CISA Chapter 10 - Network Security and Control
Please Do Not Tell Sales People Anything
1 - Physical 2 - Data Link 3- Network 4 - Transport 5 - Session 6 - Presentation 7 - Application
Screened-Host Firewall
1 Bastian host and 1 packet filtering router
Transport Layer Security (TLS)
A communications protocol or system of rules that ensures privacy between communicating applications and their users on the Internet.
Bastion Host
A heavily secured server located on a special perimeter network between the company's secure internal network and its firewall.
Proxy
A mediator that stands between the internal and external networks.
Enabling MAC Filtering
Allowing access to only selected and authorized devices, restricting all other access.
Distributed Denial of Service (DDoS)
An attack where a firm's computer systems are flooded with thousands of seemingly legitimate requests, the sheer volume of which will slow or shut down the site's use. DDoS attacks are often performed via botnets.
Remote Access VPN
Authorized users can connect to the corporate network from anywhere.
Toll Fraud
Breaking into corporate VoIP system in order to place free long-distance and international telephone calls
Dual-Homed Firewall
Consists of one packet filtering router and 2 network interface cards
The best security for telecommunication networks
Dedicated lease lines
War Driving
Deliberately searching for Wi-Fi signals while driving by in a vehicle
Virtual Private Network (VPN)
Enables remote users and branch offices to access applications and resources available in private networks of the organization.
Open System Interconnection (OSI) Layers
Explains the layered steps of the network. There are 7 total layers.
Crosstalk
Happens when the signal from one cable gets mixed up with the signal from another cable.
Bridges
Have the same functionality as switches, that operate at layer 2 of the OSI.
Shielded Twisted Pair (STP)
Less prone to EMI and cross talk and the more reliable form of copper wire circuits.
Stateful Inspection
Monitors and tracks the destination of each packet that is being sent from the internal network.
Unshielded Twisted Pair (UTP)
More sensitive to the effects of EMI and crosstalk, should be avoided for long distances.
Routers
Operates at layer 3, connects 2 different networks and each network remains logically separate and can function as independent networks.
Gateway
The capability to translate and connect different protocols and networks. Acts as the 7th layer
Network Diagram
The first thing that an IS Auditor should evaluate to understand the network architecture and determine the inherent risks or single points of failure.
Attenuation
The loss or weakening of signal transmission.
Screened-Subnet Firewall (Demilitarized Zone)
The most secure type of firewall installation. Has 2 packet filtering routers with 1 bastion host.
Application-Level Firewall
The most secure type of firewalls operating at the app layer
Fiber-Optic Cables
The preferred choice for managing long-distance networks and handling high volumes of data.
Packet Filtering Router
The simplest and earliest version of a firewall.
WPA-2
The strongest encryption standard for wireless connection.
Voice over Internet Protocol (VoIP)
The transmission of voice and other content over IP networks.
Circuit-Level Firewall
Typically considered second-generation firewall technology. They work in a similar fashion to packet-filtering firewalls, but they operate at the transport and session layers of the OSI model.
Repeaters
Used to address the risk of attenuation (weakining of the signal)
Intranet VPN
Used to connect branch offices with an enterprise WAN.
Extranet VPN
Used to connect business partners and provide limited access to each other's corporate network.
Hubs and Switches
Used to connect different devices for the exchange of data.
Dynamic Host Configuration Protocol (DHCP)
allows dynamic IP address allocation so users do not have to have a preconfigured IP address to use the network
