Network Security Final Review
deployment multiple subnets in series to separate private resources from public. This is known as an N-tier deployment.
Defense in Depth
Firewall rule that assumes that all traffic is potentially malicious or at least unwanted or unauthorized; everything is prohibited by default
Deny-by-Default
supports multiple layers of security, such as IDS or IPS
Diversity of Defense
This version of NAT maps an unregistered IP address to a registered IP address from a group of registered IP addresses.
Dynamic NAT
Which of the following is a core Internet Protocol Security (IPSec) protocol that provides encryption only, both encryption and integrity protection, or integrity protection only in all but the oldest IPSec implementations?
ESP
- the VPN termination point - the VPN link exists only over the public internet (not within the private LAN). - ensures that a firewall can filter the traffic exiting the VPN to move into the LAN
Edge Router
Which of the following can perform authentication to provide integrity protection, although not for the outermost IP header?
Encapsulating Security Payload (ESP)
Security failures should fail into a state that supports or maintains essential security protections
Failsafe
What is the first step in deploying a firewall?
Firewall Policy
ensuring that everyone abides by security limitations. Potentially, users have many ways to purposefully violate security
Forced Universal Participation
- most common type of VPN deployed. - more scalable - can create some security issues, due to possible vulnerabilities in the VPN software code on the appliance.
Hardware VPN
VPN that establishes a secure VPN over trusted VPN connections.
Hybrid VPN
a protocol that helps us to protect IP traffic on the network layer (layer 3).
IPsec
Which of the following statements is TRUE of an Internet Protocol Security (IPSec) virtual private network (VPN) when compared to a Secure Sockets Layer/Transport Layer Security (SSL/TLS) VPN?
It requires client software.
Developed by Cisco, used for the "tunneling" of link protocols
Layer 2 Forwarding (L2F)
Created with an agreement to Microsoft and Cisco, allows the "tunneling" of PPP traffic on serveral network.
Layer 2 Forwarding Protocol (L2TP)
Virtual private networks (VPNs) and which standard have historically suffered from conflicts when used together?
NAT
Which of the following BEST describes a technology with inherent security risks and that can reveal information a user did NOT intend to share?
P2P
Developped by Microsoft, is a Point to Point Protocol (PPP) extension that encapsulates IP, IPX, NetBEUI into IP packets
Point to Point Tunneling Protocol (PPTP)
firewall, proxy, and routing service that can receive a resource request on an interface at one port, then forward the request to another address on the same or different port
Port Forwarding
•proprietary protocol developed by Microsoft which provides a user with a GUI to connect to another computer over a network connection.
RDP(remote desktop protocol)
•Also known as host-to-site VPN •Supports single-host VPN connections into a LAN site
Remote Access
a firewall service that allows external users access to internally hosted web resources.
Reverse Proxy
A method for secure remote login and other secure network services over a public network such as the Internet
SSH (Secure Shell)
◦Can be used for tunneling the entire network traffic or to make it secure a individual connection
SSL/TLS
Encryption ensures privacy even over public networks, such as the Internet.
Secured VPN
the process that any information system is secure as long as security vulnerabilities remain hidden
Security through Obscurity (StO)
•Also known as LAN-to-LAN VPNs or WAN VPN connections between LANs •Supports secure connections between LANs over intermediary public networks •Can be an inexpensive mechanism to create a single distributed LAN
Site-to-Site VPN
type of VPN used in used in smaller companies less scalable and less stable, and are open source
Software VPN
______________ is a computer networking concept which allows a user to access dissimilar security domains like a public network (e.g., the Internet) and a local LAN at the same time
Split Tunneling
Analisa uses her virtual private network (VPN) connection to simultaneously connect to the office LAN and her personal computer at home. What security risk does this pose?
Split-Tunneling
- This version of NAT maps an unregistered IP address on the private network to a registered IP address on the public network on a one-to-one basis. - This is used when the translated device must be accessible from the public network
Static NAT
Which of the following is a protocol that supports Advanced Encryption Standard (AES) with 128, 192, and 256 keys?
TLS
___________ mode encryption protects only the original IP packet's payload.
Transport
The primary organization owns all of the network infrastructure components, including
Trusted VPN
__________ mode encryption protects the entire original IP packet's header and payload.
Tunnel
la mechanism to establish a secure remote access connection across the Internet
VPN
specifically handles the load of a VPN
VPN Appliance
A combination of tools and processes that allow you to reduce risk in your computing environment
Vulnerability Management
la combination of tools and processes that allow you to reduce risk in your computing environment, including VPN-connected systems and networks.
Vulnerability Management
__________________'s are a single standalone device with all the necessary security functions needed to run a VPN connection.
•Hardware VPNs
use select protocols to connect a piece of client software to a VPN server.
•Software VPNs
Assumes that most traffic is benign; everything is allowed by default
Allow-by-Default
Virtual private networks (VPNs) allow external entities to connect to and interact with a private network. What does identity verification require?
Authentication
Which of the following provides integrity protection for packet headers and data and can optionally provide replay protection and access protection?
Authentication Header
•Keeping a spare VPN product on your shelf, configured and ready to go live in the event of a failure
Built-in-Redundancy
•The pathway can be used to control bandwidth consumption, filter content, provide authentication services, or enforce authorization •Forces traffic, communications, and activities through a single pathway or channel
Chokepoint
- the traffic entering or leaving the VPN does not pass through the filtering restrictions of the firewall. - Instead, the firewall just serves as a entering point for the VPN tunnel endpoint.
Corporate Firewall