Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
87 Cards in this Set
- Front
- Back
dedicated hardware device |
load balancer
|
|
load balancers are grouped into two categories: |
Layer 4 load balancers Layer 7 load balancers |
|
act upon data found in Network and Transport Layer protocols such as Internet Protocol (IP), Transmission Control Protocol (TCP), File Transport Protocol (FTP), and User Datagram Protocol (UDP) |
Layer 4 load balancers |
|
distribute requests based on data found in Application layer protocols such as HTTP |
Layer 7 load balancers |
|
these two layers can distribute work in different ways Layer 4 and Layer 7: |
based on a "round-robin" rotation to all devices equally
to devices that have the least number of connections |
|
also can use HTTP headers, cookies, or data within application message itself to make decision on distribution. |
Layer 7 load balancers |
|
person who authorized to act as substitute or agent on behalf of another human |
Proxy |
|
computer or application that intercepts and processes user requests: |
Proxy Server |
|
special proxy server that "knows" the application protocols that it supports (FTP proxy server implements the protocol FTP) |
application - aware proxy |
|
proxy server advantages |
- increased speed (requests served from the cache) - reduced costs (cache reduces bandwith required ) - improved management - block specific Web pages or sites -Stronger security |
|
Stronger security in proxies provide: |
intercept malware hide client systems IP address from the open Internet |
|
reverse proxy |
does not serve clients but routes incoming requests to correct server |
|
reverse proxy's IP address is |
visible to outside users |
|
internal servers' IP address is |
hidden |
|
Network sercurity hardware is: |
- specifically designed security hardware devices - greater protection than standard networking devices - devices include network firewalls, spam filters, virtual private network concentrates, internet content filters, |
|
software firewall that runs as program on one client |
host based application software
|
|
designed to protected an entire network |
hardware-based network firewall |
|
both essentially same: (network firewalls) |
to inspect packets and either accept or deny entry |
|
usually located outside network security perimeter as first line of defense |
hardware firewalls |
|
methods of firewall packet filtering |
stateless packet filtering stateful packet filtering |
|
inspects incoming packet and permits or denies based on conditions set by administrator |
stateless packet filtering |
|
keeps records of state of connection and makes decisions based on connection and conditions |
stateful packet filtering |
|
Firewall actions: |
allow - let packet pass through and continue on its journey drop- prevent packet from passing into network and send no response to sender reject- prevent packet from passing into network but send a message to sender that the destination cannot be reached ask- inquire what action to take |
|
uses set of individual instructions to control actions (firewall rules) |
rule-based firewall |
|
are static in nature and cannot do anything other what have been expressly configured do |
rule-based firewall |
|
more "intelligent" firewall operates at higher level (next- generation firewall or NGFW) |
application - aware firewall |
|
special type of application - aware that looks at applications using HTTP |
web application firewall |
|
identifies applications that send packets through firewall and then make decisions about application (vs. granular rule settings like destination port or protocol) |
application - aware firewall |
|
enterprise - wide spam filters block spam before it reaches the host |
spam filters |
|
email systems use two protocols: |
simple mail transfer protocol (SMTP) Post Office Protocol (POP) |
|
handles outgoing mail |
simple mail transfer protocol (SMTP) |
|
handles incoming mail |
Post Office Protocol (POP) |
|
installed with SMTP server |
spam filters |
|
Spam filters installed on POP3 server
|
- All spam must first pass through SMTP server and be delivered to user’s mailbox
- Can result in increased costs of storage, transmission, backup, deletion |
|
Uses unsecured network as if were secure
|
Virtual private network (VPN) -
|
|
two types of VPNs |
remote-access VPN Site-to-site VPN |
|
–Multiplesites can connect to other sites over the Internet
|
Site-to-site VPN
|
|
- User to LAN connection
|
Remote-access VPN
|
|
All data transmitted between remote device and network is encrypted
|
VPN Concentrators |
|
End of tunnel between VPN devices:
May be software on local computerMay be VPN concentrator (hardware device)May be integrated into another networking device |
Endpoints
|
|
Hardware-based generally have better securitySoftware-based have more flexibility in managing network traffic
|
VPNs can be software-based or hardware-based
|
|
Monitor Internet traffic and block access to preselected Web sites and files
|
Internet content filters
|
|
Unapproved sites can be restricted based on:
|
Uniform Resource Locator (URL filtering) Searching for and matching keywords such as sex or hate (content inspection) Looking for malware (malware inspection)
|
|
Can block malicious content in real time
|
Web security gateway
|
|
- ActiveX objects
- Adware, spyware - Peer to peer file sharing - Script exploits - TCP/IP malicious code attacks |
Examples of blocked web traffic:
|
|
Device that can detect an attackas it occurs
|
Intrusion detection system (IDS)
|
|
- can use different methodologies for monitoring for attacks
- can be installed on either local hosts or networks - an intrusion prevention system (IPS) |
Intrusion detection system (IDS)
|
|
Compares current detected behavior with baseline
|
Anomaly-based monitoring
|
|
Looks for well-known attack signature patterns
|
Signature-based monitoring
|
|
Detects abnormal actions by processes or programs and alerts user who decides whether to allow or block activity
|
Behavior-based monitoring
|
|
Uses experience-based techniques
|
Heuristic monitoring -
|
|
Software-based application that runs on local host computer that can detect an attack as occurs
|
Host-based intrusion detection system (HIDS)
|
|
relies on agents installed directly on system being protected
|
HIDS
|
|
- System calls
- File system access - System registry settings - Host input/output |
Monitors
|
|
- Cannot monitor network traffic that does not reach local system
- All log data is stored locally - Resource-intensive and can slow system |
Disadvantages of HIDS:
|
|
Watches for attacks on network. May use one or more of the evaluation techniques
|
Network intrusion detection system (NIDS) -
|
|
gather information and report back to central device
|
NIDS sensors installed
|
|
Monitors to detect malicious activities like IDS does but also attempts to prevent them by stopping attack
|
Intrusion prevention system (IPS)
|
|
Similar to active NIDS that monitors network traffic to immediately react to malicious attack
|
Network intrusion prevention system (NIPS)
|
|
Knows information like applications and operating systems so that can provide higher degree of accuracy
|
Application-aware IPS
|
|
Major differences between a NIDS and a NIPS is location:
|
- NIDS has sensors that monitor traffic entering and leaving firewall, and reports back to central device for analysis
- NIPS would be located “in line” on firewall itself to allow NIPS to more quickly take action to block attack |
|
Security product that combines several security functions
|
Unified Threat Management (UTM)
|
|
- Because different types of network security hardware each provide a different defense, network may require multiple devices for comprehensive protection
- Makes cumbersome to manage multiple devices |
Unified Threat Management (UTM) Security Appliances
|
|
- Antispam and antiphishing
- Antivirus and antispyware - Bandwidth optimization - Content filtering - Encryption - Firewall - Instant messaging control - Intrusion protection - Web filtering |
UTM functions:
|
|
Network technologies can also help to secure network
|
Two technologies:Network address translation Network access control
|
|
Allows private IP addresses to be used on public Internet
|
Network address translation (NAT)
|
|
Variation of NAT that outgoing packets given same IP address but different TCP port number
|
Port address translation (PAT)
|
|
Replaces private IP address withpublic address as leaves network and vice versa when returns
|
Port address translation (PAT)
|
|
Advantages of NAT:
|
- Masks IP addresses of internal devices
- Allows multiple devices to share smaller number of public IP addresses |
|
Examines current state of system or network device before allowing network connection
|
Network access control (NAC) -
|
|
Device must meet set of criteriaIf not met, NAC allows connection to quarantine network until deficiencies corrected
|
Network Access Control (NAC)
|
|
- Demilitarized zones
- Subnetting - Virtual LANs - Remote access |
Elements of a secure network design
|
|
Separate network located outside secure network perimeter
|
Demilitarized zone (DMZ)
|
|
- Untrusted outside users can access DMZ but not secure network
- Most secure approach is have two firewalls |
Demilitarized zone (DMZ)
|
|
- IP address split anywhere within its 32 bits
|
Subnetting or subnet addressing
|
|
Split between the network and host portions on the boundaries between the bytes
|
Classful addressing
|
|
with network address and host address
|
IP addresses are 32-bit (4-byte) addresses
|
|
- Single network into multiple smaller subnets in order to isolate groups of hosts
- Allows network administrators to hide the internal network layout |
Subnets also can improve network security:
|
|
Each network can contain several subnets,
|
and each subnet connected through different routers can contain multiple hosts
|
|
Segment network by separating devices into logical groups
|
Virtual LAN (VLAN)
|
|
allows scattered users to be logically grouped together even though physically attached to different switches
|
VLAN
|
|
can be isolated so sensitive data is transported only to members of the VLAN
|
VLANs
|
|
Working away from the office commonplace today:
|
- Telecommuters
- Traveling sales representatives - Traveling workers |
|
- Strong security for remote workers must be maintained
- Transmissions are routed through networks not managed by the organization |
Remote Workers
|
|
Any combination of hardware and software that enables remote users to access local internal network
|
Remote access
|
|
provides remote users with same access and functionality as local users through VPN or dial-up connection
|
Remote access |
|
support for remote connection and logon and then displays the same network interface as the normal network
|
Service includes |