Network Security

behavior based monitoring

monitoring technique used by an IDS that uses the normal processes and actions as the standard and compares action against it.

heuristic monitoring

monitoring technique used by an IDS that uses an algorithm to determine if a threat exists.

disadvantages of HIDS

-cannot monitor network traffic that does not reach the local system -log data is stored locally -tends to be resource intensive and can slow down the system

class A IPs

10.0.0.0 to 10.255.255.255

class b IPs

172.16.0.0 to 172.31.255.255

class c IPs

192.168.0.0 to 192.168.255.255

IP addresses have how many bits

32

internet content filters

monitor internet traffic and block access to preselected web sites and files. page is only displayed if it colies with the specified filters

a technique that allows IP addresses to be used on the public internet

NAT

what is typically used on home routers that will allow multiple users to share once IP address received from an internet service provider

PAT

internet content filter features

URL and content filtering malware filtering prohibit file downloads profiles detailed reporting

what creates all data that is transmitted between the remote device and the network

VPN

signature based monitoring

monitoring technique used by an IDS that examins network traffic to look for well known patterns and compares the activities agains a predefined signiture

VPN concentrator

a device that aggregates hundreds or thousands of VPN connections

anomaly based monitoring

a monitoring technique used by an IDS that creates a baseline of normal activiteis and computer actions agianst the baseline. whenever there is a deviation, an alarm occurs

demilittarized zone (DMZ)

a seperate network that rests outside the secure network perimeter; untrusted outside users can access the DMZ by cannot enter the secure network

settings based firewall

allows admin to create a set of certain parameter that together define one aspect of a devices operation

remote access

any combination of hardware and software that enables remote user to access a local internal network

proxy server

computer or an application program that intercepts a user request from the internal secure network and then processes that request on behalf of the user

reserve proxy

computer or an application program that routes incoming request to the correct server

intrusion detectioin system (IDS)

device designed to be active security; it can detect an attack as it occurs

load balancer

device that can direct request to different servers based on a variety of factors such as: number of servers, processor utilization, or performance

web security gateway

device that con block malicious content in real time as it appears (without first knowing the URL of a dangerous site

signature based monitoring

examining network traffic, activity, transactions, or behavior and looking for well known patterns

advantages of proxy server

increased speed reduced costs improved management stronger security

statful packet filtering

keeps a record of the state of a connection between an internal computer and an external device and then makes decision based on the connection as well as conditions

stateless packet filtering

permits or denies packets based on the conditions that have been set by the administrator

passive NIDS

slimply sounds an alarm and logs the event

host intrusion detection system (HIDS)

software based application that runs on a local host computer that can detect an attack as it occurs

web application firewall

special type of firewall that looks more deeply into packets that carry HTTP traffic

each operation in a computing environment starts with what

system call

What HIDS monitors

system calls file system access system registry settings host input/output

network address translation (NAT)

technique that allows private IP addresses to be usded on the public internet

network access control (NAC)

technique that examines the current state of a system or network device before it is allowed to connect to the network

network intrusion prevention system (NIPS)

technology that monitors network traffic to immediately react to block a malicious attack

network intrusion detection system (NIDS)

technology that watches for attacks on the network and reports back to a central device

virtual private network (VPN)

technology to use an unsecured public network such as the internet, like a private network

rule based firewall

uses a set of instructions to control the actions

what can block malicious content in "real time" as it appears without first knowing the URL of a dangerous site

web security gateway

active NIDS

will sound an alarm and take action against attack

these switches are connected directly to the devices on a network

workgroup switches