Comptia Security+ 1
Spam Filters
-Stop unsolicited email at the gateway, -Whitelist= only receive email from trusted senders, -SMTP standards checking=Block anything that does not follow RFC standards, rDNS= Block email where the senders domain does not match their IP address, -Tarpitting= Intentionally slow down the server conversation, -Recipient filtering= Block all email not addressed to a valid recipient email address
VPN Concentrator
-The connection point for remote users, -Traffic is encrypted across the internet and then decrypted on the internal private network.
Log Analysis
-Used for post event analysis. -Can provide useful real time analysis. -Automation and consolidation is the key.
Unified Threat Management (UTM)
-Web security gateway, -Url filter/content inspection, -Malware inspection, -spam filter, -CSU/DSU, -router, -switch, -firewall, -IDS/IPS, -bandwidth shaper, -VPN endpoint
Network Seperation
-Seperate switches, seperate routers, no overlap. -Used in sensitive environments. -Logical seperation. -Virtualization of the network infrastructure.
Proxy
-Sits between the users and the external network, -Receives the users request and sends the request on their behalf, -Applications may need to know how to use the proxy(explicit), -Some proxies are invisible(transparent)
Firewall
-OSI level 4 (TCP/UDP), some firewalls filter through OSI level 7, filters traffic by port number, Can encrypt traffic into and out of network and between sites, Can proxy traffic - a common security technique. Most firewalls can also be layer 3 devices.
Access control lists
-Permissions associated with an object, -Used in file systems, network devices, operating systems, and more.
Intrusion Detection/Prevention System
-Protects against OS and application exploits, Detection=Alerts but does not prevent attacks, Prevention=Blocks the attack
Switch
- An OSI level 2 device, Hardware bridging ASIC's, - forwards traffic based on MAC addresses, - the core of an enterprise network, - High bandwidth many simultaneous packets
Router
- An OSI level 3 device, -Routes traffic between IP subnets, -Routers inside of switches are sometimes called "layer 3 switches", -Layer 2=Switch, Layer 3=Router, -Often connects diverse network types (WAN, LAN, Copper, Fiber)
DMZ (demilitarized zone)
-A layer of security between your network and the internet. -Protects external facing services. -Usually less trusted than the Internal Network connection.
Firewall Rules
-Allow or disallow traffic based on firewall tuples (source IP, destination IP, port number, time of day, etc..). -Evaluated top to bottom. -There is usually an implicit deny at the bottom.
Secure Router Configuration
-Always change the default log in and password. -Protect configuration file transfers. -TFTP=In the clear, not encrypted, -SCP=encrypted, -HTTPS=encrypted.
Web Application Firewall
-Applies Rules to HTTP conversations, -Allow or deny based on expected input, -Protects against exploits like SQL injections and buffer overflows, -Focus of Payment Card Industry Data Security Standard
Protocol analyzer
-Captures network packets, -Decodes each part of the communication, -See's all of the network conversation.
Flood Guards
-Commonly seen on Intrusion Prevention Systems. -Dos/DDos (denial of service / distributed denial of service). Syn floods= overload the server. Ping floods/ping scans=overwhelm the network, determine devices on a network. -Port floods/port scans=identify open ports on a device.
Load Balancer
-Distributes the load over many physical servers, -Very common in large environments, -Load balanced evenly across servers or based on specific content types.
Switch Port Security
-IEEE 802.1X= Port based network access control software. Makes extensive use of EAP (Extensible Authentication Protocol) and Radius (Remote Authentication Dial in User Service). Disable your unused ports, Enable duplicate MAC address checking / spoofing
Spanning tree protocol
-IEEE standard 802.1D. -Prevents loops in bridged (switched) networks. -Built into the switch configuration options.
VLAN's
-Logically separate yours switch ports into subnets. -VLAN's cannot communicate with each other without a router. -Group users together by function
Application Aware Security Devices
-Network Based Firewalls=Control traffic flows based on the application, (Microsoft SQL server, twitter, youtube). -Intrusion Prevention System= ID the application, apply application specific vulnerability signatures to the traffic. Host Based Firewalls= Work with the OS to determine the application