Lesson 4 - Understanding Network Security
intrusion prevention system (IPS)
A solution designed to detect unauthorized user activities, attacks, and network compromises that can also take action to prevent a breach from occurring.
intrusion detection system (IDS)
A solution designed to detect unauthorized user activities, attacks, and network compromises.
firewall
A system that is designed to protect a computer or a computer network from network-based attacks. It does this by filtering the data packets that are traversing the network.
padded cell
A system that waits for an IDS to detect an attacker and then transfers the attacker to a special host where he or she cannot do any damage to the production environment.
Honeypot
A trap for hackers.
host firewall
A type of software firewall installed on a host and used to protect the host from network-based attacks.
personal firewall
A type of software firewall installed on a host and used to protect the host from network-based attacks.
DNS Security Extensions (DNSsec)
Adds security provisions to DNS so that computers can verify they have been directed to proper servers.
MAC address
the physical or hardware address burned into each NIC (for example, 96-4C-E5-48-78-C7). It is 48-bits in length.
Network Access Protection (NAP)
A Microsoft solution that allows administrators a more powerful way to control access to network resources. Its controls are based on the client computer's identity and whether that computer complies with the configured network governance policies.
network firewall
A category of software firewall consists of applications that are installed on servers used to protect network segments from other network segments.
Honeynet
A collection of honeypots used to present an attacker with an even more realistic attack environment.
Unified Threat Management (UTM)
A comprehensive security product that includes protection against multiple threats. It typically includes a firewall, antivirus software, content filtering and a spam filter in a single integrated package.
demilitarized zone (DMZ)
A firewall configuration used to secure hosts on a network segment. In most cases, they are connected behind a firewall that is connected to a public network like the Internet.
application level firewall
Also known as proxy servers. Works by performing a deep inspection of application data as it traverses the firewall. Rules are set by analyzing client requests and application responses, then enforcing correct application behavior.
DNS poisoning
An attack against the cached information on your DNS server.
stateful inspection
In addition to examining the header information of the packets traversing the firewall, it considers other factors when determining whether traffic should be permitted across the firewall. Its inspections also determine whether a packet is part of an existing session, and that information can be used to decide whether to permit or deny a packet.
DNS spoofing
Occurs when an attacker is able to intercept a DNS request and respond to the request before the DNS server is able to.
Secure Content Management (SCM)
Software protection against spyware, phishing, viruses and email spam.
spoofing
The misuse of a network protocol to perpetrate a hoax on a host or a network device.
circuit level firewall
Typically considered second-generation firewall technology. They work in a similar fashion to packet-filtering firewalls, but they operate at the transport and session layers of the OSI model.
Open Systems Interconnect (OSI) model
a conceptual model, created by the International Organization for Standardization (ISO) to describe a network architecture that allows the passage of data between computer systems. Although never fully utilized as the model for a protocol, it is nonetheless the standard for discussing how networking works.