Connect and Protect: Networks and Network Security

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Areas in the controlled zone

-Demilitarized Zone (DMZ) -internal network (private servers & Data -restricted zone-highly confidential information

Where security hardening occurs:

-Devices -Networks -Applications -Cloud infrastructure -Security analysts responsibilities -patch updates -Backups

Security hardening is conducted on

-Hardware -Operating systems -Applications -Computer networks -Databases

Network security hardening

-Port filtering -Network access privilege -Encryption (over networks)

Categories of multi-factor identification

-Something you know (password) -Something you have (ID card) -Something unique about you (fingerprint)

IP version 4

19.117.63.126

IP version 6 (IPv6)

684D. 1111:222:3333:4444:5555:6:77

data packet

A basic unit of information that travels from one device to another within a network

Stateful

A class of firewall that keeps track of information passing through it and proactively filters out threats

Stateless

A class of firewall that operates based on predefined rules and that does not keep track of information from data packets

Cloud network

A collection of servers or computers that stores resources and data in remote data centers that can be accessed via the internet

Modem

A device that connects your router to the internet and brings internet access to the LAN

Baseline configuration (baseline image)

A documented set of specifications within a system that is used as a basis for future builds, releases, and updates

port filtering

A firewall function that blocks or allows certain port numbers to limit unwanted communication

TCP/IP Model

A framework used to visualize how data is organized and transmitted across a network

network

A group of connected devices

Replay Attack

A network attack performed when a malicious actor intercepts a data packet in transit and delays it or repeats it at another time

IP spoofing

A network attack performed when an attacker changes the source IP of a data packet to impersonate an authorized system and gain access to a network

Smurf Attack

A network attack performed when an attacker sniffs an authorized user's IP address and floods it with ICMP packets

hub

A network device that broadcasts information to every device on the network

Router

A network device that connects multiple networks together

Hyper Text Transfer Protocol (HTTP)

A network protocol that provides a secure method of communication between clients and website servers.

Address Resolution Protocol (ARP)

A network protocol used to determine the MAC address of the next router or device on the path

Firewall

A network security device that monitors traffic to and from your network

Virtual Private Network (VPN)

A network security service that changes your public IP address and masks your virtual location so that you can keep your data private when you are using a public network like the internet

Wide Area Network (WAN)

A network that spans a large geographic area like a city, state, or country

Local Area Network (LAN)

A network that spans small areas like an office building, a school, or a home

Domain Name System (DNS)

A networking protocol that translates internet domain names into IP addresses

Encapsulation

A process performed by a VPN service that protects your data by wrapping sensitive data in other data packets

Multi-factor authentication

A security measures which requires a user to verify their identity in two or more ways to access a system or network

Network Segmentation

A security technique that divides the network into segments

security zone

A segment of a company's network that protects the internal network from the internet

proxy server

A server that fulfills the requests of its clients by forwarding them to other servers

Network Protocols

A set of rules used by two or more devices on a network to describe the order of delivery of data and the structure of data

IEEE 802.11

A set of standards that define communication for wireless LANs

Internet Protocol (IP)

A set of standards used for routing and addressing data packets as they travel between devices on a network

penetration test (pen test)

A simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes

Patch update

A software and operating system update that addresses security vulnerabilities within a program or product

port

A software-based location that organizes the sending and receiving of data between devices on a network

Controlled zone

A subnet that protects the internal network from the uncontrolled zone

Network protocol analyzer (packet sniffer)

A tool designed to capture and analyze data traffic within a network

Synchronize flood attack

A type of DOS attack that simulates a TCP connection and floods a server with SYN packets

Ping of Death

A type of DoS attack caused when a hacker pings a system by sending it an oversized ICMP packet that is bigger than 64KB

Internet Control Message Protocol (ICMP) flood

A type of DoS attack performed by an attacker repeatedly sending ICMP request packets to a network server

Active packet sniffing

A type of attack where data packets are manipulated in transit

Passive packet sniffing

A type of attack where data packets are read in transit

distributed denial-of-service (DDoS) attack

A type of denial of service attack that uses multiple devices or servers located in different locations to flood the target network with unwanted traffic

MAC address

A unique alphanumeric identifier that is assigned to each physical device on a network

Internet Protocol (IP) address

A unique string of characters that identifies the location of a device on the internet

WiFi Protected Access (WPA)

A wireless security protocol for devices to connect to the internet

attack surface

All the potential vulnerabilities that a threat actor could exploit

Security Information and Event Management (SIEM)

An application that collects and analyzes log data to monitor critical activities in an organization

denial of service attack

An attack that targets a network or server and floods it with network traffic

On-path attack

An attack where a malicious actor places themselves in the middle of an authorized connection and intercepts or alters the data in transit

Transmission Control Protocol (TCP)

An internet communication protocol that allows two devices to form a connection and stream data

Internet Control Message Protocol (ICMP)

An internet protocol used by devices to tell each other about data transmission errors across the network

Uncontrolled zone

Any network outside of the organization's control

The Three C's

Command, control & Communications

Benefits of Next Generation Firewalls

Deep packet inspection, Intrusion protection, & Threat intelligence

Tasks performed

Firewall rules maintenance, Network log analysis, patch updates, & server backups

Security Protocols

HTTPS & SSL/TLS

IP address

IP version 4(IPv4), IP version 6(IPv6)

denial of service attack

Is a class of attacks where the attacker prevents the compromised system from performing legitimate activity or responding to legitimate traffic

chronicle

Is a cloud-native tool designed to retain, analyze, and search

Botnet

Is a collection of computers infected by malware that are under the control of a single threat actor, known as the "bot-herder."

tcpdump

Is a command-line network protocol analyzer

Open Systems Interconnection (OSI) model

Is a standardized concept that describes the seven layers computers used to communicate and sent data over the network

Intrusion Prevention System (IPS)

Is an application that monitors system activity for intrusive actively and takes action to stop the activity

DoS attack

Is an attack that targets a network or server and floods it with network traffic

Backdoor Attack

Is another type of attack you will need to be aware of as an security analyst

Subnetting

Is the subdivision of a network into logical groups called subnets

User Datagram Protocol (UDP)

Is used by application that are not concerned with the reliable of the transmission. Data sent over UDP is not tracked as extensively as data sent using TCP

Network access

It deals with data package

Internet Control Message Protocol (ICMP)

It shares error information and status updates of data packets. This is useful for detecting and trouble-shooting network errors. The ICMP reports information about packets that were dropped or that disappeared in transit issues with network connectivity, and packets redirected to the other routers.

Port 20

Large file transfers

Attacks can harm an organization by

Leaking valuable or confidential information, Damaging an organization's reputation, Impacting customer retention & costing money and time

Cloud service providers offer

On-demand storage, processing power, & analytics

Common IP spoofing attacks

On-path attack Replay attack Smurf attack

Application Layer

Protocols determine how the data packets would interact with receiving devices

Forward Proxy Server

Regulates and restricts a person's access to the internet.

Reverse Proxy Server

Regulates and restricts the internet's access to an internal server

Port 443

Secure internet communication

Cloud-based firewalls

Software firewalls that are hosted by the cloud service provider

Bandwidth

The amount of data a device receives every second

Operating System (OS)

The interface between computer hardware and the user

Packet Sniffing

The practice of capturing and inspecting data packets across a network

Cloud Computing

The practice of using remote servers, applications, and network services that are hosted on the internet instead of on local physical devices

Network log analysis

The process of examining network logs to identify events of interest

Security hardening

The process of strengthening a system to reduce its vulnerabilities and attack surface

Speed

The rate at which data packets are received or downloaded

Two types of security zones

Uncontrolled & Controlled zone

Layers of the TCP/IP Model

application, transport, internet, network access

Transport Layer

controlling data flow - splitting data into packets

Port 25

email

Firewall

is a network security device that monitors traffic to or from your network

brute force attack

is a trial-and-error process of discovering private information

Packet Sniffing

is the practice of capturing and inspecting data packets across the network

Internet Layer

responsible for addressing, packaging, and routing messages on the Internet


Kaugnay na mga set ng pag-aaral

ATI Pain and Inflammation (Exam 3)

View Set

MGT 3210 Midterm Exam Study Guide

View Set

Business Law - Chapter 34 (Personal Property and Bailments)

View Set

LIFE ONLY_Chapter 5-Policy Provisions, Riders and Options

View Set

Why is citing textual evidence important?

View Set

Ricci Chapter 48 PrepU- Peds Diabetes

View Set

A Level Pure Maths Lent and Trinity Term*

View Set

environmental health-occupational health

View Set

Bible Doctrines 2: Test 4 (Final Exam)

View Set

Pharmacology PrepU Chapter 17: Immune Modulators

View Set

9th Grade World Geography Honors: Chapter 16 Questions

View Set