chapter 10 cts1134

Ace your homework & exams now with Quizwiz!

STP (Spanning Tree Protocol)

A Layer 2 protocol that is used for routing and prevents network loops by adopting a dynamic routing method.

next generation firewalls aka layer 7 firewalls

A category of devices that attempt to address traffic inspection and application awareness shortcomings of a traditional stateful firewall, without hampering performance.

LDAP (Lightweight Directory Access Protocol)

A communications protocol that defines how a client can access information, perform operations, and share directory data on a server.

Key Distribution Center (KDC)

A component of the Kerberos system for authentication that manages the secure distribution of keys.

stateless firewall

A firewall capable only of examining packets individually. Stateless firewalls perform more quickly than stateful firewalls, but are not as sophisticated.

network based firewall

A firewall configured and positioned to protect an entire network.

application-aware firewall

A firewall that can identify the applications that send packets through the firewall and then make decisions about the applications.

packet-filtering firewall

A firewall that examines each packet and determines whether to let the packet pass. To make this decision, it examines the source address, the destination addresses, and other data.

host based firewall

A firewall that only protects the computer on which it's installed.

domain local groups

A group of workstations that is centrally managed via Active Directory for the entire network.

port mirroring

A monitoring technique in which one port on a switch is configured to send a copy of all its traffic to a second port.

quarantine network

A network segment that is situated separately from sensitive network resources and might limit the amount of time a device can remain connected to the network. A quarantine network provides a relatively safe holding place for devices that do not meet compliance requirements or that are indicated to have been compromised.

authentication server

A server that keeps track of who's logging on to the network and which services on the network are available to each user. and that performs the authentication

SSO (Single Sign-On)

A session/user authentication process that permits a user to enter one name and password in order to access multiple applications.

a firewall rule

A set of conditions used by Windows Firewall to determine whether a particular type of communication is permitted. You can configure inbound rules, outbound rules, and connection security rules from the Windows Firewall with Advanced Security snap-in.

NAC (Network Access Control)

A term that refers to collected protocols, policies, and hardware that govern access on devices to and from a network.

how does ccmp provide faster and more secure encryption?

AES (advanced encryption standard)

NAC systems might have software installed to help authenticate a user, what is this software called?

AGENT

a kerberos server runs two services

AS TGS

SKA (Shared Key Authentication)

All wireless access clients use the same key, which can then be used for encrypted transmissions.

EAP-TLS

An Extensible Authentication Protocol that uses digital certificates for authentication. uses TLS encryption to protect comms, and PKI (public key infrastructure) certs to exchange public keys and authenticate both the supplicant and server thru mutual authentication.

MAC (Mandatory Access Control)

An access control model that uses labels to determine access. NTFS uses DAC instead of MAC.

UTM (Unified Threat Management)

An approach to threat management that combines multiple security related products (antivirus software, IPS, and so on) into a single management console.

agentless authentication

An authentication process in which the user is authenticated rather than the device. The device is then scanned to determine compliance with access control requirements., sometimes thru active directory

OSA (Open System Authentication)

An insecure form of authentication used by WEP where no key is used at all.

DAC (Discretionary Access Control)

Authorization method based on the idea that there is an owner of a resource who may at his or her discretion assign access to that resource. DAC is considered much more flexible than mandatory access control (MAC).

BPDU

Bridge protocol data unit. The generic name for Spanning Tree Protocol messages.

CCMP uses what to provide message integrity?

CBC-MAC

ticket in kerberos

Contains the identity of the client, the session key, the timestamp and the checksum. Encrypted with the server's key.

FIM

File Integrity Monitoring

file integrity monitoring is performed on which device usually?

HIDS

TGS (Ticket-Granting Service)

In Kerberos terminology, an application separate from the AS (authentication service) that runs on the KDC and issues Ticket-Granting Tickets to clients so that they need not request a new ticket for each new service they want to access.

AS (authentication service)

In Kerberos terminology, the process that runs on a KDC (Key Distribution Center) to initially validate a client that is logging on.

stateful firewall

Inspects traffic leaving the inside network as it goes out to the Internet. Then, when returning traffic from the same session (as identified by source and destination IP addresses and port numbers) attempts to enter the inside network, the stateful firewall permits that traffic. The process of inspecting traffic to identify unique sessions is called stateful inspection.

IDS

Intrusion detection system. A detective control used to detect attacks after they occur. A signature-based IDS (also called definition-based) uses a database of predefined traffic patterns. An anomaly-based IDS (also called behavior-based) starts with a performance baseline of normal behavior and compares network traffic against this baseline. An IDS can be either host-based (HIDS) or network-based (NIDS). In contrast, a firewall is a preventative control that attempts to prevent the attacks before they occur. An IPS is a preventative control that will stop an attack in progress.

IPS

Intrusion prevention system. A preventive control that will stop an attack in progress. It is similar to an active IDS except that it's placed in-line with traffic. An IPS can actively monitor data streams, detect malicious content, and stop attacks in progress. It can be used internally to protect private networks, such as those holding SCADA equipment.

what is the most common cause of firewall failure?

Misconfiguration

which choice is best suited to operate in a network DMZ? NIDS, HIDS, firewall, all three

NIDS

NIDS

Network-based intrusion detection system. IDS used to monitor a network. It can detect network-based attacks, such as smurf attacks. A NIDS cannot monitor encrypted traffic, and cannot monitor traffic on individual hosts.

legacy network protocols

PAP, CHAP, MS CHAP, MS CHAPv2

implicit deny rule

Rule that ensures that any traffic that the ACL does not explicitly permit is denied by default

SIEM (Security Information and Event Management)

Software that can be configured to evaluate data logs from IDS, IPS, firewalls, and proxy servers in order to detect significant events that require the attention of IT staff according to predefined rules.

TKIP

Temporal Key Integrity Protocol. Wireless security protocol introduced to address the problems with WEP. TKIP was used with WPA but many implementations of WPA now support CCMP.

TACACS+

Terminal Access Controller Access Control System Plus is made by cisco and allows the separation of authentication, accounting, and authorization, it uses tcp unlike RADIUS which uses UDP, is typically installed on a router or switch, unlike RADIUS

supplicant

The device that wants to gain access to the network.

Your organization's network has multiple layers of security devices. When you attempt to connect to a service on the Internet. However, you receive a security message from the operating system stating that this service is blocked on your workstation. What could be the probable cause?

The host-based firewall settings are blocking the service.

iptables

The software firewall that is included with most Linux distributions.

utm appliance

Unified threat management (UTM) provides multiple security features and services in a single device or service on the network, protecting users from security threats in a simplified way. UTM includes functions such as anti-virus, anti-spam, content filtering, and web filtering.

RBAC (Role Based Access Control)

Which access control model manages rights and permissions based on job descriptions and responsibilities?

organizations will usually use what kind of system for extensive authentication?

a RADIUS server with EAP

prinicipal in kerberos means

a kerberos client or user

To deny ICMP traffic from any IP address or network to any IP address or network:

access-list acl_2 deny icmp any any

To permit ICMP traffic from any IP address or network to any IP address or network:

access-list acl_2 permit icmp any any

To permit TCP traffic from 2.2.2.2 host machine to 3.3.3.3 host machine to destination web port 80 (the "eq" parameter says "equal to" and "www" is a keyword that stands for port 80):

access-list acl_2 permit tcp host 2.2.2.2 host 3.3.3.3 eq www

To permit TCP traffic from 2.2.2.2 host machine to 5.5.5.5 host machine:

access-list acl_2 permit tcp host 2.2.2.2 host 5.5.5.5

user aware

adapts to the class of the user or group

Which of these features is in the next generation firewalls?

all of them

what are the 3 things NGFWs offer

application awareness user aware context aware

a routers ACLs

can determine which packets make it passed the router and which don't which adds some level of protection

context aware firewall

designed to consider not just the source, destination, port, and application. It also considers context such as date and time and location for mobile devices

An ACL acts like a

filter, and instructs the router to deny or allow traffic depending on network layer protocol, transport layer protocol, destination, and source ip address, and other information

when you create rules on ubuntu terminal they last the session, in order to save rules through the command line you must?

first you have to export them to a file to save

firewalls

hardware, software, or both designed to prevent unauthorized persons from accessing electronic information

software enables computers to perform the functions of a packet filtering firewall. which choice is a command line utility?

iptables

EAP-FAST

is also a form of tunneled EAP is faster than PEAP, it uses PACs (protected access credentials) and is stored on the supplicant device for faster establishment of TLS tunnel in future sessions

the active directory is configured to use the

kerberos protocol

what is another name for next generation firewalls?

layer 7 firewall

use CLI commands to switch off the firewall for all profiles on the PLABDC01 computer.

netsh advfirewall set allprofiles state off

you can use CLI commands to reconfigure the firewall rules. In this task, you will use CLI commands to switch on the firewall on the PLABDC01 computer

netsh advfirewall set allprofiles state on

what are the two types of agents used in NAC systems

persistent agent and nonpersistent agent

TKIP

provided encryption, a key distribution, integrity of message,

reverse proxy

provides identity protection for the server and some application layer firewall protection

Geofencing is an effective way to accomplish which of the following?

restrict access areas

HIDS

runs on a single computer to detect intrusion for that host

WPA (WIFI protected Access) or WPA2

security standards for more advanced encryption techniques over wireless connections

proxy servers

server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers.

RADIUS (Remote Authentication Dial-In User Service)

serves as a center for authentification across different devices or platforms trying to get into authorized services

Which type of firewall monitors each packet according to currently existing data streams?

stateful firewall

IDS uses two primary methods for detecting threats

statistical anomaly signature based

what is the difference betwen stream ciphers and block ciphers?

stream ciphers encrypt 1 byte at a time, while block encrypts in chunks or blocks in each calculation

on ubuntu, to allow all connections, type the command:

sudo iptables -A INPUT -m conntrack --cstate ESTABLISHED,RELATED -j ACCEPT

how do you open a port on ubuntu

sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT

how to see rules in ubuntu

sudo iptables -L

to see the rules on ubuntu

sudo iptables -L

to drop any traffic that doesn't match the accept rule

sudo iptables -P INPUT DROP

to export rules on ubuntu to a file to save the rules type the command

sudo sh -c "iptables-save > etc/iptables.rules"

what are the three main EAP entities

supplicant authenticator authentication server

AAA (authentication, authorization, and accounting)

the 3 elements needed to manage access control

authenticator

the network device that initiates the authentication process

a stateless firewall is faster than a stateful firewall

true

pap, chap, and ms chap are legacy protocols

true

WAP2 (Wi-Fi Protected Access 2)

uses CCMP to create more security when dealing with data, CCMP helps ensure data confidentiality with both encryption and packet authentication

kerberos

uses symmetric key encryption to validate an individual user to various network resources.

Refer to the exhibit. Which of the following networking device is being shown in the middle in red color?

utm appliance

where do you go to configure firewall rules?

windows defender firewall

how do you confirm that a file was saved in ubuntu command?

you can check the directory that you put the file in by going to cd /etc, once in the directory, type ls to see the things in it


Related study sets

Chapter 36: Skin Integrity and Wound Care

View Set

Radiographic Image Equipment (Unit Test 3)

View Set