Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
25 Cards in this Set
- Front
- Back
physical design process |
technologies supporting the information security blueprint, identifies complete technical solutions, designs physical security measures, and prepares project plans for the implementation phase |
|
firewall |
prevents specific types of information from moving between the outside world/untrusted network and the inside world/trusted network; may be a separate computer system, a software service running on an existing router or server, or a separate network containing a number of supporting devices |
|
small office/home office (SOHO) |
connect the user's local network or a specific computer system to the internet/networking device |
|
best practices for firewalls |
- all traffic from the trusted network is allowed out - the firewall device is never directly accessible form the public network for configuration or management purposes - simple mail transport protocol data is allowed to enter through the firewall but routed to a filter - all internet control message protocol data should be denied - telnet access to all internal servers from the public networks should be blocked - when web services are offered outside the firewall, HTTP traffic should be blocked from internal networks - all data that is not verifiably authentic should be denied |
|
content filters |
a software filter that allows administrators to restrict access to content from within a network |
|
war dialer |
an automatic phone-dialing program that dials every number in a configured range and checks to see if a person, answering machine, or modem |
|
kerberos |
an authentication system that can provide secure 3rd-party authentication; uses symmetric key encryption to validate a user to various network resources; keeps a database of private keys/encrypted passwords |
|
VPN |
a private and secure network connection between systems that uses the data communication capability of an unsecured and public network |
|
encapsulation |
the native protocol of the client is embedded within the frames of a protocol that can be routed over the public network and be usable by the server network environment |
|
encryption |
keeps the data contents private while in transit over public network, but is still usable by the client and server computers and/or the local networks |
|
authentication |
the remote computer and the remote user are allowed to perform specific actions, predicated on accurate and reliable identification of the remote system and/or user |
|
tunnel mode |
established 2 perimeter tunnel servers that encrypt all traffic on an unsecured network; the entire client packet is encrypted and added as the data portion of a packet addressed from 1 tunneling server to another, then the receiving server decrypts it and sends it to the final address; reveals nothing about the true destination system |
|
proxy server |
a server that is configured to look like a Web server and performs action on behalf of that server to protect it from hacking |
|
packet filtering |
examines the header information of data packets that come into a network |
|
application gateway/application firewall |
frequently installed on a dedicated computer, separate from the filtering router, although it is commonly used in conjunction with a filtering router |
|
circuit gateway |
operates at the transport layer and prevent direct connections between one network and another |
|
MAC layer |
designed to operate at the media access control layer of the OSI network model; can consider the specific host computer's identity in its filtering decisions |
|
hybrid processing mode |
combines the elements of other types of firewalls, such as packet filtering and proxy services or circuit gateways |
|
packet filtering routers |
rejects packets that the organization does not want to allow into the network |
|
screened host firewalls |
combine the packet-filtering router with a separate, dedicated firewall, allowing the router to prescreen packets to minimize network traffic and load internal proxy |
|
dual-homed host firewalls |
the bastion host contains 2 NICs , which makes all traffic physically go through the firewall to move between internal and external networks |
|
screened subnet firewalls (with DMZ) |
the dominant architecture used today; DMZ can be a dedicated port on the firewall device linking a single bastion host provided by the screened subnet firewalls |
|
trusted VPN |
uses leased circuits form a service provider and conducts packet switching over these leased circuits |
|
secure VPN |
uses security protocols and encrypts traffic transmitted across unsecured public networks like the Internet |
|
hybrid VPN |
combines trusted and secure VPNs, providing encrypted transmissions over some or all of a trusted VPN network |