Network Security
behavior based monitoring
monitoring technique used by an IDS that uses the normal processes and actions as the standard and compares action against it.
heuristic monitoring
monitoring technique used by an IDS that uses an algorithm to determine if a threat exists.
disadvantages of HIDS
-cannot monitor network traffic that does not reach the local system -log data is stored locally -tends to be resource intensive and can slow down the system
class A IPs
10.0.0.0 to 10.255.255.255
class b IPs
172.16.0.0 to 172.31.255.255
class c IPs
192.168.0.0 to 192.168.255.255
IP addresses have how many bits
32
internet content filters
monitor internet traffic and block access to preselected web sites and files. page is only displayed if it colies with the specified filters
a technique that allows IP addresses to be used on the public internet
NAT
what is typically used on home routers that will allow multiple users to share once IP address received from an internet service provider
PAT
internet content filter features
URL and content filtering malware filtering prohibit file downloads profiles detailed reporting
what creates all data that is transmitted between the remote device and the network
VPN
signature based monitoring
monitoring technique used by an IDS that examins network traffic to look for well known patterns and compares the activities agains a predefined signiture
VPN concentrator
a device that aggregates hundreds or thousands of VPN connections
anomaly based monitoring
a monitoring technique used by an IDS that creates a baseline of normal activiteis and computer actions agianst the baseline. whenever there is a deviation, an alarm occurs
demilittarized zone (DMZ)
a seperate network that rests outside the secure network perimeter; untrusted outside users can access the DMZ by cannot enter the secure network
settings based firewall
allows admin to create a set of certain parameter that together define one aspect of a devices operation
remote access
any combination of hardware and software that enables remote user to access a local internal network
proxy server
computer or an application program that intercepts a user request from the internal secure network and then processes that request on behalf of the user
reserve proxy
computer or an application program that routes incoming request to the correct server
intrusion detectioin system (IDS)
device designed to be active security; it can detect an attack as it occurs
load balancer
device that can direct request to different servers based on a variety of factors such as: number of servers, processor utilization, or performance
web security gateway
device that con block malicious content in real time as it appears (without first knowing the URL of a dangerous site
signature based monitoring
examining network traffic, activity, transactions, or behavior and looking for well known patterns
advantages of proxy server
increased speed reduced costs improved management stronger security
statful packet filtering
keeps a record of the state of a connection between an internal computer and an external device and then makes decision based on the connection as well as conditions
stateless packet filtering
permits or denies packets based on the conditions that have been set by the administrator
passive NIDS
slimply sounds an alarm and logs the event
host intrusion detection system (HIDS)
software based application that runs on a local host computer that can detect an attack as it occurs
web application firewall
special type of firewall that looks more deeply into packets that carry HTTP traffic
each operation in a computing environment starts with what
system call
What HIDS monitors
system calls file system access system registry settings host input/output
network address translation (NAT)
technique that allows private IP addresses to be usded on the public internet
network access control (NAC)
technique that examines the current state of a system or network device before it is allowed to connect to the network
network intrusion prevention system (NIPS)
technology that monitors network traffic to immediately react to block a malicious attack
network intrusion detection system (NIDS)
technology that watches for attacks on the network and reports back to a central device
virtual private network (VPN)
technology to use an unsecured public network such as the internet, like a private network
rule based firewall
uses a set of instructions to control the actions
what can block malicious content in "real time" as it appears without first knowing the URL of a dangerous site
web security gateway
active NIDS
will sound an alarm and take action against attack
these switches are connected directly to the devices on a network
workgroup switches