Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
6 Cards in this Set
- Front
- Back
|
Protocols |
TCP/IP |
|
|
Physical Devices |
Firewalls -- INCLUDING PROXY FIREWALLS, WHICH ARE NOT THE SAME AS PROXY SERVERS!! Routers |
|
|
Threats/Attacks |
SYN flood -- DoS created by unending succession of SYN requests to target system Fraggle Attack -- DoS created by unending amount of spoofed UDP traffic to router's broadcast address Land Attack -- Layer 4 DoS create by setting source and destination inforation fo a TCP segment to be the same TearDrop Attack -- DoS created by sending framented packets to the target. Can't reassemble, so overlap and crash the network device. |
|
|
Remote communications |
satellite, cable |
|
|
Secure Design Features |
Bastion Host -- Facing the Internet, hardened/exposed. Anything facing the Internet can be a b. h. Screened Subnet -- creation of another firewall/filter (Harris, p. 646) Proxy server -- outbound or inbound, can mask a client's identity. NOT THE SAME AS A PROXY FIREWALL!! Honeypots -- creates an attractive system for bad people to try and access, at which point they are detected, but not trapped (vs. tarpits). |
|
|
Firewalls |
Stateless -- agnostic WRT traffic patterns or data flows, they block or restrict packets based on source/destination values like addresses. But they use the simplest rule-sets (that don't account for the possibility that a packet might be received pretending to be something else) to characterize traffic. Faster, less expensive Stateful -- can tell whether a TCP connection is in a particular state -- e.g., open, synched, acked or established -- or whether a packet has been fragmented or if the maximum transmission unit (MTU) has changed. Aware of paths, can implement IPSec-like functions (tunnels/encryption, e.g.) Slower, more secure. |
