CASP Chapter 5

switch

A device that improves performance over a hub because it eliminates collisions.

database activity monitor (DAM)

A device that monitors transactions and the activity of database services.

sensor

A device used in a SCADA system, which typically has digital or analog I/ O, and these signals are not in a form that can be easily communicated over long distances.

load balancing

A computer method for distributing workload across multiple computing resources.

virtual local area network (VLAN)

A logical subdivision of a switch that segregates ports from one another as if they were in different LANs.

FTP

A protocol that provides file transfer services.

in-line network encryptor (INE)

A type 1 encryption device.

unified threat management (UTM)

A device that combines a traditional firewall with content inspection and filtering, spam filtering, intrusion detection, and antivirus.

kernel proxy firewall -

A fifth-generation firewall that inspects a packet at every layer of the OSI model but does not introduce the performance hit of an application-layer firewall because it does this at the kernel layer.

three-legged firewall

A firewall configuration that has three interfaces: one connected to the untrusted network, one to the internal network, and the last to a part of the network called a DMZ.

dual-homed firewall

A firewall that has two network interfaces, one pointing to the internal network and another connected to an untrusted network.

stateful firewall

A firewall that is aware of the proper functioning of the TCP handshake, keeps track of the state of all connections with respect to this process, and can recognize when packets are trying to enter the network that don't make sense in the context of the TCP handshake.

screened host

A firewall that is between the final router and the internal network.

proxy firewall

A firewall that stands between a connection from the outside and the inside and makes the connection on behalf of the endpoints. With a proxy firewall, there is no direct connection.

Extensible Authentication Protocol (EAP)

A framework (rather than a single protocol) for port-based access control that uses the same three components used in RADIUS.

redundant array of inexpensive/ independent disks (RAID)

A hard drive technology in which data is written across multiple disks in such a way that a disk can fail and the data can be quickly made available from the remaining disks in the array without resorting to a backup tape.

web application firewall (WAF)

A device that applies rule sets to an HTTP conversation. These sets cover common attack types to which these session types are susceptible.

next-generation firewall (NGFW)

A category of devices that attempt to address traffic inspection and application awareness shortcomings of a traditional stateful firewall, without hampering performance.

wireless controller

A centralized appliance or software package that monitors, manages, and controls multiple wireless access points.

SOCKS firewall

A circuit-level firewall that requires a SOCKS client on the computers.

control plane

A component of a router that carries signaling traffic originating from or destined for a router. This is the information that allows the routers to share information and build routing tables.

bastion host

A host that may or may not be a firewall. The term actually refers to the position of any device. If it is exposed directly to the Internet or to any untrusted network, we would say it is a bastion host.

Challenge Handshake Authentication Protocol (CHAP)

An authentication protocol that solves the cleartext problem by operating without sending the credentials across the link.

trunk link

A link between switches and between routers and switches that carries the traffic of multiple VLANs.

access control list (ACL)

A list of permissions attached to an object, including files, folders, servers, routers, and so on. Such rule sets can be implemented on firewalls, switches, and other infrastructure devices to control access.

mesh network

A network in which all nodes cooperate to relay data and are all connected to one another. To ensure complete availability, continuous connections are provided by using self-healing algorithms to route around broken or blocked paths.

storage area network (SAN)

A network of high-capacity storage devices that are connected by a high-speed private network using storage-specific switches.

virtual private network (VPN)

A network whose connections use an untrusted carrier network but provide protection of the information through strong authentication protocols and encryption mechanisms.

security information and event management (SIEM)

A process in which utilities receive information from log files of critical systems and centralize the collection and analysis of this data.

Remote Desktop Protocol (RDP)

A proprietary protocol developed by Microsoft that provides a graphical interface to connect to another computer over a network connection.

Secure Sockets Layer (SSL)

A protocol developed by Netscape to transmit private documents over the Internet that implements either 40-bit (SSL 2.0) or 128-bit encryption (SSL 3.0).

Password Authentication Protocol (PAP)

A protocol that provides authentication but with which the credentials are sent in cleartext and can be read with a sniffer.

BACnet (Building Automation and Control Network)

A protocol used by HVAC systems.

application-level proxy

A proxy device that performs deep packet inspection.

circuit-level proxy

A proxy that operate at the session layer (layer 5) of the OSI model.

Virtual Network Computing (VNC)

A remote desktop control system that operates much like RDP but uses the Remote Frame Buffer protocol.

statistical anomaly-based detection

An intrusion detection method that determines the normal network activity and alerts when anomalous (not normal) traffic is detected.

stateful protocol analysis detection

An intrusion detection method that identifies deviations by comparing observed events with predetermined profiles of generally accepted definitions of benign activity.

configuration lockdown

A setting that can be configured on a variety of devices that are correctly configured. It prevents any changes to the configuration.

virtual switch

A software application or program that offers switching functionality to devices located in a virtual network.

802.1x

A standard that defines a framework for centralized port-based authentication.

screened subnet

A subnet in which two firewalls are used, and traffic must be inspected at both firewalls to enter the internal network.

Internet Protocol Security (IPsec)

A suite of protocols that establishes a secure channel between two devices. IPsec can provide encryption, data integrity, and system-based authentication, which makes it a flexible option for protecting transmissions.

network intrusion prevention system (NIPS)

A system that can take action to prevent an attack from being realized.

network intrusion detection system (NIDS)

A system that is designed to monitor network traffic and detect and report threats.

signature-based detection

A type of intrusion detection that compares traffic against preconfigured attack patterns known as signatures.

IPv6

An IP addressing scheme designed to provide a virtually unlimited number of IP addresses. It uses 128 bits rather than 32, as in IPv4, and it is represented in hexadecimal rather than dotted-decimal format.

6to4

An IPv4-to-IPv6 transition method that allows IPv6 sites to communicate with each other over an IPv4 network.

Teredo

An IPv4-to-IPv6 transition method that assigns addresses and creates host-to-host tunnels for unicast IPv6 traffic when IPv6 hosts are located behind IPv4 network address translators.

dual stack

An IPv4-to-IPv6 transition method that runs both IPv4 and IPv6 on networking devices.

service-level agreement (SLA)

An agreement about the ability of a support system to respond to problems within a certain time frame while providing an agreed level of service.

hardware security module (HSM)

An appliance that safeguards and manages digital keys used with strong authentication and provides crypto processing.

Secure Shell (SSH)

An application and protocol that is used to remotely log in to another computer using a secure tunnel. It is a secure replacement for Telnet.

protocol analyzer

Software that collects raw packets from a network and is used by both legitimate security professionals and attackers.

mean time to repair (MTTR)

The average time required to repair a single resource or function when a disaster or other disruption occurs. Describes the average amount of time it takes to get a device fixed and back online.

failover

The capacity of a system to switch over to a backup system if a failure occurs in the primary system.

management plane

The component or plane on a networking device such as a router or switch that is used to administer the device.

mean time between failures (MTBF)

The estimated amount of time a device will operate before a failure occurs. This amount is calculated by the device vendor. System reliability is increased by a higher MTBF and lower MTTR.

data plane

The plane on a networking device such as a router or switch that carries user traffic. Also known as the forwarding plane.

clustering

The process of providing load-balancing services by using multiple servers running the same application and data set.

packet filtering firewall

The type of firewall that is the least detrimental to throughput as it only inspects the header of the packet for allowed IP addresses or port numbers.