Term
| Layered Security OR Defense In Depth |
|
Definition
| Using multiple types of security devices to protect a network. |
|
|
Term
|
Definition
| Device or software that captures packets in order to decode and analyze them. |
|
|
Term
|
Definition
| Network layer that a hub operates at? |
|
|
Term
|
Definition
| Network layer that a switch operates at? |
|
|
Term
|
Definition
| Allows a network administrator to copy port traffic to a designated monitoring port (mirror port) in order to monitor the network traffic. |
|
|
Term
| Network Tap (Test Access Point) |
|
Definition
| Network traffic monitoring method that involves installing a separate monitoring hardware device to the network. |
|
|
Term
|
Definition
| Network layer that a router operates at? |
|
|
Term
| Load Balancing/Load Balancer |
|
Definition
| Technology that helps to evenly distribute traffic across a network./Software or hardware device that performs this function. |
|
|
Term
| Transport (Layer 4) OR Application (Layer 7) (Depends on the specific device) |
|
Definition
| Network layers that a load balancer operates at? |
|
|
Term
|
Definition
| A special proxy server that knows the application protocols that it supports. |
|
|
Term
|
Definition
| Proxy server that routes incoming requests to the correct server. |
|
|
Term
| Application-Aware Firewall OR Next-Generation Firewall (NGFW) |
|
Definition
| An intelligent firewall that makes decisions based on identifying the applications that are sending packets, rather than filtering packets based only on the packet protocol or port. |
|
|
Term
|
Definition
| A dedicated virtual private network hardware device which aggregates a large number of VPN connections. |
|
|
Term
|
Definition
| A device that filters web-based traffic and can block malicious content in real time. |
|
|
Term
| Intrusion Detection System (IDS) |
|
Definition
| A device or application that detects an attack as it occurs. |
|
|
Term
|
Definition
| Monitoring method designed for detecting statistical anomalies by detecting significantly deviating behavior as compared to a baseline of compiled normal activities. |
|
|
Term
| Signature-based Monitoring |
|
Definition
| Monitoring method that compares network activities to an updated database of predefined signatures. |
|
|
Term
| Behavior-based Monitoring |
|
Definition
| Monitoring method that continuously analyzes normal processes and programs, and alerts the user if abnormal actions are detected. |
|
|
Term
|
Definition
| Monitoring method that uses uses an algorithm to determine the existence of a threat. |
|
|
Term
| Host-based Intrusion Detection System (HIDS) |
|
Definition
| Intrusion detection software that runs on a local host computer that can detect an attack as it occurs. This application typically monitors system calls, file system access, system registry settings, and host i/o. |
|
|
Term
| Network Intrusion Detection System (NIDS) |
|
Definition
| Intrusion detection application installed on network devices that watches for attacks on the network and reports the information it gathers to a central device and performs specified actions as necessary. |
|
|
Term
|
Definition
| Intrusion detection system capable of using contextual knowledge, such as information about the OS or running applications, in real time. |
|
|
Term
| Intrusion Prevention System (IPS) |
|
Definition
| A device or application that monitors in order to detect malicious activities, as well as attempts to prevent attacks by stopping them. |
|
|
Term
| Network Intrusion Prevention System (NIPS) |
|
Definition
| Intrusion prevention system installed on a network device that monitors network traffic in order to immediately react to a malicious attack. |
|
|
Term
|
Definition
| Intrusion prevention system capable of using contextual knowledge, such as information about the OS or running applications, in real time in order to provide a higher degree of accuracy about potential attacks. |
|
|
Term
| Unified Threat Management (UTM) |
|
Definition
| Multipurpose security appliance that provides a range of various security functions that can include: antivirus/malware/spyware, antispam/phishing, content/web filtering, firewall, encryption, intrusion protection, and other functions. |
|
|
Term
| Network Address Translation (NAT) |
|
Definition
| Technique that allows a private IP address (such as those in the 10.0.0.0, 172.16.0.0, and 192.168.0.0 ranges) to be used on a public network such as the internet. |
|
|
Term
| Port Address Translation (PAT) |
|
Definition
| Technique that allows a single public IP address to be assigned to multiple users by assigning different TCP port numbers to the same IP address. |
|
|
Term
| Network Access Control (NAC) |
|
Definition
| A technique that examines the current state of a system or network device before it is allowed to connect to the network. Devices that do not meet the specified criteria are only allowed to connect to a separate quarantine network, rather than the normal network. |
|
|
Term
|
Definition
| A separate network that rests outside of a secure network perimeter. Untrusted users are only allowed to access this network, and cannot access the secure network. |
|
|
Term
| Network, Subnet, and Host |
|
Definition
| The three parts of a subnet? |
|
|
Term
| Internet Control Message Protocol (ICMP) |
|
Definition
| Low level TCP/IP protocol that handles communication between devices such as for informational, testing, or error feedback purposes. It contains four fields: type, code, checksum, and message body. |
|
|
Term
|
Definition
| Type of attack that sends ICMP requests such as echo requests or address mask requests, in order to gain information about the network. |
|
|
Term
|
Definition
| Attack that involves a ping request being sent to all computers on the network, but the attacker masks the requesting address to make it appear to be another system such as the server. The pinged computers then respond to the request at once, causing the targeted system to have instability issues. |
|
|
Term
|
Definition
| An attack that involves sending an ICMP redirect packet to the target which asks the host to send its packets to another router, which is an intentionally malicious device. |
|
|
Term
|
Definition
| An attack that involves sending a malformed, unusually large sized ping request in order to cause the target to crash. |
|
|
Term
| Simple Network Management Protocol (SNMP) |
|
Definition
| Protocol used to manage network equipment that allows administrators to remotely monitor, manage, and configure devices on the network. |
|
|
Term
|
Definition
| A password required in order to access administrative functions of a SNMP-managed device. |
|
|
Term
(1) BIND (Berkeley Internet Name Domain)
(2) DNSSEC (Domain Name System Security Extensions) |
|
Definition
(1) DNS server software that makes DNS servers less trusting of information given to them by other DNS servers in order to reduce risk of attacks
(2) DNS server software that allows DNS information to be digitally signed in order to avoid forged DNS information |
|
|
Term
|
Definition
| An attack that involves requesting a zone transfer from a DNS server in order to gain information about the DNS server's internal network. |
|
|
Term
| Trivial File Transfer Protocol (TFTP) |
|
Definition
| FTP-like protocol that uses a small amount of memory and has limited functionality, and is often used for the automated transfer of configuration files between devices. |
|
|
Term
|
Definition
| Protocol that, using two TCP ports, uses FTP along with either SSL (Secure Sockets Layer) or TLS (Transport Layer Security) to encrypt commands sent over the control port (port 21) in an FTP session. |
|
|
Term
|
Definition
| Protocol that, using a single TCP port, encrypts and compresses all data and commands sent using FTP. |
|
|
Term
| Secure Copy Protocol (SCP) |
|
Definition
| Enhanced version of the RCP (Remote Copy Protocol) used primarily on *nix platforms to encrypt files and commands in order to securely transport files. |
|
|
Term
| Storage Area Network (SAN) |
|
Definition
| A dedicated network storage facility that provides access to data storage over a high-speed network. |
|
|
Term
(1) Fibre Channel (FC)
(2) Fibre Channel Over Ethernet (FCoE) |
|
Definition
(1) High-speed storage network protocol that can transmit up to 16 gigabits per second.
(2) A variation of FC that that encapsulates FC frames over Ethernet networks. |
|
|
Term
| iSCSI (Internet Small Computer System Interface) |
|
Definition
| An IP-based storage networking standard for linking data storage facilities. |
|
|
Term
|
Definition
| Two older protocols that contain many vulnerabilities and, in most cases, should be disabled for security purposes? |
|
|
Term
|
Definition
| The process of administration that relies on following procedural and technical rules. |
|
|
Term
(1) Procedural Rules
(2) Technical Rules |
|
Definition
Types of network security administration rules:
(1) The authoritative and prescribed direction for conduct - both external (legal rules) and internal (company policies/procedures)
(2) Security rules configured within a system or software (ex. firewall configuration) |
|
|
Term
|
Definition
| Controls a device’s tolerance for unanswered service requests and helps to prevent a DoS attack. Commonly found in firewalls, IDS, and IPS. |
|
|
Term
(1) Security Log
(2) Access Log
(3) Audit Log
(4) Event Log |
|
Definition
Types of logs:
(1) Reveals attacks that are being directed at the network and whether those attacks are successful.
(2) Provides details regarding requests for specific files on a system.
(3) Records which user performed an action and what the action was.
(4) Documents unsuccessful events and significant successful events. |
|
|
Term
|
Definition
| Technique that uses IEEE 802.1d (STA - Spanning-tree Algorithm) to prevent broadcast storms (a network flooding problem caused by a switching loop due to network devices repeatedly sending broadcast messages in search of the destination of a packet whose destination is unknown) |
|
|
Term
(1) Software as a Service (SaaS)
(2) Platform as a Service (PaaS)
(3) Infrastructure as a Service (IaaS) |
|
Definition
Three cloud computing services models:
(1) Applications running on a cloud infrastructure that can be accessed remotely rather than needing to be installed and configured on the user's local machine.
(2) Cloud infrastructure service that deploys applications to be installed and configured by the user on their local machine.
(3) Cloud infrastructure service that allows users to deploy and install their own software, including operating systems. |
|
|
Term
(1) Piconet
(2) Scatternet |
|
Definition
(1) Bluetooth network topology consisting of multiple Bluetooth devices that have automatically connected to each other. One device serves as the master and one or more other devices serve as an active slave or a parked slave.
(2) A group of piconets. |
|
|
Term
|
Definition
| Attack that sends unsolicited messages to Bluetooth devices. |
|
|
Term
|
Definition
| Attack that accesses unauthorized information from a wireless device via Bluetooth. |
|
|
Term
| Near Field Communication (NFC) |
|
Definition
| Standard used to establish communication between devices in close proximity. |
|
|
Term
(1) An antenna and radio transmitter/receiver
(2) Special bridging software used to interface wireless devices
(3) A wired network interface used to connect to a wired network |
|
Definition
| Three major parts of an AP? |
|
|
Term
|
Definition
| Unauthorized AP that allows the attacker to bypass most network security configurations and opens the network to attacks. |
|
|
Term
|
Definition
| AP set up by an attacker for malicious purposes that is designed to mimic a legitimate AP so that a user may unknowingly connect to it instead of the real AP. |
|
|
Term
|
Definition
| Man-in-the-middle attack in which the attacker captures data that is being transmitted, records it, and sends it to the original recipient without the attacker's presence being detected. |
|
|
Term
|
Definition
| An attack in which an attacker intentionally floods the RF spectrum with extraneous RF signal “noise” that creates interference and prevents communications from occurring. |
|
|
Term
| Initialization Vector (IV) |
|
Definition
| A 24-bit value used in WEP that changes each time a packet is encrypted. |
|
|
Term
| Wi-Fi Protected Setup (WPS) |
|
Definition
| A method of configuring security on WLANs that is designed for users with little to no knowledge of WLAN security. It consists of either typing in a PIN or pressing a button on the device, and the device will automatically configure its security settings. |
|
|
Term
(1) Organizationally Unique Identifier (OUI) OR Company ID
(2) Individual Address Block (IAB) |
|
Definition
(1) The first 24 bits of a MAC address which references the company that produced the hardware
(2) The last 24 bits of a MAC address, which is unique to that particular piece of hardware |
|
|
Term
| Temporal Key Integrity Protocol (TKIP) |
|
Definition
| Encryption technology that functions as a wrapper around WEP by adding an additional layer of security while still serving WEP's basic functionality. |
|
|
Term
|
Definition
| A value that has been shared via communication between parties that only have approved devices. It must be entered manually in order to access the WLAN. |
|
|
Term
|
Definition
| AP which uses a web browser both to present information to the user about the AP, and to authorize the user in order to access the AP. |
|
|
Term
|
Definition
| An in-depth analysis of a WLAN site. |
|
|
Term
(1) To act as the base station for the wireless network.
(2) To act as a bridge between wired and wireless networks. |
|
Definition
| Two basic functions of an AP? |
|
|
Term
|
Definition
| Process in which a wireless device looks for beacon frames. |
|
|
