Security + Domain 1 – Flashcards
Unlock all answers in this set
Unlock answersquestion
Firewalls. (1.1)
answer
Provide protection by controlling traffic entering and leaving a network. They manage traffic using filters or rules. (1.1)
question
Packet Filter Firewall. (1.1)
answer
Works on the Network Layer 3 and Transport Layer 4. Filters traffic based on basic ID items found in the network packets header. This includes Destination addresses port numbers and protocols used (1.1)
question
Circuit-Level Gateway Firewall. (1.1)
answer
Monitoring occurs at the Network Layer 3 or the Session Layer 5. Filters traffic by filtering on the connection between an internal trusted host and an external untrusted host. Job is to make sure packets involved are used in a proper manner. Once a circuit level gateway allows a connection no further filtering on that communication is performed. (1.1)
question
Application-Level Gateway Firewall. (1.1)
answer
Operates at the Application Layer 7. Filters traffic based on user access, group membership, the application or service used, or the type of resource being transmitted. Such a firewall can be called a proxy. Focused on aspects of a specific appliance and protocol combination as well as actual content of the conversation. (1.1)
question
Stateful Inspection Firewall. (1.1)
answer
Deep packet inspections, creates rules on the fly. Can make intelligent and complex filtering decisions based on higher order information. Related to TCP. (1.1)
question
Routers. (1.1)
answer
Layer 3 device that enables traffic from one network segment to traverse into another network segment. However, the traffic must pass through the router's filters in order to make the transition. (1.1)
question
Switches. (1.1)
answer
A layer 2 device, it receives signals in one port and transmits them out the port where the intended recipient is connected. Often used to create VLANs. (1.1)
question
Load Balancer. (1.1)
answer
Used to spread or distribute network traffic load across several network links or network devices. Its purpose is to obtain more optimal infrastructure utilization, minimize response time, maximize throughput, reduce overloading, and eliminate bottlenecks. (1.1)
question
Proxy. (1.1)
answer
A variation of an application-level firewall or circuit-level firewall. Serves as a barrier against external threats to internal clients. Performed by using Network Address Translation (NAT), which hides the IP (Internet Protocol) configuration of internal clients and substitutes the IPconfig of the proxy server's own public external NIC in outbound requests. (1.1)
question
Proxy Server. (1.1)
answer
Used as a proxy or middleman between clients and servers. (1.1)
question
Host Based Intrusion Detection System (HIDS). (1.1)
answer
Used to protect the local client, user, and network from various malicious events. (1.1)
question
Intrusion Detection System (IDS). (1.1)
answer
An automated system that either watches activity in real time or reviews the contents of audit logs in order to detect intrusions or security policy violations. (1.1)
question
Network-Based Intrusion Detection System (NIDS). (1.1)
answer
watches network traffic in real time. It's reliable for detecting network focused attacks, such as bandwidth-based DoS attacks. (1.1)
question
Host Based Intrusion Detection System (HIDS). (1.1)
answer
Watches the audit trails and log files of a host system. It's reliable for detecting attacks directed against a host, whether they originate from an external source or are being perpetrated by a user locally logged in to the host. (1.1)
question
Detection Mechanisms. (1.1)
answer
Signature detection compares event patterns against known attack patterns (signatures) stored in the IDS database. Anomaly detection watches the ongoing activity of the environment and looks for abnormal occurrences. (1.1)
question
Response Methods. (1.1)
answer
An IDS with active detection and response is designed to take the quickest action to reduce potential damage caused by an intruder. This response may include shutting down the server or the affected service or disconnecting suspicious connections. An IDS with passive detection and response takes no direct action against the intruder; instead it may increase the amount of data being audited and recorded and notify the administrators about the intrusion. (1.1)
question
Behavior-based Detection. (1.1)
answer
Relies upon the establishment of a baseline or a definition of normal and benign. Once this baseline is established, the monitoring tool is able to detect activities that vary from that standard of normal. (1.1)
question
Signature-based Detection. (1.1)
answer
Relies on a database of signatures or patterns of known malicious or unwanted activity. The strength of a signature-based system is that it can quickly and accurately detect any event from its database of signatures. (1.1)
question
Anomaly-based Detection. (1.1)
answer
Relies on definitions of all valid forms of activity. This database of known valid activity allows the tool to detect any and all anomalies. (1.1)
question
Protocol Analyzer. (1.1)
answer
a tool used to examine the contents of network traffic. (1.1)
question
Sniffers. (1.1)
answer
Can either be used as a synonym for protocol analyzer or as a slightly distinct type of product. Generally a packet (or frame) capturing tool, while a protocol analyzer is able to decode and interpret packet/frame contents. (1.1)
question
Spam. (1.1)
answer
Undesired or unsolicited email. (1.1)
question
Web Security Gateways. (1.1)
answer
a web content filter (often URL - and content Keyboard based) that supports malware scanning. Implemented by an organization to have better policy enforcement over employee web activity. (1.1)
question
Virtual Private Network. (1.1)
answer
A communication tunnel between two entities across an immediate network. (1.1)
question
VPN Concentrator. (1.1)
answer
a dedicated hardware device designed to support a large number of simultaneous VPN connections, often hundreds to thousands. (1.1)
question
Spam Filter. (1.1)
answer
A hardware or software tool whose primary purpose is to identify and block/filter/remove unwanted messages (i.e. spam.) (1.1)
question
All-In-One. (1.1)
answer
A hardware device designed to operate inline between an Internet connection and a network. Its goal is to detect and filter all manner of malicious, wasteful, or otherwise unwanted traffic. Can also be called security gateways or UTM (unified Threat Management) systems. (1.1)
question
Web Application Firewall. (1.1)
answer
Intended to be an application-specific server-sided firewall to prevent cross-site scripting, SQL injection, and other web application attacks. (1.1)
question
Network Firewall. (1.1)
answer
Designed to provide broad protection for an entire network. (1.1)
question
URL Filtering. (1.1)
answer
Also known as web filtering is the act of blocking access to a site based on all or part of the URL used to request access. (1.1)
question
Content Inspection. (1.1)
answer
The security filtering function where the contents of the application protocol are inspected. (1.1)
question
Malware Inspection. (1.1)
answer
The use of a malware scanner to detect unwanted software content in network traffic. (1.1)
question
Rule-Based Management. (1.2)
answer
The concept of controlling the security of communications and IT events through rule or filter driven systems. Firewalls, proxies, routers, IDS, IPS, antivirus, and more are examples of this definition. (1.2)
question
Access Control Lists . (1.2)
answer
used to define who is allowed to or denied from performing a specified activity or action. (1.2)
question
802.1x (1.2)
answer
is a port-based authentication mechanism, based on EAP and is commonly used in closed environment wireless networks. It can also be used on firewalls, proxies, VPN gateways, and other locations where an authentication handoff service is desired. (Authentication Proxy). (1.2)
question
Loop Protection. (1.2)
answer
A transmission pathway that repeats itself. Includes spanning-tree protocol (SPT) for Ethernet and the IP header TTL value. (1.2)
question
Implicit Deny. (1.2)
answer
The default security stance that if you are not specifically granted access or privileges over a resource, you are denied access by default. (1.2)
question
Firewall Rules. (1.2)
answer
Follow First-Match-Apply rule system, the final rule should be a default deny. Anything that is not allowed or was denied is blocked by default. A great example of White-list management system. (1.2)
question
VLAN Management (1.2)
answer
The use of VLANs to control traffic for security or performance reasons. VLANs can be used to isolate traffic to isolate traffic between network segments. (1.2)
question
Secure Router Configuration. (1.2)
answer
Where malicious or unauthorized route changes are prevented 1: Set the routers password to something unique and secret. 2: Set the router to ignore ICMP (internet Control Management Protocol) type 5 redirect messages. 3: Use secure routing protocol that requires authentication and data encryption to exchange data. 4: Preconfigure the IP address of other trusted routers with which routing data can be exchanged. (1.2)
question
Port Security. (1.2)
answer
Physical control of all connection points. The management of TCP and UDP ports, if the service is active and assigned to a port, then the port is opened. All of the other 65,535 ports (of TCP or UDP) are closed if they do not have service actively using them. Hackers can detect the presence of active services by providing a port scan. (1.2)
question
Port Knocking. (1.2)
answer
A security system where all ports on a system appear closed. (1.2)
question
Flood Guards. (1.2)
answer
A defense against flooding or massive traffic DoS attacks. Detects flooding activity and begins to block it. Also a formal command in the Cisco IOS that is used to disable the Flood Defender. (1.2)
question
Prevent Network Bridging by network separation. (1.2)
answer
Network bridging does not limit or divine broadcast domains, does not scale well, can cause latency, and can result in loops. (1.2)
question
Log Analysis. (1.2)
answer
The art and science of reviewing audit trials, log files, or other forms of computer-generated records for evidence of policy violations, malicious events, downtimes, bottlenecks, or other issues of concern. (1.2)
question
Demilitarized Zone (DMZ) (1.3)
answer
An area of a network that is designed specifically for public users to access. A buffer network between the public untrusted Internet and the private trusted LAN. Deployed through the use of a multihomed firewall. (1.3)
question
Extranets (1.3)
answer
An intranet that functions as a DMZ for business-to-business transactions. Let organizations offer specialized services to business partners, suppliers, distributors, or customers. (1.3)
question
Subnetting (1.3)
answer
A divisioning process used on networks to divide larger groups of hosts into smaller collections. (1.3)
question
Virtual Local Area Network. (VLAN) (1.3)
answer
a logical creation of subnets out of a single physical network. It logically segments a network without altering its physical topology. They're easy to implement, have little administrative overhead, and are a hardware-based solution. (1.3)
question
Network Address Translation (NAT) (1.3)
answer
Converts the IP addresses of internal systems found in the header of network packets into public IP addresses. It hides the IP addressing scheme and structure from external entities. Serves as a basic firewall by only allowing incoming traffic that is in response to an internal system's request. It reduces expense by requiring fewer leased public IP addresses, and it allows the use of the private IP addresses (RFC 1918). (1.3)
question
RFC 1918. (1.3)
answer
Defines the ranges of private IP addresses that aren't routable across the Internet: 10.0.0.0-10.255.255.255 (10.0.0.0 /8 subnet), 1 Class A range; 172.16.0.0-172.31.255.255 (172.16.0.0 /12 subnet), 16 Class B ranges; and 192.168.0.0-192.168.255.255 (192.168.0.0 /16 subnet), 255 Class C ranges. (1.3)
question
Remote Access (RAS). (1.3)
answer
a network server that supports connections from distant users or systems. Often support modem banks, VPN links, and even terminal services connections. (1.3)
question
Telephony. (1.3)
answer
The collection of methods by which telephone services are provided to an organization or the mechanisms by which an organization uses telephone services for either voice and/or data communications. Traditionally, telephony included POTS or PSTN services combined with modems. However, this has expanded to include PBX, VoIP, and VPN. (1.3)
question
Network Access Control (NAC) (1.3)
answer
A concept of controlling access to an environment through strict adherence to and implementation of security policy. The goals are to prevent/reduce zero-day attacks, enforce security policy throughout the network, and use identities to perform access control. (1.3)
question
Virtualization Technology. (1.3)
answer
Used to host one or more operating systems within the memory of a single host computer. (1.3)
question
Cloud Computing. (1.3)
answer
A concept of computing where processing and storage are performed elsewhere over a network connection rather than locally. Often thought of as Internet-based computing. (1.3)
question
Platform as a Service. (1.3)
answer
The concept of providing a computing platform and software solution stack to a virtual cloud or based service. Essentially, it is the concept of paying for a service that provides all the aspects of a platform (i.e., operating system and complete solution package). (1.3)
question
Software as a Service. (1.3)
answer
Provides on-demand online access to specific software applications or suites without the need for local installation (or even local hardware and operating system (OS) requirements in many cases). Software as a service can be implemented as a subscription service, pay-as-you-go service, or a free service. (1.3)
question
Infrastructure as a Service. (1.3)
answer
Takes the platform as a service model yet another step forward into providing not just on-demand operating solutions but complete outsourcing options. This can include utility or metered computing services, administrative task automation, dynamic scaling, virtualization services, policy implementation and management services, and managed/filtered Internet connectivity. Ultimately, it allows an enterprise to quickly scale up new software- or data-based services/solutions through cloud systems quickly and without having to install massive hardware. (1.3)
question
Internet Protocol Security (IPsec) (1.4)
answer
both a stand-alone VPN protocol and a module that can be used with L2TP. Can be used in dial-up or network-to-network connections. It operates at the OSI model Layer 3 (The Network Layer). (1.4)
question
Authentication Header (AH) (1.4)
answer
Provides authentication of the sender's data. (1.4)
question
Encapsulating Security Payload (ESP). (1.4)
answer
Provides encryption of the transferred data as well as limited authentication. (1.4)
question
Tunnel Mode. (1.4)
answer
IPsec provides encryption protection for both the payload and the message header by encapsulating the entire original LAN protocol packet and adding its own temporary IPsec header. (1.4)
question
Transport Mode (1.4)
answer
IPsec provides encryption protection for just the payload and leaves the original message header intact. (1.4)
question
Internet Key Exchange (IKE) (1.4)
answer
Ensures the secure exchange of secret keys between communication partners in order to establish the encrypted VPN tunnel. (1.4)
question
Internet Security Association and Key Management Protocol (ISAKMP) (1.4)
answer
Used to negotiate and provide authenticated keying material (a common method of authentication) for security associations in a secured manner. The four major functional components are authentication of communications peers, threat mitigation, security association creation and management, and cryptographic key establishment and management. (1.4)
question
Secure Shell (SSH) (1.4)
answer
A secure replacement for Telnet, rlogon, rsh, and RCP. It can be called a remote access or remote terminal solution. Encrypts authentication and data traffic, and it operates over TCP port 22. (1.4)
question
Domain Name Server/system (DNS) (1.4)
answer
The hierarchical naming scheme used both in public and private networks. It links IP addresses and human friendly fully qualified domain names (FQDNs) together. (1.4)
question
TLS (Transport Layer Security) (1.4)
answer
The updated replacement for the Netscape Corporation's SSL. TLS is generally the same as SSL; however it uses more secure cryptographic protocols and algorithms. (1.4)
question
Secure Sockets Layer (SSL) (1.4)
answer
used to encrypt traffic between a web browser and a web server. Through the use of SSL or TLS, web surfers can make online purchases, interact with banks, and access private information without disclosing the contents of their communications. SSL and TLS can make web transactions private and secure. (1.4)
question
Simple Network Management Protocol (SNMP) (1.4)
answer
A standard network management protocol supported by most network devices and TCP/IP compliant hosts. This includes routers, switches, bridges, wireless access points, firewalls, VPN appliances, modems, printers, and so on. (1.4)
question
File Transfer Protocol Secure (FTPS) (1.4)
answer
is FTP Secure or FTP SSL, which indicates it is a variation of FTP secured by SSL (or now TLS). This is a distinct FTP service variation from SFTP, which is SSH-secured FTP. (1.4)
question
File Transport Protocol (FTP) (1.4)
answer
is an in-the-clear file exchange solution. An FTP server system is configured to allow authenticated or anonymous FTP clients to log on in order to upload or download files. FTP employs TCP ports 20 and 21. (1.4)
question
Secure FTP (SFTP) (1.4)
answer
a secured alternative to standard or basic FTP that encrypts both authentication and data traffic between the client and server. SFTP employs SSH to provide secure FTP communications. (1.4)
question
Anonymous FTP. (1.4)
answer
a form of nameless logon to an FTP server. Site administrators should carefully configure FTP servers that allow anonymous access. (1.4)
question
Blind FTP (1.4)
answer
A configuration of anonymous FTP or authenticated FTP where uploaded files are unseen and unreadable by visitors. Thus, users can upload files but not see the resulting uploads. (1.4)
question
FTP vulnerabilities (1.4)
answer
Because all FTP traffic is transmitted in the clear, all FTP traffic is vulnerable to packet sniffing and other forms of eavesdropping. Not all operating systems or file systems support long filenames. If an FTP server's host operating system and file systems support only the 8.3 naming convention, then uploaded files with longer filenames will be automatically truncated to comply with 8.3 restrictions. (1.4)
question
HTTPS (1.4)
answer
When SSL or TLS is used to secure transactions, this is known as Hypertext Transfer Protocol over SSL. (1.4)
question
SCP (Secure Copy Protocol) (1.4)
answer
A secure file transfer facility based on SSH and RCP. (1.4)
question
ICMP (Internet Control Messaging Protocol) (1.4)
answer
A network health and link testing protocol. Operates in Layer 3 as the payload of an IP packet. Is the protocol commonly used by tools such as ping, traceroute, and pathping. (1.4)
question
FTP (1.5)
answer
uses TCP ports 20 (data) and 21 (control) (1.5)
question
SFTP (1.5)
answer
SFTP, or SSH-secured FTP, uses TCP port 22. (1.5)
question
FTPS (1.5)
answer
FTPS, or FTP over SSL, uses TCP ports 990 (control channel) and 989 (data channel). (1.5)
question
TFTP (1.5)
answer
uses UDP port 69. (1.5)
question
TELNET (1.5)
answer
uses TCP port 23. (1.5)
question
HTTP (Hypertext Transfer Protocol) (1.5)
answer
uses TCP port 80. (1.5)
question
HTTPS (1.5)
answer
(with SSL or TLS), uses TCP port 443. (1.5)
question
SCP (1.5)
answer
or SSH secured RCP, uses TCP port 22. (1.5)
question
SSH (1.5)
answer
uses TCP port 22. (1.5)
question
NetBIOS (1.5)
answer
Uses TCP ports 137-139 (1.5)
question
802.11 (1.6)
answer
The IEEE standard for wireless network communications. (1.6)
question
802.11 & 802.11a (1.6)
answer
Speed (2 Mbps) Frequency (2.4 GHz) (1.6)
question
802.11b (1.6)
answer
Speed (11 Mbps) Frequency (5 GHz) (1.6)
question
802.11g (1.6)
answer
Speed (54 Mbps) Frequency (2.4 GHz) (1.6)
question
802.11n (1.6)
answer
Speed (200+ Mbps) Frequency (2.4 GHz or 5 GHz) (1.6)
question
Site Survey (1.6)
answer
The process of investigating the presence, strength, and reach of wireless access points deployed in an environment. This task usually involves walking around with a portable wireless device, taking note of the wireless signal strength, and mapping this on a plot or schematic of the building. (1.6)
question
Wi-Fi Protected Access (WPA) (1.6)
answer
An early alternative to WEP, this technique was an improvement but was itself not fully secure. It is based on the LEAP and TKIP cryptosystem and employs a secret passphrase. (1.6)
question
Wi-Fi Protected Access Version 2 (WPA2) (1.6)
answer
A new encryption scheme known as the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), which is based on the AES encryption scheme. (1.6)
question
Wired Equivalent Privacy (WEP) (1.6)
answer
Defined by the IEEE 802.11 standard. It was designed to provide the same level of security and encryption on wireless networks as is found on wired or cabled networks. It provides protection from packet sniffing and eavesdropping against wireless transmissions. A secondary benefit of is that it can be configured to prevent unauthorized access to the wireless network. It also uses a predefined shared secret key. (1.6)
question
EAP (Extensible Authentication Protocol) (1.6)
answer
Not a specific mechanism of authentication; rather it is an authentication framework. Effectively, it allows for new authentication technologies to be compatible with existing wireless or point-to-point connection technologies. (1.6)
question
PEAP (Protected Extensible Authentication Protocol) (1.6)
answer
Encapsulates EAP methods within a TLS tunnel that provides authentication and potentially encryption. (1.6)
question
LEAP (Lightweight Extensible Authentication Protocol) (1.6)
answer
A Cisco proprietary alternative to TKIP for WPA. This was developed to address deficiencies in TKIP before the 802.11i/WPA2 system was ratified as a standard. (1.6)
question
MAC Filter (1.6)
answer
a list of authorized wireless client interface MAC addresses that is used by a wireless access point to block access to all non-authorized devices. (1.6)
question
SSID Broadcast (1.6)
answer
Wireless networks traditionally announce their SSID on a regular basis within a special packet known as the beacon frame. When the SSID is broadcast, any device with an automatic detect and connect feature is not only able to see the network, they can initiate a connection with the network. (1.6)
question
TKIP (Temporal Key Integrity Protocol) (1.6)
answer
Designed as the replacement for WEP without requiring replacement of legacy wireless hardware. It was implemented into 802.11 wireless networking under the name WPA (Wi-Fi Protected Access). (1.6)
question
CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) (1.6)
answer
Created to replace WEP and TKIP/WPA. CCMP uses AES (Advanced Encryption Standard) with a 128-bit key.
question
Antenna Placement (1.6)
answer
Use Center Location Avoid solid Physical Obstructions Avoid reflective or other flat metal surfaces Avoid Electrical Equipment. (1.6)
question
Omnidirectional Antenna's (1.6)
answer
An antenna that should be pointed strait up. (1.6)
question
Directional Antenna (1.6)
answer
Point the focus toward the area of desired use. Keep in mind that wireless signals are affected by interference, distance, and obstructions. (1.6)
question
Power Controls (1.6)
answer
Typically set by the manufacturer to a setting that is suitable for most situations. When adjusting power levels, make minor adjustments instead of attempting to maximize or minimize the setting. Also take note of the initial/default setting so you can return to that setting if desired. After each power level adjustment, reset/reboot the wireless access point before re-performing site survey and quality tests. Sometimes lowering the power level can improve performance. (1.6)