Module 12 - Network Security Infrastructure

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Application gateway firewall (proxy firewall)

- A firewall that filters information at Layers 3, 4, 5, and 7 of the OSI reference model. Most of the firewall control and filtering is done in software. -Proxy firewalls filter traffic through the application layer of the TPC/IP model and shield client information by connecting to remote servers on behalf of clients.

Cisco Advanced Malware Protection (AMP)

-A Cisco malware analysis and protection solution that goes beyond point-in-time detection and provides comprehensive protection for organizations across the full attack continuum: before, during, and after an attack. -Uses threat intelligence along with known file signatures to identify and block policy-violating file types and exploitations.

NetFlow

-Cisco IOS technology that provides statistics on packets flowing through a Cisco router or multilayer switch -provides data to enable network and security monitoring, network planning, traffic analysis to include identification of network bottlenecks, and IP accounting for billing purposes

zone

-Group of one or more interfaces that have similar functions or features -The only exception to this default deny any policy is the router self zone

Next-generation firewalls (NGFW)

-Integrated intrusion prevention -Application awareness and control to see and block risky apps -Upgrade paths to include future information feeds -Techniques to address evolving security threats

SNMP system consists of two elements

-SNMP manager that runs SNMP management software. -SNMP agents which are the nodes being monitored and managed.

NTP servers are arranged in three levels known as strata:

-Stratum 0 - An NTP network gets the time from authoritative time sources. These authoritative time sources, also referred to as stratum 0 devices, are high-precision timekeeping devices assumed to be accurate and with little or no delay associated with them. -Stratum 1 - The stratum 1 devices are directly connected to the authoritative time sources. They act as the primary network time standard. -Stratum 2 and lower strata - The stratum 2 servers are connected to stratum 1 devices through network connections. Stratum 2 devices, such as NTP clients, synchronize their time using the NTP packets from stratum 1 servers. They could also act as servers for stratum 3 devices.

IPsec

-a suite of protocols developed with the backing of the IETF to achieve secure services over IP packet-switched networks -authentication, integrity, access control, and confidentiality

Distribution Layer

-aggregates access layers and provides connectivity to services -commonly provides policy-based connectivity which permits or denies traffic based on predefined parameters -acts as a control boundary between the access and core layers.

Three types of F/W

1. Private and public 2. DMZ 3. Zone-based policy (ZPF)

syslog logging service provides three primary functions:

1. The ability to gather logging information for monitoring and troubleshooting 2. The ability to select the type of logging information that is captured 3. The ability to specify the destination of captured syslog messages

Cisco Email Security Appliance (ESA)

A Cisco solution that enables users to communicate securely via email and helps organizations combat email security threats with a multilayered approach across the attack continuum.

Host-based (server and personal) firewall

A PC or server with firewall software running on it.

Hybrid firewall

A combination of the various firewall types. For example, an application inspection firewall combines a stateful firewall with an application gateway firewall.

Generic Routing Encapsulation (GRE)

A tunneling protocol designed to encapsulate a wide variety of network layer packets inside IP tunneling packets.

Cisco Web Security Appliance (WSA)

An all-in-one web gateway that includes a wide variety of protections that can block hidden malware from both suspicious and legitimate websites.

Transparent firewall

Filters IP traffic between a pair of bridged interfaces.

How is a source IP address used in a standard ACL?

It is the criterion that is used to filter traffic

traps

SNMP agents can forward information directly to a network manager

Cisco Cloud Web Security (CWS)

cloud-based security service that uses web proxies in the Cisco cloud environment to scan traffic for malware and policy enforcement

Management Information Base (MIB)

database on the agents that stores data and operational statistics about the device

stratum level

defined as the number of hop counts from the authoritative source

Which two pieces of information should be included in a logical topology diagram of a network?

interface identifier and connection type

Stateful firewalls

provide stateful packet filtering by using connection information maintained in a state table; lso analyzes traffic at OSI Layer 4 and Layer 5

Core Layer

provides connectivity between distribution layers for large LAN environments

Access Layer

provides endpoints and users direct access to the network

firewall

system, or group of systems, that enforces an access control policy between networks

Packet filtering firewalls (stateless)

usually part of a router firewall, which permits or denies traffic based on Layer 3 and Layer 4; simple policy table look-up that filters traffic based on specific criteria


Ensembles d'études connexes

Insurance Terms and Related Concepts

View Set

Ch. 15-16 Neuroligical Disorders

View Set

A.P. Industry Study Guide open to all, Please help answer the Questions.

View Set

High Rate of Natural Population Growth Case-Study: NIGER (Gabi)

View Set