7 Network Security – Flashcards

Unlock all answers in this set

Unlock answers
question
ISO Model. What does ISO stand for?
answer
International Organizational for Standardization
question
ISO Model
answer
A set of specifications on how dissimilar computers can connect on network.
question
OSI
answer
Open Systems Interconnection. Illustrates how a network devices prepares data for delivery. and how it is handled.
question
What is the key to OSI?
answer
Layers.
question
How many layers are there in OSI?
answer
7
question
Name the layers to OSI
answer
1. Physical Layer 2. Data Link layer 3. Network layer 4. Transport layer 5. Session layer 6. Presentation layer 7. Application layer
question
Describe: Physical Layer
answer
The job of this layer is to send the signal to the network or recieve it from network. bits.
question
Data Link Layer
answer
Responsible for dividing the data into frames. Smaller tasks: error detection, correction. (like if something is not properly received). bit/frame.
question
Network Layer
answer
picks the route the packet is to take. handles addressing of packets. packet/datagram
question
Transport Layer
answer
provides connection establishment, management and termination as well as acknowledgement. It is really kind of the highway for the info and the vehicles. segment
question
Session Layer
answer
Allows device to establish and manage sessions. the highway toll taker? data
question
Presentation Layer
answer
IS concerned with how data is presented. formatted. translation, encryption, compression... data
question
Application Layer
answer
Provides services for user applications. this is the email app for communication so to speak.. data
question
Mnemonic for the OSI?
answer
Please Do Not Through Sausage Pizza Away.
question
Switches
answer
hubs. switch.
question
hubs
answer
physical layer. meaning they did not read the info flowing through them. multiport repeater.
question
flaws to hub
answer
because repeated all frames unnecessarily increased traffic. and security risk.
question
protocol analyzer
answer
hardware or software that captures and decodes packets.
question
network switch
answer
operates at layer 2. a device that connects network devices together. unlike hub has degree of intelligence. can unicast and broadcast
question
unicast
answer
forward frames to specific device.
question
broadcast
answer
frames sent to all devices
question
Media Access control
answer
MAC
question
How does switch examine MAC?
answer
Examines the MAC address of its frames to send frames to the identified port.
question
Two ways to monitor traffic on switch
answer
1st. use ethernet network that supports Port Mirroring. This allows admin to copy info of ports for monitoring 2nd. install network tap
question
network tap
answer
test access point. separate device. best for high speed networks.
question
Routers
answer
layer 3. Network layer. device that can forward packets accross computer network. it can be configured to filter out types of network traffic. invalid address, disallow ip
question
Load balancing
answer
technology that helps evenly distribute work accross networks.
question
advantages of load balancing
answer
Reduced chance of overload. Benefit of optimized bandwidth. Network downtime reduced.
question
Load balancer
answer
Layer 4 and layer 7. Hardware device that load balances.
question
layer 4 load balancers
answer
Act on data from transport and network layer protocols. IP, TCP, FTP, UDP
question
Layer 7 load balancers
answer
distributed request based on data found in application layer. HTTP
question
IP Spraying
answer
When load balancing is used for distributing HTTP requests recieved.
question
Security advantages of load balancing?
answer
these are found between router and server. they can detect and prevent DoS. and protocol attacks. types that cripple a single server. Some Load balancers can hide ID header and error pages
question
proxies
answer
Proxy server. Application Aware proxy. Reverse Proxy
question
Proxy Server
answer
This proxy works by taking made requests from clients and seeing if it has a cache of made request. If not it then addresses the real server, that it is proxy for, and forwards that info on to client.
question
Benefits of proxy server
answer
Increased speed. If in the cache, info will come wuicker. Reduced cost. bandwidth used is decreased. Improved Management. Can block bad sites or categories. Stronger Security. only it's IP is used on internet.
question
Application Aware Proxy
answer
Special proxy server that knows the application protocol it supports. Like FTP.
question
Reverse Proxy
answer
On the opposite end of the proxy server. Processes server requests or routes incoming requests from internet to correct servers.
question
Network Security Hardware
answer
Network Firewall, Spam Filters, Virtual private Network concentrators, internet content filters, web security gateways, intrusion detection and prevention systems and unified threat management appliances.
question
Network Firewall
answer
Same job as single computer firewall. To inspect packets and either accept or deny entry. first line of defense as hardware.
question
packets can be filtered one of two ways
answer
Stateless packet and stateful packet
question
Stateless packet filtering
answer
Either accept or deny. based on admin settings
question
Stateful packet filtering
answer
keeps a record between internal computer and external device. then makes decision based on connection and conditions.
question
Different actions a firewall can take?
answer
Allow. drop. reject. ask.
question
allow
answer
let's packet pass through
question
drop
answer
prevents packet from its journey with no response
question
reject
answer
prevents packet from journey but sense a message to sender.
question
ask
answer
inquires which action to take.
question
The actions are determined by 2 methods
answer
Rule-based. and application based.
question
Rule based firewalls
answer
uses set of instructions to control firewall.
question
firewall rules
answer
single line of textual info.
question
info in firewall rules
answer
Source address, Desination Address, Source port, Destination port, protocol. direction, action.
question
Source address
answer
where the packet is from. identified by ip address, ip mask, MAC address or host name.
question
Desination Address
answer
where the packet is going.
question
Source port
answer
TCP/IP port number being used to send data (the highway the packet is traveling on)
question
Destination port
answer
gives port on remote computer.
question
protocol
answer
defines the protocol. TCP, UDP, ICMP, IP
question
direction
answer
direction for data packet. in out or both
question
action
answer
as listed above. Allow. drop. reject. ask.
question
Application Aware firewalls
answer
the more intelligent firewall. Next generation firewall.
question
Web application firewall
answer
Type of application aware firewall. this looks at applications that use HTTP.
question
Spam filters
answer
...
question
Email system uses two TCP/IP protocols to send and receive.
answer
SMTP. Simple Mail Transfer Protocol., which handles outgoing mail. port 25. POP Post office protocol. POP3which handles incoming. port 110.
question
IMAP
answer
while POP3 is a store and forward service IMAP is remote email storage.
question
Two options for installing spam filter.
answer
Install with SMTP server. simple and most effective. Install the spam filter or the POP3 server. this allows all the spam to first go through the 25 port.
question
Third party spam filter.
answer
done by changing the MX mail exchange record. This is an entry in the DNS. that identifies the mail server responsible for
question
Virtual private Network concentrators,
answer
VPN. encrypts all data that is transmitted between the remote device and the network.
question
Types of VPN
answer
Remote access or virtual private, dial up network. user to lLAN and site to site.
question
Generic Routing encaspulation
answer
GRE framework for how to package the guest protocol for transportation over the IP.
question
Two sub protocols for IPsec
answer
Encapsulated Security payload. EPS. encrypts using symmetric key. Authentication Header. AH. digest of packet header.
question
fRemote Access VPN uses either
answer
IPsec or layer 2 tunneling protocol L2TP
question
Internet content filters
answer
Monitor internet traffic and block access. admins can identify users that try to foil filters.
question
URL filtering
answer
Uniform Resource Locator filtering blocks based on URL.
question
Content Inspections.
answer
bases filtering off of content words.
question
Web Security Gateways
answer
Blocks content real time. higher level of defense through application level filtering.
question
Intrusion Detection System IDS
answer
a device that can detect an attack as it occurs.
question
Four monitoring Methodologies
answer
anomaly based. signature based. behavior based. heuristic .
question
Anomaly based monitoring
answer
designed for statistical anomalies. This is comparing the monitoring against a baseline.
question
Signature based Monitoring
answer
This takes a signature action, like scanning for antivirus and checks that against a database of known signatures. if the signature definition is too specific, it can miss variations
question
Behavior based Monitoring
answer
more adaptive than than reactive. quicker than the previous methods. This uses the normal behaviors or actions of programs and compares that to anything abnormal.
question
Heuristic Monitoring
answer
Different. Experienced based techniques. it is like the antivirus heuristic analysis except it doesn't create a test ground, it actually uses an algorithm.
question
Two types of IDS
answer
Host based intrusion detection system HIDS.
question
Host based intrusion detection system HIDS.
answer
rely on agents installed on system. and monitor desktop functions
question
HIDS monitor these desktop functions
answer
System calls. File system access. System Registry settings. Host Input/output.
question
System calls
answer
a system call is an instruction that interrupts the program being executed and requests service from OS
question
File system access
answer
Files opened by access calls . HIDS
question
System Registry settings
answer
the windows registry maintains configuration information about programs and the computer.
question
Host Input/output
answer
watches messaging and in and outs.
question
Disadvantages to HIDs
answer
cannot monitor outside local system. all log data is stored locally. Tends to be resource intensive.
question
NIDS
answer
Network Intrusion Detection System
question
Network Intrusion Detection NIDS
answer
watches for attacks on network. these send alerts to the network admin.
question
Application aware IDS
answer
uses contextualize knowledge in real time. reduces risk of false positives.
question
Intrusion Prevention System IPS
answer
not only monitors like, IDS. but also attempts to prevent.
question
Network Intrusion Prevention System NIPS
answer
In contrast to the NIDs. This is located on firewall not cental device.
question
Aware application IPS
answer
also like IDS, this knows operating system and system info. provides higher degree of accuracy for potential attacks.
question
IPS aware Application
answer
also like IDS, this knows operating system and system info. provides higher degree of accuracy for potential attacks.
question
UTM Unified. Threat. Management
answer
A security appliance used to replace all the devices together and do all their tasks.
question
UTM Unified Threat Management provided security functions
answer
Antispam, antiphishing. Antivius and antispyware. Bandwidth optimization. Content Filtering. Encryption. Firewall. Instant Message control. Web filtering.
question
Network Technologies
answer
Network address translation and network access control.
question
Network address translation. NAT
answer
technique that allows private IP addresses to be used on the public internet. replaces a private IP address with a public one.
question
network access control. NAC
answer
This examines the current state of a system or network device before it is allowed to connect to the network. if the criteria is not met, such as not having the most current antivirus signature, it is quarantined until corrected.
question
PAT
answer
a variation of NAT
question
Goal of NAC
answer
To prevent computers with sub-optimal security from unintentionally infecting other computers through the network.
question
SoH
answer
Statement of health. is sent to the HRA during NAT quarantine process.
question
HRA
answer
Health Registration Authority. this server enforces the policies of network. works with patches and antivirus
question
NAC uses one of two methods
answer
DHCP Dynamic Host configuring protocol. Second method is the ARP poinsoning.
question
Elements of secure network design include
answer
Demilitarized zones. subnetting. using virtual LAN. and remote access.
question
Demilitarized zones. DMZ
answer
area separate network outside other networks.
question
subnetting
answer
IP address to be split anywhere within 32 bits
question
Core Switches
answer
reside at the top of the hierarchy and carry traffic between switches.
question
Workgroup Switches
answer
connected to devices directly.
question
Virtual LAN
answer
Separating devices into logical group.
question
VLAN take place two ways
answer
If The VLAN can be connected to the same switch. if people outside the switch need to comunicated to the other switch they have to use a proprietary protocol or a vendor neutral IEEE 802.1Q
question
Remote Access
answer
refers to combination of soft and hardware that enables remote user to access a local internal network.
question
How does a VLAN group?
answer
Logically
Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New