CASP Ch 3

virtual network computing (VNC)

A remote desktop control system that operates much like RDP but uses the Remote Frame Buffer protocol.

service-level agreement (SLA)

Agreements about the ability of a support system to respond to problems within a certain time frame while providing an agreed level of service.

sensor

A device used in a SCADA system, which typically has digital or analog I/O, and these signals are not in a form that can be easily communicated over long distances.

kernel proxy firewall

A fifth-generation firewall that inspects a packet at every layer of the OSI model but does not introduce the performance hit of an application-layer firewall because it does this at the kernel layer.

BACnet (building automation and control network)

A protocol used by HVAC systems.

application-level proxy

A proxy device that performs deep packet inspection.

load balancing

A computer method for distributing workload across multiple computing resources.

web application firewall (WAF)

A device that applies rule sets to an HTTP conversation. These sets cover common attack types to which these session types are susceptible.

unified threat management (UTM)

A device that combines a traditional firewall with content inspection and filtering, spam filtering, intrusion detection, and antivirus.

SOCKS firewall

A circuit-level firewall that requires a SOCKS client on the computers.

infrastructure as a service (IaaS)

A cloud computing model in which the vendor provides the hardware platform or data center and the company installs and manages its own operating systems and application systems. The vendor simply provides access to the data center and maintains that access.

control plane

A component of a router that carries signaling traffic originating from or destined for a router. This is the information that allows the routers to share information and build routing tables.

switch

A device that improves performance over a hub because it eliminates collisions.

next-generation firewall (NGFW)

A category of devices that attempt to address traffic inspection and application awareness shortcomings of a traditional stateful firewall, without hampering performance.

wireless controller

A centralized appliance or software package that monitors, manages, and controls multiple wireless access points.

three-legged firewall

A firewall configuration that has three interfaces: one connected to the untrusted network, one to the internal network, and the last to a part of the network called a demilitarized zone (DMZ).

dual-homed firewall

A firewall that has two network interfaces, one pointing to the internal network and another connected to an untrusted network.

stateful firewall

A firewall that is aware of the proper functioning of the TCP handshake, keeps track of the state of all connections with respect to this process, and can recognize when packets are trying to enter the network that don't make sense in the context of the TCP handshake.

screened host

A firewall that is between the final router and the internal network.

proxy firewall

A firewall that stands between a connection from the outside and the inside and makes the connection on behalf of the endpoints. With a proxy firewall, there is no direct connection.

extensible authentication protocol (EAP)

A framework (rather than a single protocol) for port-based access control that uses the same three components used in RADIUS.

redundant array of independent disks (RAID)

A hard drive technology in which data is written across multiple disks in such a way that a disk can fail and the data can be quickly made available from the remaining disks in the array without resorting to a backup tape.

bastion host

A host that may or may not be a firewall. The term actually refers to the position of any device. If it is exposed directly to the Internet or to any untrusted network, we would say it is a bastion host.

access control list (ACL)

A list of permissions attached to an object, including files, folders, servers, routers, and so on. Such rule sets can be implemented on firewalls, switches, and other infrastructure devices to control access.

virtual local area network (VLAN)

A logical subdivision of a switch that segregates ports from one another as if they were in different LANs.

mesh network

A network in which all nodes cooperate to relay data and are all connected to one another. To ensure complete availability, continuous connections are provided by using self-healing algorithms to route around broken or blocked paths.

virtual private network (VPN)

A network whose connections use an untrusted carrier network but provide protection of the information through strong authentication protocols and encryption mechanisms

remote desktop protocol (RDP)

A proprietary protocol developed by Microsoft that provides a graphical interface to connect to another computer over a network connection.

S-HTTP

A protocol that encrypts only the served page data and submitted data like POST fields, leaving the initiation of the protocol unchanged.

password authentication protocol (PAP)

A protocol that provides authentication but with which the credentials are sent in cleartext and can be read with a sniffer.

configuration lockdown

A setting that can be configured on a variety of devices once the device is correctly configured. It prevents any changes to the configuration.

virtual switch

A software application or program that offers switching functionality to devices located in a virtual network.

802.1x

A standard that defines a framework for centralized port-based authentication.

screened subnet

A subnet in which two firewalls are used, and traffic must be inspected at both firewalls to enter the internal network.

network intrusion prevention system (NIPS)

A system that can take action to prevent an attack from being realized.

network intrusion detection system (NIDS)

A system that is designed to monitor network traffic and detect and report threats.

inline network encryptor (INE)

A type 1 encryption device.

signature-based detection

A type of intrusion detection that compares traffic against preconfigured attack patterns known as signatures.

IPv6

An IP addressing scheme designed to provide a virtually unlimited number of IP addresses. It uses 128 bits rather than 32, as in IPv4, and it is represented in hexadecimal rather than dotted-decimal format.

6 to 4

An IPv4-to-IPv6 transition method that allows IPv6 sites to communicate with each other over the IPv4 network.

teredo

An IPv4-to-IPv6 transition method that assigns addresses and creates host-to host tunnels for unicast IPv6 traffic when IPv6 hosts are located behind IPv4 network address translators.

generic routing encapsulation (GRE)

An IPv4-to-IPv6 transition method that can be used to carry IPv6 packets across an IPv4 network by encapsulating them in GRE IPv4 packets.

dual stack

An IPv4-to-IPv6 transition method that runs both IPv4 and IPv6 on networking devices.

hardware security module (HSM)

An appliance that safeguards and manages digital keys used with strong authentication and provides crypto processing.

challenge handshake authentication protocol (CHAP)

An authentication protocol that solves the clear-text problem by operating without sending the credentials across the link.

database activity monitor (DAM)

Devices that monitor transactions and the activity of database services.

ftps

FTP that adds support for Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocol.

clustering

Providing load-balancing services by using multiple servers running the same application and data set.

circuit-level proxies

Proxies that operate at the session layer (layer 5) of the OSI model.

protocol analyzer

Software that collects raw packets from a network and is used by both legitimate security professionals and attackers.

mean time to repair (MTTR)

The average time required to repair a single resource or function when a disaster or other disruption occurs. Describes the average amount of time it takes to get a device fixed and back online.

failsoft

The capability of a system to terminate noncritical processes when a failure occurs.

failover

The capacity of a system to switch over to a backup system if a failure occurs in the primary system.

management plane

The component or plane on a networking device such as a router or switch that is used to administer the device.

mean time between failures (MTBF)

The estimated amount of time a device will operate before a failure occurs. Describes how often a component fails, on average.

data plane

The plane on a networking device such as a router or switch that carries user traffic. Also known as the forwarding plane.

packet filtering firewall

The type of firewall that is the least detrimental to throughput as it only inspects the header of the packet for allowed IP addresses or port numbers.

security information and event management (SIEM)

Utilities that receive information from log files of critical systems and centralize the collection and analysis of this data.

trunk link

link between switches and between routers and switches that carries the traffic of multiple VLANs.

ftp

file transfer protocol ports 20 & 21