Security+ Terminology | Chapter 3 Understanding Devices and Infrastructure | Sybex & Wiley Book

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

passive response

A nonactive response, such as logging, it is the most common type of response to many intrusions. In general, these responses are the easiest to develop and implement.

alarm

A notification that an unusual condition exists and should be investigated.

Secure Sockets Layer (SSL)

A protocol that secures messages by operating between the Application layer (HTTP) and the Transport layer.

active response

A response generated in real time.

proxy firewall

A server that also acts as a firewall, blocking network access from external networks.

Internet Protocol Security (IPSec)

A set of protocols that enable encryption, authentication, and integrity over IP. IPSec is commonly used with virtual private networks (VPNs) and operates at Layer 3.

HSM (hardware security module)

A software or appliance stand-alone used to enhance security and commonly used with PKI systems.

signature-based system

A system that acts based on the digital signature it sees and offers no repudiation to increase the integrity of a message.

access control list (ACL)

A table or data file that specifies whether a user or group has access to a specific resource on a computer or network.

proxy server

A type of server that makes a single Internet connection and services requests on behalf of many users.

proxy

A type of system that prevents direct communication between a client and a host by acting as an intermediary.

analyzer

The component or process that analyzes the data collected by the sensor.

key management

The management of all aspects of cryptographic keys in a cryptosystem, including key generation, exchange, storage, use, destruction and replacement.

access point (AP)

The point at which access to a network is accomplished. This term is often used in relation to a wireless access point.

encapsulation

The process of enclosing data in a packet.

network access control (NAC)

The set of standards defined by the network for clients attempting to access it. It usually requires that clients be virus-free and adhere to specified policies before allowing them on the network.

false negative

An event that should be flagged but isn't.

alert

An indication that an unusual condition could exist and should be investigated.

host-based IDS (HIDS)

An intrusion detection system that is host based. An alternative is an intrusion detection system that is network based.

network intrusion prevention system (NIPS)

An intrusion system that is network based.

data loss prevention (DLP)

Any systems that identify, monitor, and protect data to prevent it from unauthorized use, modification, destruction, egress, or exfiltration from a location.

compensating controls

Gap controls that fill in the coverage between other types of vulnerability mitigation techniques (where there are holes in coverage, we make up for them).

Security information and event management (SIEM)

This software combines security information management (SIM) and security event management (SEM) functions to provide real-time analysis of security alerts.

intrusion detection system (IDS)

Tools that identify attacks using defined rules or logic and are considered passive, it can be network based or host based.

intrusion prevention system (IPS)

Tools that respond to attacks using defined rules or logic and are considered active, it can be network based or host based.

anomalies

Variations from normal operations.

anomaly-detection IDS (AD-IDS)

a system that works by looking for deviations from a pattern of normal network traffic.

firewall

A combination of hardware and software filters placed between trusted and untrusted networks intended to protect a network from attack by hackers who could gain access through public networks, including the Internet.

implicit deny

A condition that states that unless otherwise given, the permission will be denied.

application-level proxy

A device or software that recognizes application specific commands and offers granular control over them.

false positive

A flagged event that isn't really an event and has been falsely triggered.

appliance

A freestanding device that operates in a largely self-contained manner.

clustering

A method of balancing loads and providing fault tolerance.

switch

A network device that can replace a router or hub in a local network and get data from a source to a destination, allows for higher speeds.

Encapsulating Security Payload (ESP)

An IPSec header used to provide a mix of security services in IPv4 and IPv6, can be used alone or in combination with the IP Authentication Header (AH).

Authentication Header (AH)

An IPSec header used to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replays.

SSID broadcast

An access point's broadcasting of the network name.

all-in-one appliance

An appliance that performs multiple functions.

network-based IDS (NIDS)

An approach to an intrusion detection system (IDS); it attaches the system to a point in the network where it can monitor and report on all network traffic.

load balancing

Dividing a load for greater efficiency of management among multiple devices.

stateful inspection

Inspections that occur at all levels of the network and provide additional security using a state table that tracks every communications channel.


Set pelajaran terkait

the "secularization thesis/paradigm"

View Set

Clinical Terminologies, Classifications, and Code Systems

View Set

Building your Real Estate Business

View Set

Chapter 13: Security | Information & Networking Tech. | Study Cards

View Set

Brunjes PSYC 2200 Exam 2 Spring 15

View Set

ch.2 Analyzing Financial statements and ratios

View Set