SG Chapter 2
What is Domain Name System Security Extensions (DNSSEC)
Domain Name System Security Extensions (DNSSEC) is a security improvement to the existing DNS infrastructure.
What information can be disclosed in a banner grab
Often the banner discloses the application's identity, version information, and potentially much more.
What is Secure FTP (SFTP)
Secure FTP (SFTP) is a secured alternative to standard or basic FTP that encrypts both authentication and data traffic between the client and server. SFTP employs SSH to provide secure FTP communications.
What is Secure Key Exchange MEchanism (SKEME)
Secure Key Exchange MEchanism (SKEME) is a means to exchange keys securely.
What port does secure shell (SSH) operate over
Secure Shell (SSH) operates over TCP port 22.
Why should you be concerned with mobile device application security
The applications and functions used on a mobile device need to be secured. Related concepts include key management, credential management, authentication, geotagging, encryption, application whitelisting, and transitive trust/authentication.
What information can be obtained with the arp command
The arp command can be used to determine the MAC address of the rogue system from its IP address.
What information can be obtained with the netstat command
The command netstat displays information about TCP sessions of a system. The output options include displaying the source and destination IP address and port number of active connections, listing the program associated with a connection, showing traffic bytes, displaying Ethernet statistics, showing the FQDN for external addresses, and displaying the routing table.
What is the most common problem with an IDS/IPS, excluding misconfiguration
The most common problem with an IDS/IPS, excluding misconfiguration, is the occurrence of false positives.
What information can be obtained with the netcat command
The netcat command might be used to attempt to connect to any open ports on the target system in order to perform banner grabbing or other information discovery probing activities.
What information can be obtained with the ping tool
The ping tool can be used to verify that the target's IP address is active and in use.
Why does user acceptance be included in a company's mobile device policy
A mobile device policy needs to be clear and specific about all the elements of using a personal device at work. For many users, the restrictions, security settings, and MDM tracking implemented under a mobile device policy will be much more onerous than they expect. Thus, organizations should make the effort to fully explain the details of a mobile device policy prior to allowing a personal device into the production environment. Only after an employee has expressed consent and acceptance, typically through a signature, should their device be on-boarded.
Why should adherence to corporate policies be addressed in a company's mobile device policy
A mobile device policy should clearly indicate that using a personal mobile device for business activities doesn't exclude a worker from adhering to corporate policies. A worker should treat mobile equipment as company property and thus stay in compliance with all restrictions, even when off premises and during off hours.
What is a multipurpose proxy
A multipurpose proxy is not limited to a single application or set of protocols but can provide proxy functions for any application and protocol. A multipurpose proxy operates at Layers 3 and 4, where it manages communications based on IP address and/or port number.
What is a padded cell
A padded cell is a containment area that is activated only when an intrusion is detected.
What are passive tools
A passive tool, technique, or technology is one that monitors a situation but doesn't do anything about it. This can include recording details, launching analysis engines, and notifying administrators. Passive actions or tools don't affect an event and are unseen (or unnoticed) by the event (or subject of the event).
What is a patch
A patch is an update that corrects programming flaws that cause security vulnerabilities. Patches are single-issue utilities that are more thoroughly tested than hotfixes.
What is a policy violation
A policy violation occurs when a user breaks a rule. Users need to be trained on the security policies of the organization and know their specific responsibilities with regard to abiding by security rules. If a violation occurs, an internal investigation should evaluate whether it was an accident or an intentional event.
What is a protocol analyzer
A protocol analyzer is a tool used to examine the contents of network traffic. It is also known as a sniffer.
What is a proxy server
A proxy server is a variation of an application-level firewall or circuit-level firewall. A proxy server is used as a proxy or middleman between clients and servers.
What is a remote access VPN
A remote access VPN is a variant of the site-to-site VPN. A remote access VPN is where one endpoint is the single entity of a remote user that connects into an organizational network. A remote access VPN is also known as a host-to-site VPN. It is also known as a tunnel mode VPN and it offers link encryption, which means that it provides encryption only when the traffic is inside the tunnel itself.
What is a screen lock on a mobile device
A screen lock is designed to prevent someone from being able to casually pick up and use your phone or mobile device.
What is unified threat management (UTM)
An all-in-one security appliance or unified threat management (UTM) is a hardware device designed to operate inline between an Internet connection and a network. Its goal is to detect and filter all manner of malicious, wasteful, or otherwise unwanted traffic.
What is anomaly-based detection
An anomaly-based monitoring or detection method relies on definitions of all valid forms of activity. This database of known valid activity allows the tool to detect all anomalies.
What are application-based firewalls
An application firewall is a device, server add-on, virtual service, or system filter that defines a strict set of communication rules for a service and all users.
What is an egress filter
An egress filter is a traffic filter on packets leaving a secured area toward the outside (outbound communications).
What is an enterprise extended mode infrastructure in a wireless network
An enterprise extended mode infrastructure occurs when multiple WAPs are used to connect a large physical area to the same wired network. Each WAP uses the same extended service set identifier (ESSID) so that clients can roam the area while maintaining network connectivity, even if their wireless NICs change associations from one WAP to another.
What is an insider threat
An insider threat is someone on the inside of your organization who is violating the company security policy. Once an insider threat is identified, they need to be removed from the organization. If necessary, contact law enforcement to file criminal charges. Any resources accessed by the threat agent should be evaluated and re-secured.
How can misconfigured Firewalls be used to target an organization
A misconfigured firewall may allow communications that were intended to be blocked to cross a network boundary. It is important to carefully review firewall rules to prevent any loopholes from emerging due to complex and conflicting filter entries. Third-party evaluation tools are available that can be used to find mistakes in firewall rule sets.
How can poorly configured access points be used to target an organization
A misconfigured wireless access point is a popular target for attackers seeking to gain access into a private network. Common problems include running out-of-date firmware, leaving default configurations in place, not securing access to the management console, and failing to implement strong authentication and encryption.
Why is mobile device security concerning
Device security involves the range of potential security options or features that may be available for a mobile device. Not all portable electronic devices (PEDs) have good security features. PED security features include full device encryption, remote wiping, lockout, screen locks, GPS, application control, storage segmentation, asset tracking, inventory control, mobile device management, device access control, removable storage, and disabling of unused features.
What is device security
Device security is the range of potential security options or features that may be available for a mobile device. Not all portable electronic devices (PEDs) have good security features. But even if devices have security features, they're of no value unless they're enabled and properly configured. Be sure to consider the security options of a new device before you make a purchase decision.
What is a directional antenna
Directional antennas focus on sending and receiving capabilities in one primary direction.
What are diskettes or floppies
Diskettes, or floppies, are removable media that can store only a small amount of data (about 1.4 MB). However, even though they're small, they represent a significant security threat to a protected environment if they get into the wrong hands—not to mention the possibility that they can be used to introduce malware onto a system. Although this type of storage media is becoming less common, it is still a security concern when present.
What is Domain Name System (DNS)
Domain Name System (DNS) is the hierarchical naming scheme used in both public and private networks. It links IP addresses and human-friendly fully qualified domain names (FQDNs) together.
What is file integrity check
File integrity checking is the activity of comparing the current hash of a file to the stored/previous hash of a file. A file integrity checking utility will either display an alert or produce a report of the files that do not pass their hash-based integrity check.
What is mobile device application management
Application control or application management is a device management solution that limits which applications can be installed on a device. It can also be used to force specific applications to be installed or to enforce the settings of certain applications in order to support a security baseline or maintain other forms of compliance.
What is application whitelisting
Application whitelisting is a security option that prohibits unauthorized software from executing. Whitelisting is also known as deny by default or implicit deny.
What are application aware devices
Application-aware devices are security devices, such as firewalls, IDSs, IPSs, and proxies, that operate at the higher layers of the protocol stack in order to provide focused security filtering and analysis of the content of specific communications. Such devices are designed around a specific application or service, such as the Web, email, IM, file transfers, database interactions, and so on. Often, application-aware devices are able to provide deep content inspection and filtering based on their focus on specific applications and protocols.
What are firmware over the air (OTA) updates
Firmware OTA updates are upgrades, patches, and improvements to the existing firmware of a mobile device that are downloaded from the telco or vendor over the air (OTA).
Why should forensics be addressed in a company's mobile device policy
Forensics and investigations of mobile devices should be addressed in a company's mobile device policy because users need to be aware that in the event of a security violation or a criminal activity, their devices might be involved. This would mandate gathering evidence from those devices. Some processes of evidence-gathering can be destructive, and some legal investigations require the confiscation of devices.
What are four of the more commonly used types of directional antenna
Four of the more commonly used types of directional antennas are Yagi, cantenna, panel, and parabolic.
What are four reasons that SPAM is a problem
Four reasons that spam is a problem: - Spam can be the carrier for malicious code such as viruses, logic bombs, and Trojan horses. - Spam can be the carrier of a social engineering attack (hoax email). - Unwanted email wastes your time while you're sorting through it looking for legitimate messages. - Spam wastes Internet resources such as storage capacity, computing cycles, and throughput.
What is mobile device geofencing
Geofencing is the designation of a specific geographical area, which is then used to implement features on mobile devices. A geofence can be defined by GPS coordinates, a wireless indoor positioning system (IPS), or the presence or lack of a specific wireless signal.
How does geolocation work with mobile devices
Geolocation or geotagging is the ability of a mobile device to include details about its location in any media created by the device.
In a fully qualified domain name what is the registered domain name portion of www.google.com
In a fully qualified domain name the registered domain name portion of www.google.com is google.
In a fully qualified domain name what is the subdomain(s) or hostname portion of www.google.com
In a fully qualified domain name the subdomain(s) or hostname portion of www.google.com is www.
In a fully qualified domain name what is the top-level domain (TLD) portion of www.google.com
In a fully qualified domain name the top-level domain (TLD) portion of www.google.com is .com
How many 2.4 Ghz wireless channels are there in the US, Europe, and Japan
In the United States, there are 11 channels; in Europe, there are 13; and in Japan, there are 17.
How does infrared work for communications
Infrared is not as common a communication technology as wireless is for modern devices. However, there are still plenty of infrared implementations; they often revolve around cameras transmitting imagery to printers or storage devices or remote controls of cameras, video systems, A/V systems, and environmental sensors. Infrared is a line-of-sight-based system and can be easily interrupted. Infrared communications are typically in plain text. It is unlikely you will use infrared communications; if you do, however, be cautious of transmitting valuable or sensitive data. Some modern mobile phones continue to include an infrared port for use as a transmitter for controlling televisions and other A/V entertainment equipment.
What are the four primary infrastructure modes in a wireless network
Infrastructure mode includes several variations, including stand-alone, wired extension, enterprise extended, and bridge.
What is infrastructure mode in a wireless network
Infrastructure mode means that a WAP is required, wireless NICs on systems can't interact directly, and the restrictions of the WAP for wireless network access are enforced.
What is custom firmware
Mobile devices come preinstalled with a vendor- or telco-provided firmware or core operating system. If a device is rooted or jailbroken, it can allow the user to install alternate custom firmware in place of the default firmware. Custom firmware may remove bloatware included by the vendor or telco, add or remove features, and streamline the OS to optimize performance.
Why should payment methods be a security concern
Mobile payments are convenient for the shopper but might not always be a secure mechanism. Users should only employ mobile payment solutions that require a per-transaction confirmation or that require the device to be unlocked and an app launched in order to perform a transaction. Without these precautions, it may be possible to clone your device's contactless payment signals and perform transaction abuse.
What is the primary drawback of using a fat access point
Most fat access points require device-by-device configuration and thus are not as flexible for enterprise use.
What is carrier unlock
Most mobile devices purchased directly from a telco are carrier locked. This means you are unable to use the device on any other telco network until the carrier lock is removed or carrier unlocked.
What security risks does the recording microphone
Most mobile devices with a speaker also have a microphone. The microphone can be used to record audio, noise, and voices nearby. Many devices also support external microphones connected by a USB adapter or a 1/8″ stereo jack. If microphone recording is deemed a security risk, this feature should be disabled using an MDM or deny presence of mobile devices in sensitive areas or meetings.
What is Multimedia Messaging Service (MMS)
Multimedia Messaging Service (MMS) is a communication function provided by telcos and commonly used on mobile devices. MMS allows for images, video, and potentially other files to be sent to a recipient along with text messages.
How does Near field communication (NFC) work
Near field communication (NFC) is a standard to establish radio communications between devices in close proximity. It lets you perform a type of automatic synchronization and association between devices by touching them together or bringing them within inches of each other. See the Chapter 1 section "NFC" for more. NFC is designed to be a secure communications system, and its signals are encrypted or encoded in most cases. NFC is not used to support ongoing or large data transmissions, such as WiFi, cellular, or even Bluetooth, so the risks are minimal simply based on its limited data transmission uses.
What is Network Access Control (NAC)
Network Access Control (NAC) means controlling access to an environment through strict adherence to and implementation of security policies. The goals of NAC are to prevent or reduce zero-day attacks, enforce security policy throughout the network, and use identities to perform access control.
What is open system authentication (OSA)
OSA means no real authentication is required. As long as a radio signal can be transmitted between the client and WAP, communications are allowed. It's also the case that wireless networks using OSA typically transmit everything in clear text, thus providing no secrecy or security.
What are 12 things that a company should be concerned with when deploying devices to its employees
The 12 things that a company should be concerned with when deploying devices to its employees are Data Ownership, Support Ownership, Patch Management, Antivirus Management, Forensics, Privacy, On-boarding/off-boarding, Adherence to Corporate Policies, User Acceptance, Architecture/Infrastructure Considerations, Legal Concerns, and Acceptable Use Policy.
What defines the two methods that wireless clients can use to authenticate to WAPs before normal network communications can occur across the wireless link
The IEEE 802.11 standard defines two methods that wireless clients can use to authenticate to WAPs before normal network communications can occur across the wireless link.
What information can be obtained with the ip/ifconfig command
The Linux command tools ifconfig and ip are used to manipulate the configuration settings of network interface cards. The ifconfig command is older and is slated to be replaced by the ip command. These tools can be used to show current NIC configuration, enable and disable an interface, set an IP address, and remove an IP address. The ip command can be used to perform many other network-related functions, including adding ARP cache entries, showing the routing table, and changing the routing table.
What is a beacon frame
The SSID is broadcast by the WAP via a special transmission called a beacon frame. This allows any wireless NIC within range to see the wireless network and initiate a connection with it.
What information can be obtained with the ipconfig command
The Windows command-line tool ipconfig is used to display IP configuration and make some modifications to the interface. The ipconfig command can display summary or full interface configurations, release a DHCP-assigned IP address, trigger a DHCP renewal of an IP address, purge the DNS cache, and show the contents of the DNS cache.
What is the arp command
The arp command is used to display or manipulate the contents of the ARP cache. The ARP cache shows the current table of associations between a MAC address and an IP address. With the arp tool you can view the current ARP cache, delete entries, or add new entries.
What is the primary benefit of using a thin access point
The benefit of using thin access points is that management, security, routing, filtering, and more can be concentrated in one location, while there may be dozens or more deployed thin access points throughout a facility.
What is the nmap command
The command nmap is a network mapper or port scanner. The nmap tool can be used to perform a wide range of network discovery and enumeration functions, including ping sweeping, port scanning, application identification, operating system identification, firewall and IDS evasion, and a plethora of script functions to discover details about target applications and OSs. Zenmap is a GUI interface to nmap.
What does the tcpdump command do
The command tool tcpdump is a raw packet-capturing utility found on Linux. It can be used to capture packets into a capture file. It supports command-line capture filters in order to collect specific packets. The output capture file can be examined by a number of other tools, including GUI packet analysis utilities such as Wireshark.
What is the nslookup or dig tool
The command-line tools nslookup and dig are used to perform manual DNS queries. The nslookup tool is found on Windows, and the dig tool is on Linux. These tools initially perform queries against the system's configured DNS server. However, it is possible to refocus the tools to an alternate DNS server to perform queries.
What are four guidelines that should be followed when seeking optimal antenna placement
The four guidelines that should be followed when seeking optimal antenna placement are: - Use a central location. - Avoid solid physical obstructions. - Avoid reflective or other flat metal surfaces. - Avoid electrical equipment.
What are the four load balancing techniques
The four load balancing techniques are Random choice, Round robin, Load monitoring, and Preferencing.
What is the full name of the CN that is in the LDAP-based directory services structure image below
The full name of the CN that is in the LDAP-based directory services structure image is common name. Picture
What is the full name of the DC that is in the LDAP-based directory services structure
The full name of the DC that is in the LDAP-based directory services structure is domain controller. Picture
What is a hardware security module (HSM)
The hardware security module (HSM) is a cryptoprocessor used to manage and store digital-encryption keys, accelerate crypto operations, support faster digital signatures, and improve authentication.
What is the load balancing technique of Round robin
The load balancing technique of Round robin is when each packet or connection is assigned the next destination in order, such as 1, 2, 3, 4, 5, 1, 2, 3, 4, 5, and so on.
What is the load balancing technique of load monitoring
The load balancing technique of load monitoring is when each packet or connection is assigned a destination based on the current load or capacity of the targets. The device/path with the lowest current load receives the next packet or connection.
What is the load balancing technique of random choice
The load balancing technique of random choice is when each packet or connection is assigned a destination randomly.
Why should on-boarding/off-boarding be addressed in a company's mobile device policy
The mobile device policy should address personal mobile device on-boarding and off-boarding procedures. Mobile device on-boarding includes installing security, management, and productivity apps along with implementing secure and productive configuration settings. Mobile device off-boarding includes a formal wipe of the business data along with the removal of any business-specific applications. In some cases, a full device wipe and factory reset may be prescribed.
Why should privacy and monitoring be addressed in a company's mobile device policy
The mobile device policy should address privacy and monitoring. When a personal device is used for business tasks, the user often loses some or all of the privacy they enjoyed prior to using their mobile device at work. Workers may need to agree to be tracked and monitored on their mobile devices, even when not on company property and outside of work hours. A personal device in use under the mobile device policy should be considered by the individual to be quasi-company property.
Why should Acceptable Use Policies be addressed in a company's mobile device policy
The mobile device policy should either reference the company acceptable use policy or include a mobile device-specific version focusing on unique issues. With the use of personal mobile devices at work, there is an increased risk of information disclosure, distraction, and accessing inappropriate content. Workers should remain mindful that the primary goal when at work is to accomplish productivity tasks.
What is the netcat command
The netcat command is a flexible network utility used to write to or read from TCP and UDP network connections. Its command tool is just nc. This tool can be used to redirect standard input and output over network pathways, even for tools and utilities which do not have network capabilities natively. In addition to redirecting input and output, it can also be used as a basic port scanner, perform file transfers, act as a port listener, and even serve as a remote control backdoor.
What information can be obtained with the nmap tool
The nmap tool can be used to detect the presence of systems by performing an array of port scans.
What information can be obtained with the nslookup or dig tool
The nslookup or dig tool might be used to determine whether the rogue machine is registered with the directory service's DNS system.
What is a transport mode VPN
The other main type of VPN is the transport mode VPN. It provides end-to-end encryption and can be described as a host-to- host VPN. In this type of VPN, all traffic is fully encrypted between the endpoints, but those endpoints are only individual systems, not organizational networks.
What is the primary function of Domain Name System Security Extensions (DNSSEC)
The primary function of Domain Name System Security Extensions (DNSSEC) is to provide reliable authentication between devices when performing DNS operations.
What is an omnidirectional pole antenna
The standard straight or pole antenna is an omnidirectional antenna that can send and receive signals in all directions perpendicular to the line of the antenna itself. This is the type of antenna found on most base stations and some client devices. It's sometimes also called a base antenna or a rubber duck antenna (because most such antennas are covered in a flexible rubber coating).
What information can be obtained with the tcpdump tool
The tcpdump tool can be run to collect packets sent to or received from the target system.
What are the three types of firewalls
The three basic types of firewalls are packet filtering, circuit-level gateway, and application-level gateway. A fourth type combines features from these three and is called a stateful inspection firewall.
What are the three elements that IKE is composed of
The three elements that IKE is composed of are Oakley, SKEME, and ISAKMP.
What are the three rules that a filter can have
The three rules that a filter can have are allow, deny, or log.
What information can be obtained with the tracert command
The tracert command can be used to determine the router closest to the target system. The command tracert (Windows) or traceroute (Linux) is used to discover the route between a local system and a remote system. tracert uses the ICMP protocol. It sends toward the destination the same ICMP Type 8 echo request that is used by
What are the two common applications of cryptography to secure electronic mail
The two common applications of cryptography to secure electronic mail are Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol which is the emerging standard for encrypted messages and Phil Zimmerman's Pretty Good Privacy (PGP) which is the other popular email security protocol.
What are the two main types of antennas
The two main types of antennas are omnidirectional pole antennas and directional antennas.
What are the two methods that wireless clients can use to authenticate to WAPs before normal network communications can occur across the wireless link
The two methods that wireless clients can use to authenticate to WAPs before normal network communications can occur across the wireless link are open system authentication (OSA) and shared key authentication (SKA).
What are the two wireless frequencies
The two wireless frequencies are 2.4 GHz and 5.0 GHz.
Why are there security issues with third-party app stores
Third-party app sources represent a significant increase in risk of data leakage or malware intrusion to an organizational network.
What are the three main parts of fully qualified domain names (FQDNs)
Top-level domain (TLD, Registered domain name, and Subdomain(s) or hostname
What port does Transport Layer Security (TLS) protocol use for communications
Transport Layer Security (TLS) protocol uses either port 443 or 80 for communications.
What is Trivial File Transfer Protocol (TFTP)
Trivial File Transfer Protocol (TFTP) is a simple file-exchange protocol that doesn't require authentication.
What are the two primary protocols of IPSec
Two of the primary protocols of IPSec are Authentication Header (AH) and Encapsulating Security Payload (ESP).
What is URL filtering
URL filtering, also known as web filtering, is the act of blocking access to a site based on all or part of the URL used to request access. URL filtering can focus on all or part of a fully qualified domain name (FQDN), specific path names, specific filenames, specific file extensions, or entire specific URLs. Many URL-filtering tools can obtain updated master URL block lists from vendors as well as allow administrators to add or remove URLs from a custom list.
How does USB (Universal Serial Bus) work for communications
USB (Universal Serial Bus) is a standard for connecting peripheral devices and primary computers over a wired link. USB is almost always a connection option for devices manufactured since 2000. There are a range of specifications and adapter/connection variations. Although USB is an easy-to-use mechanism for exchanging data between devices, it does not provide any security over the data transfer. Once devices are connected via USB, they typically appear in standard file management tools as USB storage devices, where reading and writing of data can take place. The only real protection provided by USB is that it is a wired connection as opposed to wireless and that an encrypted and screen-locked device is likely to disable the USB port. Only when the screen lock is cleared does the USB port become enabled for data exchange.
What is USB On-The-Go (OTG)
USB On-The-Go (OTG) is a specification that allows mobile devices with a USB port to act as a host and use other standard peripheral USB equipment, such as storage devices, mice, keyboards, and digital cameras.
What issues can unauthorized software cause
Unauthorized software can be a cause of malware infection or a violation of use licenses.
What are some common ICMP types
picture
What are the speeds, and frequencies of 802.11, 802.11a, 802.11b, 802.11g, 802.11n, and 802.11ac, and 802.11ad
picture
What is a basic service set identifier (BSSID)
A basic service set identifier (BSSID)
What is loop protection
A loop in networking terms is a transmission pathway that repeats itself. Loop protection includes STP for Ethernet and the IP header TTL value.
What is a network scanner
A network scanner is usually a form of port scanner which adds enumeration techniques in order to inventory the devices found on a network.
What are switches
A switch is a networking device used to connect other devices together and potentially implement traffic management on their communications. It receives signals in one port and transmits them out the port where the intended recipient is connected. Switches are often used to create virtual local area networks (VLANs).
What is a thin access point
A thin access point is little more than a wireless transmitter/receiver, which must be managed from a separate external centralized management console. Most of the management functions have been shifted to an offloading management device so the wireless access point only has to handle the radio signals.
What is a traditional network bridges
A traditional network bridge was a device used to link local LANs together. Another new concern that is related to bridging is when a single system has two active network interfaces.
What is a wired-extension mode infrastructure in a wireless network
A wired extension mode infrastructure occurs when the WAP acts as a connection point to link the wireless clients to the wired network.
What are access violations
An access violation can be either an unauthorized logon event or an unauthorized resource access event.
What are the two types of asset tracking
An asset-tracking system can be passive or active.
What is an exploitation framework
An exploitation framework is a vulnerability scanner that is able to fully exploit the weaknesses it discovers.
What is containerization
Containerization is the next stage in the evolution of the virtualization trend for internally hosted systems and cloud providers/services.
What is content inspection
Content inspection is the security-filtering function in which the contents of the application protocol payload are inspected. Often such inspection is based on keyword matching. A master blacklist of unwanted terms, addresses, or URLs is used to control what is or isn't allowed to reach a user.
What is mobile device content management
Content management involves controlling mobile devices and their access to content hosted on company systems, as well as controlling access to company data stored on mobile devices.
What is context-aware authentication
Context-aware authentication is an improvement on traditional authentication means. Contextual authentication evaluates the origin and context of a user's attempt to access a system. If the user originates from a known trusted system, such as a system inside the company facility, then a low-risk context is present and a modest level of authentication is mandated for gaining access. If the context and origin of the user is from an unknown device and/or external/unknown location, the context is high risk. The authentication system will then demand that the user traverse a more complex multifactor authentication gauntlet in order to gain access. Context-aware authentication is thus an adaptive authentication that may be able to reduce the burden of authentication during low-risk scenarios but thwart impersonation attempts during high-risk scenarios.
What is mobile device context-aware authentication
Context-aware authentication is an improvement on traditional authentication means. Contextual authentication will evaluate the origin and context of a user's attempt to access a system.
What are controller based access points
Controller-based wireless access points are thin access points that are managed by a central controller.
What is a transparent proxy
If a client is not configured to send queries directly to a proxy but the network routes outbound traffic to a proxy anyway, then a transparent proxy is in use.
What is an extended basic service set identifier (ESSID)
If multiple base stations or WAPs are involved in the same wireless network, an ESSID is defined.
What are media gateways
A media gateway is any device or service that converts data from one communication format to another. A media gateway is often located at the intersection of two different types of networks.
What is antivirus software
Antivirus software is an essential security application. Antivirus software is one example of a host IDS. It monitors the local system for evidence of malware in memory, in active processes, and in storage.
What is implicit deny
Implicit deny is the default security stance that says if you aren't specifically granted access to or privileges for a resource, you're denied access by default.
What mobile device operating system would have a jailbroken device
Android is the mobile operating system that would have a jailbroken device on it.
What is SPAM
Spam is undesired or unsolicited email.
What are the two detection mechanisms
Signature detection and Anomaly detection
What is a network bridge
A traditional network bridge was a device used to link local LANs together. The local LANs were originally hub-based networks. With the implementation of switches, the network bridge is no longer a common device used in a typical network deployment.
What is data execution prevention (DEP)
Data execution prevention (DEP) is a memory security feature of many operating systems aimed at blocking a range of memory abuse attacks, including buffer overflows. DEP blocks the execution of code stored in areas of memory designated as data-only areas.
What is data loss prevention (DLP)
Data loss prevention (DLP) is the idea of systems specifically implemented to detect and prevent unauthorized access to, use of, or transmission of sensitive information. DLP can include hardware and software elements designed to support this primary goal.
What is a mail gateway
A mail gateway or email gateway is an add-on security filter used to reduce the risk of malicious and wasteful emails. A mail gateway filters out malware, phishing scams, and spam messages from inbound mail before they are deposited into a recipient's inbox folder.
What are MAC filters
A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices.
What is a yagi antenna
A Yagi antenna is similar in structure to a traditional roof TV antenna; it's crafted from a straight bar with cross sections to catch specific radio frequencies in the direction of the main bar.
What is a banner grab
A banner grab occurs when a request for data or identity is sent to a service on an open port and that service responds with information that may directly or indirectly reveal its identity.
What is a bridge mode infrastructure in a wireless network
A bridge mode infrastructure occurs when a wireless connection is used to link two wired networks. This often uses dedicated wireless bridges and is used when wired bridges are inconvenient, such as when linking networks between floors or buildings.
How does a cellular network work
A cellular network or a wireless network is the primary communications technology that is used by many mobile devices, especially cell phones and smartphones. The network is organized around areas of land called cells, which are centered around a primary transceiver, known as a cell site, cell tower, or base station. Cellular communications can support audio, text, and data transmissions. The services provided over cellular networks are often referred to by a generational code, which is only loosely defined, such as 2G, 3G, and 4G (with 5G just starting to be implemented in 2017). These generational terms are used to refer to the communications technology deployed by each subsequent improvement of the networks. For example, 2G refers to Global System for Mobile Communications (GSM), which is still used to support a majority of audio communications; 3G refers to Universal Mobile Telecommunications System (UMTS); and 4G refers to Long-Term Evolution (LTE). Generally, cellular service is encrypted, but only while the communication is being transmitted from the mobile device to a transmission tower. Communications are effectively plain text once they are being transmitted over wires. So, avoid performing any task over cellular that is sensitive or confidential in nature. Use an encrypted communications application to pre-encrypt communications before transmitting them over a cellular connection.
What are configuration compliance scanners
A configuration compliance scanner is a form of manually operated NAC. It is a tool that quickly scans a system to check whether or not approved updates and patches are installed and whether the system is in compliance with security and general system configuration settings.
How can poorly configured content filters be used to target an organization
A content filter can fail when it is not properly or thoroughly checking communications. A content filter should be positioned in a network architecture where it is able to gain access to the plain text payload of the application protocol. Otherwise, if the content filter is unable to view the application protocol payload or the payload is encrypted, the filter will not be properly applied. It is also possible to bypass content filters using alternate encoding techniques, such as Hex or Unicode. Be sure that the content filter is checking not just for direct specific ASCII matches, but also for processed results.
What is a corporate-owned mobile strategy
A corporate-owned mobile strategy is when the company purchases mobile devices that can support compliance with the security policy. These devices are to be used exclusively for company purposes, and users should not perform any personal tasks on the devices.
What is a fat access point
A fat access point is a base station that is a fully managed wireless system, which operates as a stand-alone wireless solution.
What is a flashcard
A flashcard, or memory card, is a form of storage that uses EEPROM or NVRAM memory chips in a small-form-factor case. Flashcards often use USB connectors or are themselves inserted into devices, such as MP3 players and digital cameras. Some flashcards are almost as small as a quarter and are therefore easy to conceal.
What is a honeypot
A honeypot is a fictitious environment designed to fool attackers and intruders and lure them away from the private secured network. The purpose of deploying a honeypot is to provide an extra layer of protection for your private network and to gather sufficient evidence for prosecution against malicious intruders and attackers.
What are HIDS/HIPS
A host-based IDS (HIDS) monitors a local machine for symptoms of unwanted activity.
What is a host-based firewalls
A host-based or personal software firewall is a security application that is installed on client systems. A client firewall is used to provide protection for the client system from the activities of the user and from communications from the network or Internet.
What is a hotfix
A hotfix is often a single-issue update (however, there are some multi-issue hotfixes) that corrects a single problem. Hotfixes aren't as thoroughly tested as other updates—they're quickly designed and released to deal with immediate issues and problems.
Why should logs and event anomalies be monitored?
A securely managed environment should be recording logs of all system and user events. When an anomaly in the logged events is discovered, the response should address the specific violation. However, when the anomaly is with the logging system itself, this also requires specific and immediate attention. When the logging, auditing, and even tracking systems of the environment are malfunctioning, it may be prudent to block all external access to the system until the issue is resolved. If possible, restrict access to the more sensitive and valuable data systems as long as monitoring is not operational. Promptly determine whether the issue can be resolved from within the current system or if a backup version of the system needs to be restored to re-enable the logging mechanisms. Be sure to back up and preserve the logs as they currently exist. Verify that proper authorization is still assigned to the services performing the logging and auditing to ensure they can still write to the log files. Verify that there is sufficient storage capacity on the target drives. Recheck that user authorization is properly configured, which typically means that only specific administrators have any level of access to the log files. If your organization suspects intrusions, other security violations, or simply odd system or application behavior, it would be a good idea to review log files and event records for anomalies. Look for anything that stands out as atypical for the device, system, or network.
What is a site survey
A site survey is the process of investigating the presence, strength, and reach of WAPs deployed in an environment. This task usually involves walking around with a portable wireless device, taking note of the wireless signal strength, and mapping it on a plot or schematic of the building.
What is a stand-alone access point
A stand-alone access point is a fat access point that handles all management functions locally on the device.
What is a stand-alone mode infrastructure in a wireless network
A stand-alone mode infrastructure occurs when there is a WAP connecting wireless clients to each other but not to any wired resources. The WAP serves as a wireless hub exclusively.
What is a VPN
A virtual private network (VPN) is a communication tunnel between two entities across an intermediary network. In most cases, the intermediary network is an untrusted network, such as the Internet, and therefore the communication tunnel is also encrypted.
What is a vulnerability scanner
A vulnerability scanner is a tool used to scan a target system for known holes, weaknesses, or vulnerabilities. These automated tools have a database of attacks, probes, scripts, and so on that are run against one or more systems in a controlled manner.
What is a web application firewall
A web application firewall is a device, server add-on, virtual service, or system filter that defines a strict set of communication rules for a website and all visitors. It's intended to be an application-specific firewall to prevent cross-site scripting, SQL injection, and other web application attacks.
What is a web security gateway
A web security gateway is a web-content filter (often URL and content keyword-based) that also supports malware scanning. In most cases, a web security gateway is implemented by an organization to provide better enforcement of employee web activity policies. Some web security gateways incorporate non-web features as well, including instant messaging (IM) filtering, email filtering, spam blocking, and spoofing detection.
What is a wireless access point
A wireless access point is the network management device that supports and manages an infrastructure mode wireless network.
What is the connection between wireless scanners and wireless crackers
A wireless scanner is used to detect the presence of a wireless network. Once a wireless network is discovered, WEP network encryption can be compromised with a wireless cracker in moments, due to its poor implementation of RC4. WPA networks, which are also based on RC4, are better, but their encryption can be cracked in less than 12 hours.
How does ANT work for communications
ANT is a proprietary protocol owned by Garmin that is an open access multicast sensor network technology. It uses the 2.4 GHz frequency band to support interactions between sensor devices and management devices (such as a smartphone). It is similar in nature to Bluetooth LE (Low Energy), but with a primary focus on gathering data from low-power and low-bit-rate sensors. ANT is found in many fitness trackers, heart rate monitors, watches, cycling meters, and pedometers. ANT offers the ability to encrypt communications, but it is not always enabled. Some implementations of ANT, such as ANT+, do not offer any encryption options because they focus on cross-vendor interoperability rather than security. Similar to NFC, ANT has limited risk due to its current use limitations. However, always be cautious when using any plain text communications system.
What is an ad hoc network
Ad hoc mode means that any two wireless networking devices, including two wireless network interface cards (NICs), can communicate without a centralized control authority.
What are advanced malware tools
Advanced malware tools may relate to scanners that include ransomware, rootkits, and potentially unwanted programs (PUPs) in their detection database.
What is adware
Adware, although quite similar to spyware in form, has a different purpose. It uses a variety of techniques to display advertisements on infected computers. The simplest forms of adware display pop-up ads on your screen while you surf the Web. More nefarious versions may monitor your shopping behavior and redirect you to competitor websites.
What are the issues associated with baseline deviation
All company systems should be operating within expected parameters and compliant with a defined baseline. If a system is determined to be out of baseline, the system should be removed from the production network in order to investigate the cause.
What are SSL decryptors
An SSL decryptor or TLS decryptor is a dedicated device used to decode secure communications for the purpose of filtering and monitoring.
What is an active asset tracking system
An active asset tracking system uses a polling or pushing technology to send out queries to devices in order to elicit a response.
What is an active tool
An active tool, technique, or technology is one that intercedes in a situation in order to alter events or chance outcomes. This can include altering settings, opening or closing ports, rebooting devices, restarting services, launching applications, disconnecting clients, restoring data, and so on. Active actions or tools affect the event and are thus detectable by the event or the subjects of the event.
What is antispam software
Antispam software is a variation on the theme of antivirus software. It specifically monitors email communications for spam and other forms of unwanted email in order to stop hoaxes, identity theft, waste of resources, and possible distribution of malicious software.
What is asset management
Asset management is the process of keeping track of the hardware and software implemented by an organization. This management process is used to ensure that updates, revisions, replacements, and upgrades are properly implemented as well as to make sure that all company assets are accounted for. If asset management fails, new equipment may be obtained unnecessarily as sufficient equipment is on premises, but not inventoried properly. This could result in loss, theft, or mistakenly discarding equipment misidentified as excess or old that is actually needed for business tasks.
What is asset tracking
Asset tracking is the management process used to maintain oversight over an inventory, such as deployed mobile devices.
How can misconfigured devices be used to target an organization
Attackers will take every advantage possible when attempting to violate a target organization. This includes seeking out misconfigured devices to be used as a point of intrusion. A misconfigured device may interfere with normal communications or may allow for security breaches.
What is Authentication Header (AH)
Authentication Header (AH) provides authentication of the sender's data
What are authentication issues
Authentication is a key element in system security. Authentication is the first element of AAA services, which also include authorization and accounting. Without reliable authentication, it is not possible to hold users accountable for their actions.
What are backup utilities used for
Backup utilities create backups of data on alternate storage devices.
What is banner grabbing
Banner grabbing is the process of capturing the initial response or welcome message from a network service. Often the banner discloses the application's identity, version information, and potentially much more.
What are biometrics
Biometrics are a convenient means of authenticating to mobile devices. However, they are not as accurate as we may wish them to be. A biometric only has to satisfy an approximation of the reference profile of the stored biometric value. This is why your finger does not have to be oriented in the same way each time, nor does the same exact part of your finger have to be located on the sensor. Even when you train the device for your biometric factor, the device takes numerous samples from your selected body part to create the reference profile. Most of the biometric sensors on mobile devices are rather simple and can be fooled by false versions of the biometric factor. If someone lifts your fingerprint off a smooth surface, like a drinking glass or tabletop, they can create a gummy equivalent. Many facial recognition systems can be fooled by photos of the valid subjects.
How does Bluetooth work
Bluetooth is defined in IEEE 802.15 and uses the 2.4 GHz frequency (which is also used by some forms of WiFi). Bluetooth is plain text by default in most implementation and usage scenarios, but can be encrypted with specialty transmitters and peripherals. Bluetooth operates between devices that have been paired, which is a means of loosely associating devices with each other either using a default pair code, often 0000 or 1234, or a random 8-character code displayed on one device that must be typed into the other device. Bluetooth is generally a short distance communication method, but that distance is based on the relative strengths of the paired devices' antennas. Standard or official use of Bluetooth ranges up to 100 meters; 10 meters is most common.
What is bring your own device (BYOD)
Bring your own device (BYOD) is a policy that allows employees to bring their own personal mobile devices to work and then use those devices to connect to (or through) the company network to access business resources and/or the Internet. Although BYOD may improve employee morale and job satisfaction, it increases security risks to the organization. Related issues include data ownership, support ownership, patch management, antivirus management, forensics, privacy, on- boarding/off-boarding, adherence to corporate policies, user acceptance, architecture/infrastructure considerations, legal concerns, acceptable use policies, and onboard cameras and video.
What is corporate owned, personally enabled (COPE)
COPE stands for corporate owned, personally enabled. It allows the organization to purchase devices and provide them to employees. Each user is then able to customize the device and use it for both work activities and personal activities.
What is choose your own device (CYOD)
CYOD stands for choose your own device. This concept provides users with a list of approved devices from which to select the device to implement.
What is a cantenna antenna
Cantenna antennas are constructed from tubes with one sealed end. They focus along the direction of the open end of the tube. Some of the first cantennas were crafted from Pringles cans.
What issues are there with the troubleshooting of certificate issues
Certificate issues can be related to a wide range of potential misconfigurations, policy violations, or missing information.
What is data loss prevention (DLP)
Data loss prevention (DLP) is the system designed to reduce the occurrence of and/or prevent data loss or data leakage to external unauthorized entities. If a violation of DLP occurs, its report should indicate the data that was involved, the user(s) related to the breach, and the applications involved in the exfiltration.
What is data sanitization
Data sanitization is the concept of removing data from a storage device so that it is no longer recoverable.
What is File Transport Protocol (FTP)
File Transport Protocol (FTP) is an in-the-clear file-exchange solution. An FTP server system is configured to allow authenticated or anonymous FTP clients to log on in order to upload or download files.
What is file integrity checking
File integrity checking is the activity of comparing the current hash of a file to the stored/previous hash of a file.
Why do legal concerns be addressed in a company's mobile device policy
Company attorneys should evaluate the legal concerns of mobile devices. Using personal devices in the execution of business tasks probably means an increased burden of liability and risk of data leakage. Mobile devices may make employees happy, but they might not be worthwhile or cost-effective for the organization.
How does mobile device containerization work
Containerization can be used in relation to mobile devices by hosting the primary OS on a containerization host in the company cloud; then the actual mobile device is used only as a remote-control interface to the OS container, rather than having the business apps and company data on the device itself.
What is IPv6
IPv6 uses a 128-bit addressing scheme, eliminates broadcasts and fragmentation, and includes native communication-encryption features.
Why is data ownership a security concern
Data Ownership is a security concern because when a personal device is used for business tasks, comingling of personal data and business data is likely to occur. Some devices can support storage segmentation, but not all devices can provide data-type isolation. Establishing data ownership can be complicated.
What are data emanations
Data emanation is the transmission of data across electromagnetic signals. Almost all activities within a computer or across a network are performed using some form of data emanation.
What ports does File Transport Protocol (FTP) utilize for communications
FTP utilizes TCP ports 20 and 21.
What is FTP Secure or FTP SSL (FTPS)
FTPS is FTP Secure or FTP SSL, which indicates that it's a variation of FTP secured by SSL (or now TLS). This FTP service variation is distinct from SFTP, which is SSH-secured FTP.
What is a hard drive
Hard drives are usually thought of as a computer's permanent internal storage device. This is true, but hard drives are also available in removable formats. These include hard drives that are plugged into the case or attached by SCSI, eSATA, USB, or IEEE 1394 (FireWire) connections with their own external power-supply connections.
How do hashing attacks work
Hashing can be attacked using reverse engineering, reverse hash matching, or a birthday attack. These attack methods are commonly used by password-cracking tools.
What is relationship between IDS and analytics
IDS analytics is the review, investigation, and understanding of the results from an IDS. An IDS will consider an event or traffic either benign or malicious and in turn will either trigger an alarm/response or not. This allows for four possible result states from an IDS; the first two are true positive and the latter two are true negative. The most desired is the true negative, in which only benign events are occurring and no alarms are sounding. The second most desired state is the true positive, when malicious events are occurring and the alarm is sounding.
What are the two modes that that IPSec can operate in
IPSec can operate in two modes: tunnel mode and transport mode.
What is IPv4
IPv4 is in widespread use with a 32-bit addressing scheme and operates at the Network layer or Layer 3 of the OSI protocol stack.
What is Internet Control Messaging Protocol (ICMP)
Internet Control Messaging Protocol (ICMP) is a network health and link-testing protocol. It operates in Layer 3 as the payload of an IP packet. ICMP is the protocol commonly used by tools such as ping, traceroute, and pathping.
What port does Internet Message Access Protocol (IMAP) use
Internet Message Access Protocol (IMAP) uses port 143.
What port does SSL/TLS encrypted Internet Message Access Protocol (IMAP) use
Internet Message Access Protocol (IMAP) uses port 993.
What port does SSL/TLS encrypted Post Office Protocol (POP) use
Internet Message Access Protocol (IMAP) uses port 995.
What is Pretty Good Privacy (PGP)
It is another popular email and security protocol that is proprietary, open-source email security solution
What are some permission issues
It is important to assign permissions so that users have sufficient privileges to accomplish their work tasks, but do not have any substantial additional capabilities. This is known as the principle of least privilege.
What is the primary issue of unencrypted credentials
It is no longer an acceptable practice to allow authentication to take place over a plain-text or clear-text communication channel. All authentication, without exception, should be encrypted.
What is the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol
It is the emerging standard for encrypted messages and is an Internet standard for encrypting and digitally signing email. S/MIME takes the standard MIME element of email, which enables email to carry attachments and higher-order textual information (fonts, color, size, layout, and so on), and expands this to include message encryption. S/MIME uses a hybrid encryption system that combines RSA (an asymmetric encryption scheme) and AES (a symmetric encryption algorithm) to encrypt and protect email.
What port does Trivial File Transfer Protocol (TFTP) operate on
It operates on UDP port 69.
What is LDAPS (LDAP Secured)
LDAPS (LDAP Secured) is accomplished by enabling the Simple Authentication and Security Layer (SASL) on LDAP, which implements Transport Layer Security (TLS) on the authentication of clients as well as all data exchanges.
What is the issue of license compliance violation
License compliance is important to an organization in order to avoid legal complications. All software in use on company equipment needs to be used in accordance with its license.
What is Lightweight Directory Access Protocol (LDAP)
Lightweight Directory Access Protocol (LDAP) is used to allow clients to interact with directory service resources. LDAP is based on x.500 and uses TCP ports 389 and 636. It uses a tree structure with a district root.
How does lockout on mobile device work
Lockout on a mobile device is similar to account lockout on a company workstation. When a user fails to provide their credentials after repeated attempts, the account or device is disabled (locked out) for a period of time or until an administrator clears the lockout flag.
What is malware inspection
Malware inspection is the use of a malware scanner (also known as an antivirus scanner or spyware scanner) to detect unwanted software content in network traffic. If malware is detected, it can be blocked or logged and/or trigger an alert.
What are the security risks associated with External Media such as removable storage
Many mobile devices support removable storage. Some smartphones support microSD cards whereas most larger mobile devices, such as tablets and notebook computers, support SD cards and other media card formats, which can be used to expand available storage on a mobile device.
What is mobile device management (MDM)
Mobile device management (MDM) is a software solution to the challenging task of managing the myriad mobile devices that employees use to access company resources.
What mobile device operating system are devices rooted on
Mobile device operating system are devices rooted on Apple iOS
What is spyware
Spyware monitors your actions and transmits important details to a remote system that spies on your activity.
What are panel antennas
Panel antennas are flat devices that focus from only one side of the panel.
What are parabolic antennas
Parabolic antennas are used to focus signals from very long distances or weak sources.
What is a passive asset tracking system
Passive asset tracking systems rely on the asset itself to check in with the management service on a regular basis, or the device is detected as being present in the office each time the employee arrives at work.
Why is patch management a security concern
Patch management is a security concern because the mobile device policy should define the means and mechanisms of patch management for a personally owned mobile device. Is the user responsible for installing updates? Should the user install all available updates? Should the organization test updates prior to on-device installation? Are updates to be handled over the air (via service provider) or over WiFi?
What are patch management tools
Patch management is the formal process of ensuring that updates and patches are properly tested and applied to production systems.
What is patch management
Patch management is the formal process of ensuring that updates and patches are properly tested and applied to production systems.
Why can personnel issues cause problems
People are always the weakest link in security—they can make mistakes, be fooled into causing harm, or intentionally violate company security.
What are permissions or privileges
Permissions or privileges are abilities granted to users over individual objects, such as files and printers.
How can personal email be a security vulnerability
Personal email can also serve as a distraction, a means to disclose data to outsiders, or a method by which malware infection can occur. In addition to the steps discussed in the previous sections, it may be necessary to block access to personal email on company equipment.
What does IPSec's encryption of a packet in transport mode look like
Picture
How can weak security configurations pose a threat to an organization
Poor or weak security configurations are to be avoided. Old or nonstandard compliance features should be disabled and replaced with current standards-compliant security settings. This may require upgrading equipment, updating firmware, and electing to set more robust configurations that might block older systems from being able to gain access.
Why should you be worried about port security in IT
Port security in IT can mean several things. It can mean the physical control of all connection points, such as RJ-45 wall jacks or device ports (such as those on a switch, router, or patch panel), so that no unauthorized users or unauthorized devices can attempt to connect into an open port. Another option is to use a smart patch panel that can monitor the MAC address of any device connected to each wall port across a building and detect not just when a new device is connected to an empty port, but also when a valid device is disconnected or replaced by an invalid device. Another meaning for port security is the management of TCP and User Datagram Protocol (UDP) ports. If a service is active and assigned to a port, then that port is open. All the other 65,535 ports (of TCP or UDP) are closed if a service isn't actively using them. Port security can also refer to port knocking, a security system in which all ports on a system appear closed. Port security can also refer to the need to authenticate to a port before being allowed to communicate through or across the port. This may be implemented on a switch, router, smart patch panel, or even a wireless network.
What port does Post Office Protocol (POP) use
Post Office Protocol (POP) uses port 110.
What are push notifications for mobile devices
Push notification services are able to send information to your device rather than having the device (or its apps) pull information from an online resource.
What is a recordable compact disks (CD-Rs)
Recordable compact disks (CD-Rs) include the wide range of optical media that can be written to. These include CDR, CD- RW, DVD-R, DVD-RW, Blu-Ray disc recordable (BD-R), and numerous other variants. Writable CDs and DVDs are often inappropriate for network backups due to their size (a maximum of 650 MB for CD-R/RW and 4 GB or more for DVD-R/RW), but they're useful for personal (home) or client-level backups. BD-Rs have a capacity of 25 GB to 50 GB, which can prove useful in some environments (such as SoHo), but they aren't a widely implemented solution. Regardless, the data on a CD isn't protected and thus is vulnerable to unauthorized access if you don't maintain physical control over the media.
Why should a mobile device remote wipe be performed
Remote wipe or remote sanitation should be performed if a device is lost or stolen. A remote wipe lets you delete all data and possibly even configuration settings from a device remotely.
What is removable media control
Removable media drives, and removable storage in general, are considered both a convenience and a security vulnerability. The ability to add storage media to and remove it from a computer system makes it more versatile. However, using removable media also makes the hosted content vulnerable to data theft and malicious code planting.
What is rooting and jailbreaking
Rooting or jailbreaking is the action of breaking the digital rights management (DRM) security on the bootloader of a mobile device in order to be able to operate the device with root or full-system privileges.
What are routers
Routers enable traffic from one network segment to traverse into another network segment. However, the traffic must pass through the router's filters in order to make the transition.
How does a SATCOM work
SATCOM, or satellite communication, is a means of audio and data transmission using satellites orbiting in near-earth orbit. SATCOM devices benefit from nearly complete service coverage, thanks to the broad footprint of a signal transmitted from 100+ miles above the surface of the planet. The data transmission speeds of SATCOM are rather poor compared to those of terrestrial solutions, but it may be the only available option in many remote locations.
What is shared key authentication (SKA)
SKA means that some form of authentication must take place before network communications can occur. The 802.11 standard defines one optional technique for SKA known as Wired Equivalent Privacy (WEP).
What are some of the security risks associated with SMS and MMS
SMS and MMS represent generally the same level of risk and benefit as that of email. It is a good idea to block attachments and file exchange, spam filtering is needed (although it may be called SPIM for Spam over Instant Messaging), social engineering defenses need to be established, and users must be trained on avoiding risk and minimizing distractions.
What is SPIM
SPIM is a term used to refer to spam over IM (instant messaging).
What is Secure Real-Time Transport Protocol or Secure RTP (SRTP)
SRTP (Secure Real-Time Transport Protocol or Secure RTP) is a security improvement over Real-Time Transport Protocol (RTP) that is used in many Voice over IP (VoIP) communications. SRTP aims to minimize the risk of VoIP DoS through robust encryption and reliable authentication.
What are SSL/TLS accelerators
SSL accelerators or TLS accelerators are used to offload the operation of encryption to a dedicated hardware device. This frees up resources on a server or system itself while still maintaining the security of the connection.
How is scheduling related to load balancing methods
Scheduling or load balancing methods are the means by which a load balancer distributes the work, requests, or loads among the devices behind it. Scheduling can be very basic, such as round-robin, or highly advanced and sophisticated, such as monitoring devices' reported loads, response times, active sessions, and other aspects of performance in order to maintain optimal workload distribution.
What is secure shell (SSH)
Secure Shell (SSH) is a secure replacement for Telnet, rlogon, rsh, and RCP. It can be called a remote- access or remote-terminal solution. SSH encrypts authentication and data traffic, and it operates over TCP port 22.
What are Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are used to encrypt traffic between a web browser and a web server. TLS is the updated replacement for Netscape's SSL. Through the use of SSL or TLS, web surfers can make online purchases, interact with banks, and access private information without disclosing the contents of their communications. SSL and TLS can make web transactions private and secure.
How is social media a security vulnerability
Social media can be a distraction as well as a potential vulnerability to an organization. Workers can easily waste time and system resources by interacting with social media when that task is not part of their job description. Social media can be a means by which workers intentionally or accidentally distribute internal, confidential, proprietary, or PII data to outsiders.
What port does Secure Sockets Layer (SSL) use for communications
Secure Sockets Layer (SSL) uses port 443 for communications.
What is Securing Post Office Protocol (POP) and Internet Message Access Protocol (IMAP)
Securing Post Office Protocol (POP) and Internet Message Access Protocol (IMAP) is accomplished by implementing TLS (or SSL in the past) encryption. This converts these protocols into POPS (or POP3S) and IMAPS (or IMAP4S) and also alters their ports
What is Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM) is a centralized application to automate the monitoring and real-time event analysis of network systems.
What are service packs
Service packs are collections of hotfixes and other previously unreleased updates and features as a single entity. They're thoroughly tested and generally should be applied to all systems once they're made available. Service packs may be cumulative, so you need to apply only the most recent service pack to keep your systems current. When a service pack isn't cumulative, it requires a specific base level of previous patches before it can be applied.
What is Short Messaging Service (SMS)
Short Messaging Service (SMS), also known as texting is a common communication function provided by telcos and commonly used on mobile devices.
What is sideloading
Sideloading is the activity of installing an app on a device by bringing the installer file to the device through some form of file transfer or USB storage method rather than installing from an app store.
What is the signature detection mechanisms
Signature detection compares event patterns against known attack patterns (signatures) stored in the IDS database.
What is Simple Network Management Protocol (SNMP)
Simple Network Management Protocol (SNMP) is a standard network-management protocol supported by most network devices and TCP/IP-compliant hosts. These include routers, switches, bridges, WAPs, firewalls, VPN appliances, modems, printers, and so on.
What are smartcards
Smartcards can be used for a wide variety of purposes. They can be used as an authentication factor (specifically, as a Type 2 authentication factor, commonly known as something you have). When used as such, the smartcard hosts a memory chip that stores a password, PIN, certificate, private key, or digital signature. The authentication system uses this stored data item to verify a user's identity. Smartcards are used as an authentication mechanism by networks, portable computers, PDAs, satellite phones, Public Key Infrastructure (PKI) devices, and more. A smartcard can even function as a credit card (like the American Express Blue card). A smartcard can also be used as a storage device. Most smartcards have a limited amount of storage, but sometimes, being able to move a few kilobytes of data is all someone needs to steal something of great value. Account numbers, credit card numbers, and a user's private key are all small items that can be very valuable. Any removable media can typically be secured using file-by-file encryption or whole-drive encryption
Why should you be concerned with mobile device security management
Smartphones and other mobile devices present an ever- increasing security risk as they become more and more capable of interacting with the Internet as well as corporate networks. Mobile devices are becoming the target of hackers and malicious code. A wide range of security features are available on mobile devices.
What is a sniffer
Sniffer may either be a synonym for protocol analyzer or may mean a distinct type of product. A sniffer is generally a packet- (or frame-) capturing tool, whereas a protocol analyzer is able to decode and interpret packet/frame contents.
What is a social engineering attack
Social engineering attacks can range from email communications to face-to-face encounters. Whenever a security breach occurs, an investigation should be performed to determine what was affected and whether the attack is ongoing.
What is mobile device storage segmentation
Storage segmentation is used to artificially compartmentalize various types or values of data on a storage medium. On a mobile device, the device manufacturer and/or the service provider may use storage segmentation to isolate the device's OS and preinstalled apps from user-installed apps and user data.
Why is antivirus management a security concern
Support Ownership is a security concern because the mobile device policy should dictate whether antivirus, antimalware, and antispyware scanners are to be installed on mobile devices. The policy should indicate which products and apps are recommended for use, as well as the settings for those solutions.
Why is support ownership a security concern
Support Ownership is a security concern because when an employee's mobile device experiences a failure, a fault, or damage, who is responsible for the device's repair, replacement, or technical support? The mobile device policy should define what support will be provided by the company and what support is left to the individual and, if relevant, their service provider.
What is TCP/IP
TCP/IP is the primary protocol suite in use on the Internet and most private networks across the planet.
What is a tape
Tape is a removable medium commonly used for backup purposes. It's a form of sequential storage, so data elements are written and read in sequential order rather than semirandomly as with hard drives. Tape media often support larger storage capacities than most removable media, excluding hard drives. This makes them suited for backup operations.
What is Telnet
Telnet is a terminal-emulation network application that supports remote connectivity for executing commands and running applications but doesn't support transfer of files.
What port does telnet operate over
Telnet uses TCP port 23.
What is tethering
Tethering is the activity of sharing the cellular network data connection of a mobile device with other devices. The sharing of data connection can take place over WiFi, Bluetooth, or USB cable.
What is the best way to protect your environment from known attacks and vulnerabilities
Using vendor updates to OSs, applications, services, protocols, device drivers, and any other software is the absolute bestway to protect your environment from known attacks and vulnerabilities.
What is virtual desktop infrastructure (VDI)
Virtual desktop infrastructure (VDI) is a means to reduce the security risk and performance requirements of end devices by hosting virtual machines on central servers that are remotely accessed by users.
What is virtual mobile infrastructure (VMI)
Virtual mobile infrastructure (VMI) is where the operating system of a mobile device is virtualized on a central server.
What is Hypertext Transfer Protocol over SSL or Hypertext Transfer Protocol Secured (HTTPS
When SSL or TLS is used to secure transactions, it's known as Hypertext Transfer Protocol over SSL or Hypertext Transfer Protocol Secured (HTTPS).
What is data exfiltration
When data exfiltration occurs, an outsider or unauthorized entity has gained access to internal data. This is a data loss or data leakage event.
Why should architecture and infrastructure considerations be addressed in a company's mobile device policy
When implementing a mobile device policy, organizations should evaluate their network and security design, architecture, and infrastructure. If every worker brings in a personal device, the number of devices on the network may double. This requires planning to handle IP assignments, communications isolation, data-priority management, increased intrusion detection system (IDS)/intrusion prevention system (IPS) monitoring load, as well as increased bandwidth consumption, both internally and across any Internet link. Most mobile devices are wireless enabled, so this will likely require a more robust wireless network and dealing with WiFi congestion and interference. A mobile device policy needs to be considered in light of the additional infrastructure costs it will trigger.
What is WiFi Direct
WiFi Direct is a means for wireless devices to connect directly to each other without the need for a middleman base station.
How does a wifi work
WiFi or wireless networking was originally defined by the IEEE 802.11 standard. WiFi is a nearly ubiquitous communication scheme available in most homes, offices, and public retail locations, such as restaurants and stores.
What is a service set identifier (SSID)
Wireless networks are assigned an SSID (either BSSID or ESSID) to differentiate one wireless network from another.
What are wireless channels
Within the assigned frequency of the wireless signal are subdivisions of that frequency known as channels. Wireless communications take place between a client and WAP over a single channel.
How is a site survey done
You perform a site survey by placing a wireless base station in a desired location and then collecting signal measurements from throughout the area. These measurements are overlaid onto a blueprint of the building to determine whether sufficient signal is present where needed while minimizing signals outside of the desired location. If the base station is adjusted, then the site survey should be repeated. The goal of a site survey is to maximize performance in the desired areas (such as within a home or office) while minimizing ease of access in external areas.
What mode should you use when you're connecting over an untrusted network
You should use tunnel mode when you're connecting over an untrusted network.
What are the common functions of ingress and egress filters
Common ingress and egress filters perform the following functions: - Blocking inbound packets claiming to have an internal source address - Blocking outbound packets claiming to have an external source address - Blocking packets with source or destination addresses listed on a block list (a list of known malicious IPs) - Blocking packets that have source or destination addresses from the local area network (LAN) but haven't been officially assigned to a host
What is 802.11
802.11 is the IEEE standard for wireless network communications. The 802.11 standard also defines Wired Equivalent Privacy (WEP).
What is a honeypot
A honeypot is a fictitious environment designed to fool attackers and intruders and lure them away from the private secured network.
What is a host-based IDS (HIDS)
A host-based IDS (HIDS) watches the audit trails and log files of a host system. It's reliable for detecting attacks directed against a host, whether they originate from an external source or are being perpetrated by a user locally logged into the host.
What is a layer 2 switch
A layer 2 switch is normally a Layer 2 device since it manages traffic based on the MAC address. A switch can create VLANs to segment off communications to only members of the same VLAN.
What is a layer 3 switch
A layer 3 switch is used when cross-VLAN communications are needed, a Layer 3 switch can be used; it provides routing between its own VLANs. Thus, a Layer 3 switch includes some router capabilities that it can offer to its VLANs.
What is a load balancer
A load balancer is used to spread or distribute network traffic load across several network links or network devices. The purpose of load balancing is to obtain optimal infrastructure utilization, minimize response time, maximize throughput, reduce overloading, and eliminate bottlenecks.
What are network-based firewalls
A network firewall is a hardware device, typically called an appliance, designed for general network filtering. A network firewall is designed to provide broad protection for an entire network.
What is a network-based IDS (NIDS)
A network-based IDS (NIDS) watches network traffic in real time. It's reliable for detecting network-focused attacks, such as bandwidth-based DoS attacks.
What is a nontransparent proxy
A nontransparent proxy is in use when a client is configured to send outbound queries directly to a proxy.
What is a packet filter firewall
A packet filter firewall filters traffic based on basic identification items found in a network packet's header. This includes source and destination IP address, port numbers, and protocols used. Packet-filtering firewalls operate at the Network layer (Layer 3) and the Transport layer (Layer 4) of the Open Systems Interconnection (OSI) model.
What is a Passive IPS or IPS
A passive IDS or IPS uses a promiscuous mode NIC to eavesdrop on network communication. A passive IDS is often deployed off the SPAN (Switched Port Analyzer) port on a switch, where it receives a copy of every communication occurring across the switch. Sometimes this port is called the auditing port, IDS port, or mirror port. This type of monitoring allows only for reactive responses to discovered problems, rather than proactive responses.
What is an in-band IDS
An in-band IDS is configured to monitor and filter both the pre-connect activities and the post-connect activities of each session. Pre-connect activities can include authentication as well as verifying compliance with minimal security requirements before a session is allowed to be established. Post-connect activities include traffic monitoring, content filtering, identity-based access controls, and ongoing verification that the connection that was granted is still valid and should be allowed to continue.
What is an access control list
Access control list (ACL) is a term that is normally used in the context of object permissions and privileges, but it is also used in relation to firewalls. The rules or filters on a firewall can be referred to as ACLs. Most cloud solutions or hosted systems use an ACL-based approach rather than traditional firewalling.
What is an ingress filter
An ingress filter is a traffic filter on packets coming into a secured area from outside (that is, inbound communications).
What are router access control lists
Access control lists (ACLs) are used to define who is allowed or denied permission to perform a specified activity or action. ACLs are commonly associated with object access but also apply to communications. In many cases, firewalls, routers, and switches use ACLs as a method of security management.
How is affinity related to load balancing
Affinity is a configured preference for a client request to be sent to a specific server within the cluster or device cloud managed by the load balancer. Affinity is implemented using information gathered from layers below the Application layer (Layer 7) to preference a client request to a specific server.
What is an inline IPS
An inline IPS has two interfaces and all traffic must traverse through the IPS. Traffic enters either interface, is evaluated by the IPS analysis engine, and then exits the other interface on its way to the destination. This technique enables the IPS to stop or block abusive traffic.
What is an intrusion detection system (IDS)
An intrusion detection system (IDS) is an automated system that either watches activity in real time or reviews the contents of audit logs in order to detect intrusions or security policy violations.
What is an out-of-band IDS
An out-of-band IDS is configured to perform pre-connect activity monitoring, but then not be involved with any post-connect activity monitoring.
What is the anomaly detection mechanisms
Anomaly detection watches the ongoing activity in the environment and looks for abnormal occurrences.
What is Encapsulating Security Payload (ESP)
Encapsulating Security Payload (ESP) provides encryption of the transferred data as well as limited authentication.
What are filters
Firewalls manage traffic using filters. A filter is just a rule or set of rules. Firewall filters can also be known as access control lists (ACLs) or tuples (collections of related data items). Firewalls usually have lots of filters, which are defined in a priority order. If a packet meets the identification criteria of a rule, the action of that rule is applied. If a packet doesn't meet the criteria of a rule, no action from that rule is applied, and the next rule is checked.
How are firewalls used
Firewalls provide protection by controlling traffic entering and leaving a network. They manage traffic using filters or rules.
What is the relationship between IDS and rules
IDS rules are used to define what is considered benign allowed traffic versus malicious/suspicious/abnormal disallowed traffic. Often anomaly detection is implemented through the defining of rules. Any event that meets a rule defining valid benign activity is allowed to occur, whereas any event that meets a rule defining suspicious activity is blocked, logged, or flagged for more detailed analysis.
What does IPSec do in transport mode
In transport mode, IPSec provides encryption protection for just the payload and leaves the original message header intact
What is transport mode
In transport mode, IPSec provides encryption protection for just the payload and leaves the original message header intact.
What does IPSec do in tunnel mode
In tunnel mode, IPSec provides encryption protection for both the payload and message header by encapsulating the entire original LAN protocol packet and adding its own temporary IPSec header.
What is tunnel mode
In tunnel mode, IPSec provides encryption protection for both the payload and the message header by encapsulating the entire original LAN protocol packet and adding its own temporary IPSec header.
What is Internet Key Exchange (IKE)
Internet Key Exchange (IKE) ensures the secure exchange of secret keys between communication partners in order to establish an encrypted VPN tunnel.
What is IPSec
Internet Protocol Security (IPSec) is a security architecture framework that supports secure communication over IP. IPSec establishes a secure channel in either transport mode or tunnel mode. It can be used to establish direct communication between computers or to set up a VPN between networks. IPSec isn't a single protocol but rather a collection of protocols.
What is Internet Security Association and Key Management Protocol (ISAKMP)
Internet Security Association and Key Management Protocol (ISAKMP) is used to negotiate and provide authenticated keying material (a common method of authentication) for security associations in a secured manner.
What are intrusion prevention systems (IPSs)
Intrusion prevention systems (IPSs) are designed to detect attempts to gain unauthorized access and stop the attempts from becoming successful. IPSs are generally used more actively; they interact and interfere with communications of unwanted entities.
What does IPSec's encryption of a packet in tunnel mode look like
picture
What are VPN concentrators
A VPN concentrator is a dedicated hardware device designed to support a large number of simultaneous VPN connections, often hundreds or thousands. It provides high availability, high scalability, and high performance for secure VPN connections.
What is behavior-based detection
A behavior-based monitoring or detection method relies on the establishment of a baseline or a definition of normal and benign. Once this baseline is established, the monitoring tool is able to detect activities that vary from that standard of normal. Behavior-based detection is also known as heuristic detection.
What is a circuit-level gateway firewall
A circuit-level gateway firewall filters traffic by filtering on the connection between an internal trusted host and an external untrusted host. This monitoring occurs at either the Network layer (Layer 3) or the Session layer (Layer 5) of the OSI model. This type of firewall ensures that the packets involved in establishing and maintaining the circuit (a virtual circuit or session) are valid and used in the proper manner. Once a circuit-level gateway allows a connection, no further filtering on that communication is performed.
What is a flood guard
A flood guard is a defense against flooding or massive-traffic DoS attacks. The purpose of a flood guard is to detect flooding activity and then automatically begin blocking it. This prevents this type of malicious traffic from entering a private network.
What is a forward proxy
A forward proxy is a standard proxy that acts as an intermediary or middleman for queries of external resources. A forward proxy handles queries from internal clients when accessing outside services.
What is a full tunnel
A full tunnel is a VPN configuration in which all of the client's traffic is sent to the organizational network over the VPN link, and then any Internet-destined traffic is routed out of the organizational network's proxy or firewall interface to the Internet. A full tunnel ensures that all traffic is filtered and managed by the organizational network's security infrastructure.
What is a reverse proxy
A reverse proxy provides the opposite function; it handles inbound requests from external systems to internally located services. A reverse proxy is similar to the functions of port forwarding and static NAT.
What is signature-based detection
A signature-based monitoring or detection method relies on a database of signatures or patterns of known malicious or unwanted activity. The strength of a signature-based system is that it can quickly and accurately detect any event from its database of signatures.
What is a site-to-site VPN
A site-to-site VPN is a VPN between two organizational networks. It is also known as a tunnel mode VPN and it offers link encryption, which means that it provides encryption only when the traffic is inside the tunnel itself. In both types of tunnel mode VPN, on the side of the VPN that is a site or an organizational network, traffic exiting the tunnel will go back to plain text to traverse the private network.
What is split tunneling
A split tunnel is a VPN configuration that allows a VPN-connected system to access both the organizational network over the VPN and the Internet directly at the same time. The split tunnel thus grants a simultaneously open connection to the Internet and the organizational network.
What are stateful firewalls
A stateful firewall monitors the state or session of the communication; it evaluates previous packets and potentially other communications and conditions when making an allow or deny decision for the current packet.
What is a stateful inspection firewall
A stateful inspection firewall is aware that any valid outbound communication (especially related to TCP) will trigger a corresponding response or reply from the external entity. Thus, this type of firewall automatically creates a response rule for the response on the fly. But that rule exists only as long as the conversation is taking place. This is unlike the static packet filter firewall, which requires that both an outbound rule and an inbound rule be defined at all times.
What are stateless firewalls
A stateless firewall analyzes packets on an individual basis against the filtering ACLs. The context of the communication or previous packets are not used to make an allow or deny decision on the current packet.
What are common response methods
An IDS with active detection and response is designed to take the quickest action to reduce potential damage caused by an intruder. This response may include shutting down the server or the affected service or disconnecting suspicious connections. An IDS with passive detection and response takes no direct action against the intruder; instead, it may increase the amount of data being audited and recorded and notify administrators about the intrusion.
What is an active-active load balancing
An active-active system is a form of load balancing that uses all available pathways or systems during normal operations. In the event of a failure of one or more of the pathways, the remaining active pathways must support the full load that was previously handled by all. This technique is used when the traffic levels or workload during normal operations need to be maximized, but reduced capacity will be tolerated during times of failure.
What is active-passive load balancing
An active-passive system is a form of load balancing that keeps some pathways or system in an unused dormant state during normal operations. If one of the active elements fails, then a passive element is brought online and takes over the workload for the failed element. This technique is used when the level of throughput or workload needs to be consistent between normal states and failure states.
What is an application proxy
An application proxy or an application-specific proxy is a proxy server configured to handle the communications for a single application and its related protocols. An application proxy operates at Layer 7, where it is able to handle the payloads of a specific application and related application-layer protocols.
What is an application-level gateway firewall
An application-level gateway firewall filters traffic based on user access, group membership, the application or service used, or even the type of resources being transmitted. This type of firewall operates at the Application layer (Layer 7) of the OSI model. Such a firewall can be called a proxy. Application-level gateways are focused on the aspects of a specific appliance and protocol combination as well as the content of the conversation. An application-aware firewall provides filtering services for specific applications.
What are the two primary types of IDS/IPS
There are two primary types of IDS/IPS: network (NIDS/NIPS) and host (HIDS/HIPS).
How is persistence related to affinity
Persistence is when Application layer information is used to associate a client with a specific server. Although persistence is more accurate in ensuring that the desired server handles a specific client, implementation of persistence is not always possible, so affinity is used instead. Persistence ensures that a request is handled by a specific server, but affinity is an attempt to cause a server to handle a specific request.
What is port knocking
Port security can also refer to port knocking, a security system in which all ports on a system appear closed. However, if the client sends packets to a specific set of ports in a certain order, a bit like a secret knock, then the desired service port becomes open and allows the client software to connect to the service. Port knocking doesn't prevent a hacker from eavesdropping on the port-knocking sequence and repeating it, but it does defeat the use of port scanners that randomly target Internet-facing systems.
What is Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are used to encrypt traffic between a web browser and a web server. Through the use of SSL or TLS, web surfers can make online purchases, interact with banks, and access private information without disclosing the contents of their communications. SSL and TLS can make web transactions private and secure. Although they aren't true VPN protocols, SSL and TLS operate in much the same manner as VPNs. SSL was originally developed by Netscape, but it quickly became an Internet standard and has been replaced by TLS. TLS is based on SSL, but the two aren't interoperable. SSL operates over TCP port 443, whereas TLS can operate over either of the default TCP ports, 443 and 80 (as does HTTP). In addition to web communications, SSL can be used to secure FTP, Network News Transfer Protocol (NNTP), email, Telnet, and other Application layer TCP/IP protocols. However, when SSL is used for protecting other application protocols, the destination port is different than that of HTTPS, which uses 443; other examples include SMTP over SSL at 465, IMAP over SSL at 993, and POP3 over SSL at 995.
What is Transport Layer Security (TLS) protocol
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are used to encrypt traffic between a web browser and a web server. Through the use of SSL or TLS, web surfers can make online purchases, interact with banks, and access private information without disclosing the contents of their communications. SSL and TLS can make web transactions private and secure. Although they aren't true VPN protocols, SSL and TLS operate in much the same manner as VPNs. Transport Layer Security (TLS) is the updated replacement for the Netscape Corporation's SSL. TLS is generally the same as SSL, but it uses more secure cryptographic protocols and algorithms. It's currently the preferred protocol for securing a wide variety of Layer 5+ protocol-based communications.
What are the four major functional components of ISAKMP
The four major functional components of ISAKMP are: - Authentication of communications peers - Threat mitigation - Security association creation and management - Cryptographic key establishment and management
What is the load balancing technique of preferencing
The load balancing technique of preferencing is when each packet or connection is assigned a destination based on a subjective preference or known capacity difference. For example, suppose system 1 can handle twice the capacity of systems 2 and 3; in this case, preferencing would look like 1, 2, 1, 3, 1, 2, 1, 3, 1, and so on.
What are the two types of IDS
The two types of IDS are network-based and host-based.
How are virtual IPs used in load balancing
Virtual IP addresses are sometimes used in load balancing; an IP address is perceived by clients and even assigned to a domain name, but the IP address is not actually assigned to a physical machine. Instead, as communications are received at the IP address, they are distributed in a load-balancing schedule to the actual systems operating on some other set of IP addresses.
When IMAP is using SSL what is the destination port that is being used
When IMAP is using SSL the destination port that is being used is 993.
When POP3 is using SSL what is the destination port that is being used
When POP3 is using SSL the destination port that is being used is 995.
When SMTP is using SSL what is the destination port that is being used
When SMTP is using SSL the destination port that is being used is 465.