Term
| Time Division (definition) |
|
Definition
1. Data is transmitted inside fixed period frames, each circuit is allocated a fixed subset of the time slots in each frame. Connection ID and routing information is provided implicitely by the timeslotID that a datum is transmitted in.
2. The transmission capacity of a link is partition into a fixed number of circuits, each of them havin a fixed rate; unused capacity in one circuit cannot be used by other circuits. |
|
|
Term
| Time Division (pros and cons) |
|
Definition
Pros: Simple.
Cons: wasteful in transmission capacity, especially when actual rate of connections varies widely with time. |
|
|
Term
| Packet Switching (definition) |
|
Definition
Non-periodic multiplexing of packets, on a demand basis; each packet carries its own source and destination (connection) ID, and can be stored and forwarded at any later time.
Transmission capcity of a link is shared among all flows that pass through it, on a demand basis; any capacity that is not used by one flow can be used by another. |
|
|
Term
| Packet Switching (pros and cons) |
|
Definition
Pros: No waste of transmission capacity.
Cons: More complicated. Dynamic control (per packet), rather than status (at connection setup) is needed. Unpredictability of traffic, leading to contention for resources. |
|
|
Term
Open Systems Interconnection model (OSI model) (definition) |
|
Definition
A prescription of characterizing and standardizing the functions of a communications system in terms of abstraction layers. Similar communication functions are grouped into logical layers. An instance of a layer provides services to its upper layer instances while receiving services from the layer below. |
|
|
Term
| Open Systems Interconnection model (OSI model) (layers) |
|
Definition
7. Application - All
6. Presentation - people
5. Session - seem
4. Transport - to
3. Network - need
2. Data Link - data
1. Physical - processing |
|
|
Term
| OSI Model: Application Layer |
|
Definition
Resonsible for User application services.
Data type: user data
Scope: application data
Examples: FTP; http; telnet; Simple Mail Transfer Protocol (SMTP) |
|
|
Term
| OSI Model: Presentation Layer |
|
Definition
Responsible for data translation; compresion and encryption.
Data type: encoded user data
Scope: application data representations.
Example: SSL; shells and redirectors; Multipurpose Internet Mail Extensions (MIME) |
|
|
Term
|
Definition
Session Establishment; management and termination.
Data type: sessions
Scope: sessions between local or remote devices.
Example: sockets; named pipes; remote procedure call (RPC) |
|
|
Term
| OSI Model: Transport Layer |
|
Definition
Responsible for process-level addressing; multiplexing/demultiplexing; connections; segmentation and reassembly; acknowledgements and retransmissions; flow control.
Data type: datagrams/segments
Scope: communication between software processes.
Examples: TCP and User Datagram Protocol (UDP) |
|
|
Term
|
Definition
Logical addressing; routing; datagram encapsulation; fragmentation and reassembly; error handling and diagnostics.
Data type: datagrams/packets
Scope: message between local or remote devices.
Example: IP |
|
|
Term
| OSI Model: Data Link layer |
|
Definition
Logical link control; media access control; data framing; addressing; error detection and handling; defining requirements of physical layer.
Data type: frames
Scope: low-level data messages between local devices.
Examples: IEEE standards; ethernet; Asynchronous Transfer Mode (ATM) |
|
|
Term
| OSI Model: Physical layer |
|
Definition
Encoding and signaling; physical data transmission; hardware specifications; topology and design.
Data type: bits
Scope: electrical or light signals sent between local devices.
Examples: Physical layers of techs listed under data link layer.
|
|
|
Term
| Transmission Control Protocol (TCP) |
|
Definition
A communication service at an intermediate level between an application program and the Internet Protocol (IP). That is, when an application program desires to send a large chunk of data across the Internet using IP, instead of breaking the data into IP-sized pieces and issuing a series of IP requests, the software can issue a single request to this protocol and let it handle the IP details.
Note: It is optimized for accurate delivery rather than timely delivery. |
|
|
Term
|
Definition
| The principal communications protocol used for relaying datagrams (packets) across an internetwork. Responsible for routing packets across network boundaries, it is the primary protocol that establishes the Internet. |
|
|
Term
|
Definition
| A method by which multiple analog message signals or digital data streams are combined into one signal over a shared medium. |
|
|
Term
| Internet Protocol Security (IPSec) |
|
Definition
| A protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. It also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. |
|
|
Term
|
Definition
1. Authentication Headers (AH)
2. Encapsulating Security Payloads (ESP)
3. Security Associations (SA) |
|
|
Term
| IPSec Architecture: Authentication Header (AH) |
|
Definition
Guarantees connectionless integrity and data origin authentication of IP packets. Further, it can optionally protect against replay attacks by using the sliding window technique and discarding old packets.
Note: Operates directly on top of IP, using IP protocol number 51. |
|
|
Term
| IPSec Architecture: Encapsulating Security Payload (ESP) |
|
Definition
Provides origin authenticity, integrity, and confidentiality protection of packets. It also supports encryption-only and authentication-only configurations, but using encryption without authentication is strongly discouraged because it is insecure.
Note: Operates directly on top of IP, using IP protocol number 50. |
|
|
Term
|
Definition
| Only the payload (the data you transfer) of the IP packet is usually encrypted and/or authenticated. The routing is intact, since the IP header is neither modified nor encrypted; however, when the authentication header is used, the IP addresses cannot be translated, as this will invalidate the hash value. |
|
|
Term
|
Definition
| The entire IP packet is encrypted and/or authenticated. It is then encapsulated into a new IP packet with a new IP header. It is used to create virtual private networks for network-to-network communications (e.g. between routers to link sites), host-to-network communications (e.g. remote user access), and host-to-host communications (e.g. private chat). |
|
|
Term
|
Definition
| A version of the Internet Protocol (IP) designed to succeed the Internet Protocol version 4 (IPv4). The most important feature is a much larger address space than in IPv4, i.e., 128 bits, compared to 32 bits in IPv4. Additionally, IPsec support is mandatory. |
|
|
Term
|
Definition
Acts by inspecting the "packets" which transfer between computers on the Internet. If a packet matches the packet filter's set of rules, the packet filter will drop (silently discard) the packet, or reject it (discard it, and send "error responses" to the source). Note: Filters each packet based only on information contained in the packet itself most commonly using a combination of the following information:
1. Source
2. Destination
3. Protocol
4. Port |
|
|
Term
|
Definition
Routes advertised by neighboring
networks are purposely ignored (e.g.
internal or unregistered addresses). |
|
|
Term
|
Definition
Routes internally generated are
purposely hidden (e.g. internal network
address translations for Internet-facing
interfaces). |
|
|
Term
|
Definition
| A type of filter that regards the placement of each individual packet within the packet series. Also, it maintains records of all connections passing through the firewall and is able to determine whether a packet is the start of a new connection, a part of an existing connection, or is an invalid packet. Though there is still a set of static rules in such a firewall, the state of a connection can itself be one of the criteria which trigger specific rules. Furthermore, such filters can have intelligence for storing all related packets and search for any malicious code in data section of all packets when packets are combined. |
|
|
Term
| Application Layer Filtering |
|
Definition
| Works on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and may intercept all packets traveling to or from an application. They block other packets (usually dropping them without acknowledgment to the sender). In principle, they can can prevent all unwanted outside traffic from reaching protected machines. |
|
|
Term
|
Definition
| Networks are often devided up into smaller regions with different security policies. Zones map to system functions. |
|
|
Term
| Virtural Private Network (VPN) |
|
Definition
A network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network. Note: They typically require remote users of the network to be authenticated, and often secure data with encryption technologies to prevent disclosure of private information to unauthorized parties.
Can be implemented via the Tunneling mode of Internet Protocol Security (IPSec). |
|
|
Term
| Radio Frequency Identification (RFID) |
|
Definition
| A technology that uses radio waves to transfer data from an electronic tag, attached to an object, through a reader for the purpose of identifying and tracking the object. Some tags can be read from several meters away and beyond the line of sight of the reader. |
|
|
Term
| Wireless Intrusion Detection |
|
Definition
1. Algorithms for detection of wireless energy
2. measurement of total signal power
appearing in small frequency sub-bands
3. algorithms to determine the geospatial
coordinates of the detected wireless device
|
|
|
Term
| intrusion detection system (IDS) |
|
Definition
| A device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. |
|
|
Term
| What transport layer protocol does VoIP use? Vulnerabilities? |
|
Definition
User Datagram Protocol (UDP), so no concept of session, i.e., susceptible to flood attacks.
Note: Also, susceptible to eavesdropping,
reply, caller-id spoofing, and man-in-the
middle. Secured via isolation. |
|
|
Term
| Network Time Protocol (NTP) |
|
Definition
| A protocol and software implementation for synchronizing the clocks of computer systems over packet-switched, variable-latency data networks. Allows devices to synchronize time to central server so log entries match. Required for highspeed transaction tracing. |
|
|
Term
|
Definition
A file system that acts as a client for a remote file access protocol, providing access to files on a server.
- Host or storage device-based technology.
- Device sharing command usually allow permission at share level over and aboe file level.
Examples: UNIX Network File System (NFS); Windows File share; File Transfer Protocol (FTP) |
|
|
Term
|
Definition
• List-based configuration per host, converts
node names to network addresses
• Servers susceptible to impersonation via list
corruption or network redirection |
|
|
Term
|
Definition
| A telecommunication network that covers a broad area (i.e., any network that links across metropolitan, regional, or national boundaries). |
|
|
Term
| Wide Area Network (WAN) Security Considerations |
|
Definition
• Redundancy
• Alternative Routing
• Diverse Routing
• Long Haul Network Diversity
• “Last Mile” Circuit Protection
• Voice Recovery |
|
|
Term
| Netword Security Management considerations |
|
Definition
• Zone Architecture
• Configuration Audit
• Segregation of Duties
• Monitor FCAP – Fault, Configuration,
Accounting, Performance |
|
|
Term
| Cload Networks: Infrastructure as a Service (IaaS) (definition) |
|
Definition
| Delivers computer infrastructure – typically a platform virtualisation environment – as a service, along with raw (block) storage and networking. Rather than purchasing servers, software, data-center space or network equipment, clients instead buy those resources as a fully outsourced service. Suppliers typically bill such services on a utility computing basis; the amount of resources consumed (and therefore the cost) will typically reflect the level of activity |
|
|
Term
| Infrastructure as a Service (Iaas): To Be Considered |
|
Definition
| Options to minimuze the impact if the cloud provider has a service interruption. |
|
|
Term
| Platform as a Service (Paas) (definition) |
|
Definition
A category of cloud computing services that provide a computing platform and a solution stack as a service. Facilitates the deployment of applications without the cost and complexity of buying and managing the underlying hardware and software and provisioning hosting capabilities, providing all of the facilities required to support the complete life cycle of building and delivering web applications and services entirely available from the Internet.
Offerings may include facilities for application design, application development, testing, deployment and hosting as well as application services such as team collaboration, web service integration and marshalling, database integration, security, scalability, storage, persistence, state management, application versioning, application instrumentation and developer community facilitation. |
|
|
Term
| Platform as a Service (Paas) (To be Considered) |
|
Definition
1. Availability.
2. Confidentiality.
3. Privacy and legal liability in the event of a security breach (as databases housing sensitive information will not be hosted offsite).
4. Data ownership.
5. concerns around e-discovery. |
|
|
Term
| Software as a Service (Saas) (definition) |
|
Definition
| A software delivery model in which software and its associated data are hosted centrally (typically in the (Internet) cloud) and are typically accessed by users using a thin client, normally using a web browser over the Internet. |
|
|
Term
| Software as a Service (Saas) (To Be Considered) |
|
Definition
1. Who owns the applications?
2. Where do the applications reside? |
|
|
Term
| Private Cloud (description of infrastructure) |
|
Definition
1. Operated solely for an organization
2. May be managed by the organization or a third party.
3. May exist on-premise or off-premise. |
|
|
Term
| Private Cloud (To Be Considered) |
|
Definition
1. Provides Cloud services with minimum risk.
2. May not provide the scalability and agility of public cloud services. |
|
|
Term
| Community cloud (description of infrastructure) |
|
Definition
1. Shared by several organizations.
2. Supports a specific community that has a shared mission or interest.
3. May be managed by the organizations or a third party.
4. May reside on-premise or off-premiss. |
|
|
Term
| Community Cloud (To Be Considered) |
|
Definition
1. Same as private cloud, plus:
2. Data may be stored with the data of competitors. |
|
|
Term
| Public Cloud (description of infrastructure) |
|
Definition
1. Made available to the general public or a large industry group.
2. Owned by an organization selling cloud services. |
|
|
Term
| Public Cloud (To Be Considered) |
|
Definition
1. Same as community cloud, plus:
2. Data may be stored in unknown locations and may not be easily retrievable. |
|
|
Term
| Hybrid Cloud (Description of Infrastructure) |
|
Definition
| A composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardizaed or proprietary technology that enables data and applciations portability (e.g., cloud bursting for load balanacing between clouds). |
|
|
Term
| Hybrid Cloud (To Be Considered) |
|
Definition
1. Aggregate risk of merging defferent deployment models.
2. Classification and labeling of data will be beneficial to the security manager to ensure that data are assigned to the correct cloud type. |
|
|
