Test 5 short answer
what is the difference between intrusion detection system and an intrusion protection system
IDS is a stand alone device, running on a workstation server or router. monitors traffic and alerts suspicious activity. IPS stands in line between the attacker and the target. can prevent traffic from reaching the network.
If you LAN utilizes a proxy server, and you wish to send an email messege from your workstation inside the LAN to a colleague via the internet, what does this process look like
step 1-messege goes to proxy server step 2- proxy server repackages data frames, then uses its own IP address as the source. step 3- passes data to packet filtering firewall. step 4- firewall verifies source IP is valid.
what is vulnerability scanning, and what are two different types of it
used to identify vulnerabilities in a network. authenticated- the hacker is given the same access as a regular member. unauthenticated- the hacker begins on the perimeter of the network and looks for weakness not requiring regular access.
how does a zero day exploit differ from a typical exploit
A zero day exploit, or zero day attack, is one that takes advantage of newly realesed software.
what are three components required to manage access control to a network and its resources
Authentication- verifying creditentials Authorization- process that determins what a user can or cannot do accounting- logs user access and activities on network.
how does the CCMP help ensure data confidentiality
Messege integrity, ensures incoming packets are coming from where they say they are encryption which is faster and more secure.
describe the TACACS+ AAA protocol and how it differs form RADIUS
TACACS+ offers network admins the option of seperate authentication. authorization and auditing capabilities. Differs from RADIUS by relies on TCP not UDP was deved by CISCO installed on router or switch.
How are hackers organized
White hat hackers- IT security experts are hired to asses security risks Black hat hackers- use their skills illegally to steal or destroy data or networks Grey hat hackers- morally ambiguous, although they make engadge in illegal activities they do so to educate or inform
what is the purpsose of Unified Threat Management
UFM is a security strategy that combines multiple types of secuirty appliances into a single safety net. provides full spread of security services from a single point of control.
Why might an organization be required to undergo a security audit
certain customers may require it, such as the military or government. regulators require some types of companies such as accounting firms to undergo regular audits for secuirty.
when configuring a new device, why should changing admin credentials be a top concern
default creditials can be extreamly insecure as they are very commonly used. like username Admin. password 1234
How is motion detection tech used to monitor and provide security for sensitive areas. how can it deal with false positives
detects movement within its field of view then sounds an alarm. newer models can tell between differnt types of motion. to reduce false alarms
What are some of the charactaristics of malware that make it hard to detect
encrytpion-makes it harder to detect. stealth- disguises itself as legit programs polymorphism- changes its charactaristics time dependance- programmed to activate at a certain time or date.
what is hashing, and how does it differ form encryption
hasing means to transform data through an algorithm. encrypted data can be decrypted, hased data cannot be. hasing is used mostly to ensure data integrity.
list and describe the four different locations in which anti-malware can be installed
host based- if you install on every machine server based- resides on the server and checks all files in the transaction. but slow down network network based- securing the gateways where it connects to the internet cloud based- offer the same services as other cloud based services.
In a network access control system, what are two common types of software agents used
nonpersistant agent, remains long enough to verify authentication then uninstalls persistant agent- permanently installed on a device. provide additional security such as remote wipe, virus scnas and mass messeges.
How does RADIUS work
open source, runs in the application layer and can use UDP or TCP. uses same type of packet for both authentication and authorization.
what is multifactor authentication and what are examples
process that requires two or more pieces of information. something you kow something you have something you are somewhere you are something you do one method from at least two different categories.
how does a reverse proxy differ from a normal porxy
proxy servers access resources on the internet for a client reverse proxy servers provide services to internet clients from sercers on its own network. identiy protection and some amount of firewall protection.
