25 port.
Unlock the answer
question
Third party spam filter.
answer
done by changing the MX mail exchange record. This is an entry in the DNS. that identifies the mail server responsible for
Unlock the answer
question
Virtual private Network concentrators,
answer
VPN. encrypts all data that is transmitted between the remote device and the network.
Unlock the answer
question
Types of VPN
answer
Remote access or virtual private, dial up network. user to lLAN and site to site.
Unlock the answer
question
Generic Routing encaspulation
answer
GRE framework for how to package the guest protocol for transportation over the IP.
Unlock the answer
question
Two sub protocols for IPsec
answer
Encapsulated Security payload. EPS. encrypts using symmetric key. Authentication Header. AH. digest of packet header.
Unlock the answer
question
fRemote Access VPN uses either
answer
IPsec or layer 2 tunneling protocol L2TP
Unlock the answer
question
Internet content filters
answer
Monitor internet traffic and block access. admins can identify users that try to foil filters.
Unlock the answer
question
URL filtering
answer
Uniform Resource Locator filtering blocks based on URL.
Unlock the answer
question
Content Inspections.
answer
bases filtering off of content words.
Unlock the answer
question
Web Security Gateways
answer
Blocks content real time. higher level of defense through application level filtering.
Unlock the answer
question
Intrusion Detection System IDS
answer
a device that can detect an attack as it occurs.
Unlock the answer
question
Four monitoring Methodologies
answer
anomaly based. signature based. behavior based. heuristic .
Unlock the answer
question
Anomaly based monitoring
answer
designed for statistical anomalies. This is comparing the monitoring against a baseline.
Unlock the answer
question
Signature based Monitoring
answer
This takes a signature action, like scanning for antivirus and checks that against a database of known signatures. if the signature definition is too specific, it can miss variations
Unlock the answer
question
Behavior based Monitoring
answer
more adaptive than than reactive. quicker than the previous methods. This uses the normal behaviors or actions of programs and compares that to anything abnormal.
Unlock the answer
question
Heuristic Monitoring
answer
Different. Experienced based techniques. it is like the antivirus heuristic analysis except it doesn't create a test ground, it actually uses an algorithm.
Unlock the answer
question
Two types of IDS
answer
Host based intrusion detection system HIDS.
Unlock the answer
question
Host based intrusion detection system HIDS.
answer
rely on agents installed on system. and monitor desktop functions
Unlock the answer
question
HIDS monitor these desktop functions
answer
System calls. File system access. System Registry settings. Host Input/output.
Unlock the answer
question
System calls
answer
a system call is an instruction that interrupts the program being executed and requests service from OS
Unlock the answer
question
File system access
answer
Files opened by access calls . HIDS
Unlock the answer
question
System Registry settings
answer
the windows registry maintains configuration information about programs and the computer.
Unlock the answer
question
Host Input/output
answer
watches messaging and in and outs.
Unlock the answer
question
Disadvantages to HIDs
answer
cannot monitor outside local system. all log data is stored locally. Tends to be resource intensive.
Unlock the answer
question
NIDS
answer
Network Intrusion Detection System
Unlock the answer
question
Network Intrusion Detection NIDS
answer
watches for attacks on network. these send alerts to the network admin.
Unlock the answer
question
Application aware IDS
answer
uses contextualize knowledge in real time. reduces risk of false positives.
Unlock the answer
question
Intrusion Prevention System IPS
answer
not only monitors like, IDS. but also attempts to prevent.
Unlock the answer
question
Network Intrusion Prevention System NIPS
answer
In contrast to the NIDs. This is located on firewall not cental device.
Unlock the answer
question
Aware application IPS
answer
also like IDS, this knows operating system and system info. provides higher degree of accuracy for potential attacks.
Unlock the answer
question
IPS aware Application
answer
also like IDS, this knows operating system and system info. provides higher degree of accuracy for potential attacks.
Unlock the answer
question
UTM Unified. Threat. Management
answer
A security appliance used to replace all the devices together and do all their tasks.
Unlock the answer
question
UTM Unified Threat Management provided security functions
answer
Antispam, antiphishing. Antivius and antispyware. Bandwidth optimization. Content Filtering. Encryption. Firewall. Instant Message control. Web filtering.
Unlock the answer
question
Network Technologies
answer
Network address translation and network access control.
Unlock the answer
question
Network address translation. NAT
answer
technique that allows private IP addresses to be used on the public internet. replaces a private IP address with a public one.
Unlock the answer
question
network access control. NAC
answer
This examines the current state of a system or network device before it is allowed to connect to the network. if the criteria is not met, such as not having the most current antivirus signature, it is quarantined until corrected.
Unlock the answer
question
PAT
answer
a variation of NAT
Unlock the answer
question
Goal of NAC
answer
To prevent computers with sub-optimal security from unintentionally infecting other computers through the network.
Unlock the answer
question
SoH
answer
Statement of health. is sent to the HRA during NAT quarantine process.
Unlock the answer
question
HRA
answer
Health Registration Authority. this server enforces the policies of network. works with patches and antivirus
Unlock the answer
question
NAC uses one of two methods
answer
DHCP Dynamic Host configuring protocol. Second method is the ARP poinsoning.
Unlock the answer
question
Elements of secure network design include
answer
Demilitarized zones. subnetting. using virtual LAN. and remote access.
Unlock the answer
question
Demilitarized zones. DMZ
answer
area separate network outside other networks.
Unlock the answer
question
subnetting
answer
IP address to be split anywhere within 32 bits
Unlock the answer
question
Core Switches
answer
reside at the top of the hierarchy and carry traffic between switches.
Unlock the answer
question
Workgroup Switches
answer
connected to devices directly.
Unlock the answer
question
Virtual LAN
answer
Separating devices into logical group.
Unlock the answer
question
VLAN take place two ways
answer
If The VLAN can be connected to the same switch. if people outside the switch need to comunicated to the other switch they have to use a proprietary protocol or a vendor neutral IEEE 802.1Q
Unlock the answer
question
Remote Access
answer
refers to combination of soft and hardware that enables remote user to access a local internal network.
Unlock the answer
question
How does a VLAN group?
answer
Logically
Unlock the answer
Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New