Shared Flashcard Set

Details

CompTIA Sec+ 2.1
Technologies and Tools Install and configure network components
64
Computer Science
Professional
11/11/2018

Additional Computer Science Flashcards

 


 

Cards

Term
Firewall Types
Definition
Packet Filter
Stateful Packet Inspection
Application NGFW
Term
Stateful Packet Inspection Firewall
Definition
Examines packet and keeps packet table of every communication channel.
SPI tracks the entire conversation
-only packets from known active connections are allowed
Term
First Stateful inspection firewall
Definition
Check Point Software, Firewall-1 in 1994.
Term
WAF (Web Application Firewall)
Definition
-OSI Layer 7
-Analyzes Traffic to web servers and prevents common attacks:
-SQL Injection
-XSS (Cross Site Scripting)
-Forged HTTP requests
Term
Five well known WAF vendors
Definition
Cisco
Citrix
Barracuda
F5
eEye
Term
Packet Filter Firewall
Definition
Firewall that simply uses ACL's to block or allow ports and IP addresses
Term
VPN
Definition
Two components:

The Tunnel
Encrypted data that passes through the tunnel.
Term
VPN
Definition
Creates private connection across a public network
Tunneling Using L2TP, PPTP, IPSec
Term
Setup a VPN connection
Definition
1. Establish Tunnel
2. Setup a connection between two end points
Term
VPN protocols for Tunnel
Definition
L2TP
PPTP
Term
VPN Encryption Method
Definition
IPSec
Term
RSA Token
Definition
Every 30 seconds the number on the token changes
Term
Two Factor
Definition
Hardware token
Term
Two VPN configurations
Definition
Point to Point, Constant, Between two concentrators (Routers)
Remote user, temporal, VPN Concentrator
Term
Authentication Header (AH)
Definition
-IPSec component performs authentication and integrity check.
-Field added to the IP packet
Term
Encapsulating Secure Payload (ESP)
Definition
-IPSec Transport Encryption
-Confidentiality and optional integrity check value (ICV)
-Adds a header, a trailer, and ICV
Term
NIDS (Network Intrusion Detection System) and NIPS (Network Intrusion Prevention System)
Definition
Used to log alert and or take action when suspicious activity occurs on the network
Term
NIPS
Definition
Active - Takes action to prevent an attack or suspicious activity
Term
NIDS
Definition
Passive - Records suspicious activity for later analysis. May provide an alert.
Term
IPS pros and cons
Definition
-Enables prevention such as blocking IP address
-False positives could block legitimate traffic.
Term
NIDS Alert
Definition
Message from the analyzer indicating an "interesting" event has occurred.
Term
NIDS Analyzer
Definition
Processes data from one or more sensors and looks for suspicious activity; either deterministic or rules based.
Term
NIDS Data Source
Definition
Raw data being analyszed - log files, audit logs, system logs, network traffic
Term
NIDS Event
Definition
-Indication that suspicious activity may have occurred. Can trigger an alert or notification.
-Confirmed activities become incidents
Term
NIDS Manager
Definition
Intrusion Detection System console
Used to manage system
Term
NIDS Notification
Definition
Process by which operator is alerted to an Event or Incident
Term
NIDS Operator
Definition
User, Admin responsible for the IDS
Term
NIDS Sensor
Definition
-Primary data collection point for the IDS
-Device driver on a system or a separate physical device attached to the network to collect data.
Term
Approaches to IDS
Definition
Behavior Based detection
Signature based detection
Anomaly detection
Heuristic
Term
Heuristic
Definition
IDS detection method that uses algorithms to analyze traffic as it passes through
Term
Anomaly
Definition
IDS Detection Method that learns what is normal and looks for deviations from baseline
Term
Signature
Definition
IDS detection method that recognizes a fingerprint or pattern and audit trails
Term
Behavior
Definition
IDS Detection that responds to variations in usage, increased traffic, policy violations, etc
Term
Passive Response
Definition
-Logging the issue
-Notifying the admin
-Shunning or ignore attack
Term
Active Response
Definition
-Issues some type of action
-Block Ports
-Reset Connections
-Configuration Changes
Term
Deception
Definition
IDS Honey Pots
Term
Snort
Definition
Most popular IDS
-open source
-runs on Linux and Windows
Real time monitoring protocol analyzer network sniffer.
Term
Two Load Balancer Types
Definition
Affinity
Round-Robin
Term
Affinity
Definition
Load balancer that makes sure the client uses the same server for the entirety of a session
Term
Round Robin
Definition
Load balancer that uses servers sequentially using next available.
Term
Active-Passive
Definition
Redundant load balancers where one is in a passive state monitoring the active balancer. It becomes the primary if the primary goes down.
Term
Active-Active
Definition
All load balancers are active. If one goes down, the service slows down.
Term
Virtual IPs
Definition
Load balancer IP for a pool of load balancers.
Term
Web Security Gateway
Definition
-Proxy Server
-URL filter
-Blocks P2P sites, file sharing sites
-Data Loss Prevention DLP
-Can Block ActiveX or Java Applets, 3rd party cookies.
-Granular access to web sites
Term
TTL
Definition
Drops packets after a period of time is expired.
Term
Data Loss Prevention (DLP)
Definition
Protects against potential breaches and exfiltration of data
-End point detection (In-use)
-Network Traffic (in Transit)
-Data Storage (at Rest)
Term
Data In Transit
Definition
Data being sent over a wired or wireless network
Term
Data at Rest
Definition
Data that is stored somewhere like USB, Network Storage, Local disk
Term
Data In Use
Definition
Data not at rest and only on one particular node on a network. In memory, swap space, temporary location to be worked on.
Term
Root Bridge
Definition
Elected Center of the network
Term
Designated Bridge
Definition
Forwarder that sends data to the Root Bridge
Term
Root Port
Definition
Port that sends data toward the root bridge.
Term
Access Point WiFi Security
Definition
-Disable SSID
-Use MAC filtering
-Always change def admin username and password
-Use strongest encryption available
-Keep AP updated with latest fw
Term
SIEM Suite
Definition
-Data Aggregation
-Correlation
-Automated alerting and triggers
-Time Sychronization
-Event deduplication
-Logs/WORM
-Leaders: IBM Security, HP, Splunk, Intel Security, Log Rhythm.
Term
NAC for MDM
Definition
-Good Messaging
-Mobile Iron
-Airwatch
Term
NAC Permanent Agent
Definition
Installed on the host device and runs continuously
Term
NAC - Dissolvable Agent
Definition
Run from a portal. User downloads the agent, it runs once then disappears
Term
NAC - Agentless
Definition
Embedded within Active Directory, verifies the host complies with access policy
Term
Mail Gateway
Definition
Spam filter
DLP
Encryption
Sits on perimeter
Scans emails in and out for the above
Term
Bridge
Definition
Joins two layer two networks - repeater
Term
SSL/TLS Accelerators
Definition
Offloads Key Encryption key exchange, etc
Term
SSL decryptor
Definition
Network monitoring tool
Exposes hidden threats
Data Exfiltration
Term
Media GAteway
Definition
Converts one protocol type to another. A translation device or service that converts media streams between disparate telecommunications technologies such as POTS, SS7, Next Generation Networks (2G, 2.5G and 3G radio access networks) or private branch exchange (PBX) systems.
Term
Network Access Control benefits
Definition
Prevents end-stations that lack antivirus, patches, or host intrusion prevention software from accessing the network and placing other computers at risk of cross-contamination
Supporting users have an ad free experience!