ST-Chapter 2

Card Set Information

Author:
slmckissack
ID:
291314
Filename:
ST-Chapter 2
Updated:
2015-02-22 15:28:31
Tags:
SavannahTech
Folders:
Chapter 2
Description:
Cards from the savannah tech course
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user slmckissack on FreezingBlue Flashcards. What would you like to do?


  1. May involve electric fences and armed guards as a part of its physical security; however, we accomplish internal computer and network security through technical means and educating computer users to protect data.
    Computer Security

    Computer security is all about controlling access to the data and resources on private computers and computer networks.
  2. What is the focus of computer security?
    Preserving the confidentiality, integrity, and availability of a system and the data and resources of that system. Confidentiality, integrity, and availability are the primary goals of computer security.
  3. Each device in a network is considered one of these?
    A host
  4. Serves as a clustering device to a group of hosts that connect via cables or a wireless connection (in which case it would be an access point).
    Hub
  5. The cables or wireless interface connecting a host to a hub (or access point) connects to a__________?
    A Network Interface Card (NIC) or a Network Adapter
  6. NOTE: In general, a NIC and a network adapter are essentially the same; the difference is that a NIC installs inside the system unit of a computer, and a network adapter is plugged into an external port of a computer. However, let's use the abbreviation "NIC" as a generic term for both types of network interfaces.
  7. On a Transmission Control Protocol/Internet Protocol (TCP/IP) network, every NIC has a unique (to the network) IP address. This is directly associated with a Media Access Control (MAC) address, which is assigned permanently to every networking device when it's manufactured. A network host communicates through its NIC, identifying other hosts by their individual IP address or MAC address.  Just to be sure you're clear on the difference between an IP address and a MAC address, look at the following examples:
     196.168.221.101 - IP Address
    00-A0-CC-34-0A-CE  - MAC Address

    An IP address contains four 8-bit octets that identify both the network address and the host address within the network. The MAC address identifies the manufacturer and the device uniquely on a global scale.
  8. The manufacturer's ID in a MAC address is also known as an ____________?
    Organizationally Unique Identifier (OUI)
  9. When the 48-bit MAC (MAC-48) address is converted into a 64-bit address for use on IPv6 networks, it becomes an __________________?
    Extended Unique Identifier (EUI-64) address.
  10. Are computing devices connected to the network media by cables or wirelessly.
    Workstations

    -Users access the network and its resources from a workstation primarily through username and password credentials. How much security is right for a particular workstation depends on the information and resources the workstation's users need to access.
  11. Confirms a user's identity and is based on something the user knows (password or PIN). something the user has (key or smartcard), or who the user is (fingerprint or voice pattern).
    Authentication
  12. is any portable computing device that connects to a network or workstation.
    Mobile Device

    -Mobile devices pose a security risk because they can be used to steal valuable data or upload malicious software.  In any network security scheme, mobile devices must be treated the same as stationary workstations.
  13. is a software program that provides services to a workstation or client.
    Server.

    -In network diagrams, as server typically appears as a single computer, and most people think of it this way. In fact, any network host, if designated as a server host, can support multiple types of servers.

    -There are many kinds of servers. Print servers allow multiple users to share a single printer. File servers and FTP servers offer files to network members. Web servers serve up Web pages to any Web browser that comes looking. Email servers act like electronic post offices, delivering messages to specific mailboxes.
  14. Is a communications device used to connect a network to the internet? May be a modem or a cable, DSL wireless bridge, or a network router.
    Internet Gateway

    -This device could be just a gateway, should it connect the network to a Wide Area Network (WAN). However, since most WAN connections are connections to the internet, we'll use Internet Gateway as our standard term for this type of device
  15. Is a network device that screens incoming packets to permit or deny access to an internal network. Can be dedicated hardware device, a software application, or a combination of the two. It uses a configured set of rules to determine which messages can pass through to the network or be denied and dropped.

    On a network, it goes between a communications point and the first device of the network it's protecting.
    Firewalls

    -Most personal computer (PC) operating systems (OS) and computer security suites, such as McAfee or Norton, include a software-based firewall that provides protection between the Internet gateway and the NIC. Firewalls can also protect a network or PC from viruses and other forms of malware.
  16. Is a networking device that forwards packets from one network to another. It is placed into a network between two or more communications links, typically at least one from an internal network and at least one from an external network.
    Router

    -When a packet arrives, a router uses historical information kept in a routing table or relies on its configured policies to forward the packet to the communications link on which it can best reach its destination.  When a router forwards a packet to another router, an internetwork is formed.  Unlike a switch or a hub, a router can apply an ACL (Access Control List) that defines the rules for which packets to permit or deny.
  17. Is essentially a switching hub that connects two segments of a network. It receives and forwards network traffic on multiple ports based on addressing and , in some models, forwarding rules. Some of these include additional buffering space to maintain the network's throughput and bandwidth.
    A network Switch
  18. is typically a software program that monitors one or more of the ports on which requests for services arrive. After the service request arrives. it forwards the request to the server or servers set up to process that request.  It also separates the requesting node from the back-end server. This provides a security benefit to the network because the it is able to prevent attacks directly on the internal network or a particular server.
    Load Balancer
  19. Is a specialized software function that serves as go-between for network clients requesting content form other servers or networks. In many respects, it is something like a traffic cop, dispatcher, and censor on a network. When a network client requests resources from an external network or perhaps an internal server, it evaluates the request using its filtering rules to determine if it should forward the request or simply drop it as unpermitted. The filtering rules are set to a particular Web address, IP address, or even a certain protocol.
    Proxy Server

    -If the proxy server permits the request to proceed, it requests the resources on behalf of the client, thereby hiding the client from the external network. A proxy server can also serve as a caching server. it caches frequently requested sites and, when users request them, responds with the content without contacting the external source.
  20. Provide content filtering and application, user, or website prioritization. It is either a software function or a dedicated network appliance, focuses on filtering out bad Web-related traffic, preventing attacks, and sequencing request to provide the fastest turnaround time for an incoming Web request.  It is a specialized function, although its services may overlap load balancing, firewalls, and to a certain extent, a proxy server.
    Web Security Gateways also called Web Gateways.
  21. Attempts to overcome the insecurity of transmitting data across the internet. It uses encryption and tunneling to create a secure, end-to-end connection on public networks, like the internet, to preserve the integrity and confidentiality of the transmitted data. Using a VPN for intro-organization communications enhances the system security.
    Virtual Private Network (VPN)
  22. applied advanced encryption and authentication techniques. Is a single-purpose device that sets up and manages remote-access or site-to site VPNs. Are most common in situations where a single devices services a large number of VPN tunnels.
    VPN concentrator
  23. A value or set of parameters used to identify a low- or high-end threshold, tolerance limit, binary (yes/no or true/false) condition, or a list of allowed or disallowed values.
    A rule (in the context of network security)

    Where rules exist is not as important as the fact that they do exist.
  24. allows administrators to define the specific criteria and decision points of the security environment.
    Rule-based security management
  25. What is it most effective for an administrator to configure rules for in a rule-based security management?
    • -Firewalls
    • -Routers
    • -Switches
    • -Possibly proxy servers and other service-oriented devices
  26. Consists of conditions and criteria for network traffic, as well, as the actions to use if the conditions are met.
    A network security rule
  27. What happens when a content-based rule is applied?
    Rule-based actions
  28. What are the three possible rule-based actions which vary depending on outcome?
    • 1. Permit
    • 2. Deny
    • 3. Log
  29. If the content meets a rule's conditions, it passed to the network.
    Permits
  30. If the content fails the rule, the packet can be denied (dropped)
    Deny
  31. A network log records the results of the rule, success or failure. It's good practice to record every test on a packet in a network log.
    Log
  32. is a software process- or protocol-specific service that redirects requests to the application, process, or service to which it is associated.
    Port
  33. maintains a list of over 65,000 ports in three groups.
    IANA (Internet Assigned Numbers Authority)
  34. What are the three port groups of the IANA?
    • -Well-known ports
    • -Registered ports
    • -Dynamic, private, and ephemeral ports
  35. (ports 0 through 1023) are registered to common protocols like HTTP (hypertext transfer protocol), SMTP (simple Mail Transfer Protocol), or POP3 (Post Office Protocol).
    Well-known ports
  36. (ports 1024 through 49151) are registered to proprietary applications and services.
    Registered ports
  37. (ports 49152 through 65535) which are unregistered ports available for temporary use.
    The third group is set aside for dynamic, private, and ephemeral ports. Ephemeral ports are temporary ports used by IP.
  38. What is the port number for DNS?
    53
  39. What is the port number for LDAP?
    389
  40. What is the port number for FTP?
    20, 21
  41. What is the port number for POP3?
    110
  42. What is the port number for HTTP?
    80
  43. What is the port number for PPTP?
    1723
  44. What is the port number for HTTPS?
    443
  45. What is the port number for SMTP?
    25
  46. What is the port number for IMAP?
    143
  47. What is the port number for SNMP?
    161
  48. What is the port number for KERBEROS?
    88
  49. What is the port number for SSH?
    22
  50. What is the port number for L2TP?
    1701 (UDP)
  51. What is the port number for TACACS?
    49
  52. What is the port number for IPsec?
    1293
  53. What is the port number for ISAKMP?
    500 (UDP)
  54. A firewall opens (permits) or closes (denies) well-known ports using rule-based actions. An improperly configured firewall may inadvertently block access to needed services. So, the first step is to implementing a firewall is to develop this?
    A firewall policy.

    This policy should include a list of all ports that are to remain open to provide necessary services.
  55. Note: It's unnecessary to leave a port entirely open or closed. A port may be open for inbound connections only, outbound connections only, or both. In most cases, a port should be open in both directions for a common service to operate correctly through a well known port.
  56. This type of firewall monitors the message streams that arrive on any of its ports to verify that a packet is legitimate to the connection (port). The firewall drops any packet that doesn't match the action or application linked to the port.
    A Stateful inspection
  57. What are the primarily three types of stateful inspections performed by the firewall?
    • -Packet filter (common router)
    • -Circuit-level gateway
    • -Application-level gateway (proxy gateway)
  58. control traffic using the information in a packet's header, which includes a requested port number, the source and destination IP address, and protocol that made up the packet. This type of firewall operates on the Network layer (Layer 3) of OSI reference model.
    Packet Filter
  59. This type of firewall monitors traffic in an ongoing session between a trusted host and an external host.
    Circuit-level gateway

    -Circuit-level gateway firewalls operate on the Session layer (layer 5) of the OSI model.
  60. Controls access on the Application layer of the OSI model and filters traffic based on user account privileges, group memebership, and the application program in use.
    Application-level gateway (proxy gateway)
  61. helps extend the effectiveness of the network security devices, such as the firewall, router, and proxy server. Tools that perform packet analysis or spam or content filtering help to detect and prevent security events.
    Monitoring a network's activity
  62. NOTE: keeping intruders out of the system and making it extremely difficult to intrude are top priorities for network security administrators. Network security people have two choices: Prevent intrusion, or detect intrusion. Preventing intrusion is proactive; detecting intrusion is after the fact. Organizations should decide which approach to use depending on their security needs.

    Companies with highly sensitive information that can't be at risk to an intrusion should choose prevention.  The detection approach, on the other hand, requires less up-front monitoring and relies on after-the-fact screening.
  63. is a tool (either hardware or software) that we can use to capture and analyze packets and other data traffic transmitted over a communication channel.
    Protocol Analyzer

    These also go by a few other names: network analyzers, packet sniffers, or packet analyzers. They're all monitoring tools that we can incorporate into a security program to supplement network-installed devices.
  64. have the purpose of predicting, preventing, and detecting incoming or outgoing unwanted or threatening network traffic. This includes spam, web applications, email, and email attachments. malware, viruses, and any other undesirable or harmful network traffic.
    Security Filters
  65. What are the three primary categories of security filters for a local network?
    • -Spam filters
    • -Web application filters or firewalls
    • -Packet and content filters
  66. screen out spam by scanning incoming and outgoing email messages for specific words, symbols, phrases, and images. These filters block incoming email messages that are unwanted, dangerous, or that violate any set of filtering rules established by an organization or individual.
    Spam Filters
  67. What are the three characteristics that the default filtering rule screen for within Spam filters?
    • -The sender's email address
    • -The software that sent the message
    • -the content of the message (including it's subject line and body)
  68. is the most commonly applied spam rule. Most email clients allow users to tag an email sender as a source of spam. From then on, the email client will consider any message from that sender's address as spam. In addition most anti-spam filtering software maintains a RBL which it will compare the addresses of the sender to, and if there is a match, the system tags, quarantines, or blocks the message, depending on the software's setup.
    The sender's email address rule.
  69. contains the identities and addresses of well-known spam sources.
    Realtime Blackhole List (RBL)
  70. Spam filters also detect whether a message originated from a malicious source. The software that originated a message may not have been able to disguise itself as a legitimate email system, such as Outlook, Eudora, Gmail, Yahoo, and the like. One typical giveaway on spam messages is that they may all have the same message ID.
    The software that sent the message.
  71. Another common filter rule is the contents of the message subject or body. Certain keywords or phrases, such as "singles," "buy now," "low prices," and "drugs," can be clues that the incoming message is spam. Most spam filters include a dictionary of these terms, and users can add additional words or phrases that they wish to filter. Characteristics of the message body can also give away a message as spam. Formatting like bright colors, blinking text, very large fonts, and other unusual HTML featurese uncommon in general correspondence can set off a spam filter.
    The content of the message.
  72. Is a software firewall that controls incoming and outgoing traffic to a particular application or service. It may also be used to control access to or from applications and services running on a server.
    Application Firewall
  73. What are the two basic types of application firewalls?
    • -networked-based
    • -host-based
  74. Can be associated with a specific service or application, such as a Web application firewall. They operate at the Application Layer of the OSI Network model and are used to block certain content, websites, viruses, or exploits against certain software flaws and vulnerabilities.
    • A network-based application firewall
    • Which is also known as a proxy-based or reverse-proxy firewall.
  75. are limited to monitoring the activities on a specific host. Monitors inputs, outputs, and system calls made to or by an application by examining the contents of system calls to or from an application. Are typically associated with a packet filter.
    • Host-based/Application-based host firewall.
    • The application firewall that also monitor socket calls are known as socket-based firewalls.
  76. control access to a network by examining and analyzing incoming and outgoing message packets. Usually, they're embedded into a firewall application or appliance.
    Packet Filters
  77. does most of the packet filtering performed by a gateway device or service. It allows or denies access to the network, or internetworking devices associated with the network, based on the source and destination addresses in the network message.
    Static Filtering
  78. Where static filtering examines only the information in the packet header, it also considers the "state" of the communications link an whether an incoming message is in response to a request sent out from the network.
    Stateful or Dynamic filtering
  79. NOTE: Firewalls are filtering devices, some host-based firewalls can be application-specific. In addition to monitoring inbound and outbound activities of the applications running on a host, application-aware firewalls also perform two foundation security functions: intrusion detection and intrusion prevention. The primary function of any firewall is to analyze incoming network traffic and block any packets that fail to meet the firewall rules. The purpose of an Intrusion Detection System (IDS) or an Intrusion Prevention System (IPS) is also to protect the network, but they do so in ways that are beyond the scope of a firewall.
  80. NOTE: AN IDS can be either passive or active. In its passive form, it will only report the possibility of an intrusion. However, in its active form, it will attempt to block, fix, or mitigate the impact of a malicious activity and then report its actions.
  81. only monitors or analyzes incoming network traffic, and if it detects possible malicious or questionable content, it will send an alert as configured. It doesn't preform any form of corrective or protective action itself.
    A passive IDS (Intrusion detection system)
  82. Blocks malicious network attacks and attempts to detect and repair any damage they do. However, because it must sit on the network boundary, it's also vulnerable to attack as well.  Unless the security rules are clearly and unambiguously defined, and attack can cause it to flood a system with alarms, allowing the attack to continue.
    An active IDS (intrusion detection system) but is also called IPS (intrusion prevention system)
  83. NOTE: The key thing to remember for now is that message and data filtering are part of fundamental security policies, and they rely on clear, thorough, and concise security rules to properly function and to secure a network from incoming attacks.
  84. What is the difference between a TCP port and a UDP port?
    TCP (transmission Control Protocol)provides an active, ongoing connection between hosts. TCP has substantial error recovery built into it. Upon receiving a packet, a host sends parity information back to the server to verify that the packet arrived intact. If the server detects a flaw, it resends the packet. This type of connection applies to all forms of file and text transfers and is by far the most common.

    UDP (User Datagram Protocol) is a connectionless protocol with little built-in error recovery. Its primary use is to broadcast information out to a network rather than to send files.
  85. Does the security + exam require that I know specific services uses TCP, UDP, or both?
    Not really, If in doubt, assume TCP because that's the most common. The one oddball exception is L2TP (Layer 2 Tunneling Protocol), which uses UDP port 1701.
  86. What security mechanism sits on the network boundary and blocks network attacks and attempts to repair any damage they do?
    Intrusion Prevention System (IPS)
  87. What is the focus of computer and network security?
    Preserving confidentiality, integrity, and availability.
  88. What security process confirms a user's identity?
    Authentication
  89. What are the two main methods we can use to monitor the security of a network?
    Intrusion detection and intrusion prevention.
  90. Which of the following is not a type of stateful inspection?
    Packet Filter
    Application level gateway
    Packet routing
    Circuit level gateway
    Packet routing

What would you like to do?

Home > Flashcards > Print Preview