chapter 10 cts1134
STP (Spanning Tree Protocol)
A Layer 2 protocol that is used for routing and prevents network loops by adopting a dynamic routing method.
next generation firewalls aka layer 7 firewalls
A category of devices that attempt to address traffic inspection and application awareness shortcomings of a traditional stateful firewall, without hampering performance.
LDAP (Lightweight Directory Access Protocol)
A communications protocol that defines how a client can access information, perform operations, and share directory data on a server.
Key Distribution Center (KDC)
A component of the Kerberos system for authentication that manages the secure distribution of keys.
stateless firewall
A firewall capable only of examining packets individually. Stateless firewalls perform more quickly than stateful firewalls, but are not as sophisticated.
network based firewall
A firewall configured and positioned to protect an entire network.
application-aware firewall
A firewall that can identify the applications that send packets through the firewall and then make decisions about the applications.
packet-filtering firewall
A firewall that examines each packet and determines whether to let the packet pass. To make this decision, it examines the source address, the destination addresses, and other data.
host based firewall
A firewall that only protects the computer on which it's installed.
domain local groups
A group of workstations that is centrally managed via Active Directory for the entire network.
port mirroring
A monitoring technique in which one port on a switch is configured to send a copy of all its traffic to a second port.
quarantine network
A network segment that is situated separately from sensitive network resources and might limit the amount of time a device can remain connected to the network. A quarantine network provides a relatively safe holding place for devices that do not meet compliance requirements or that are indicated to have been compromised.
authentication server
A server that keeps track of who's logging on to the network and which services on the network are available to each user. and that performs the authentication
SSO (Single Sign-On)
A session/user authentication process that permits a user to enter one name and password in order to access multiple applications.
a firewall rule
A set of conditions used by Windows Firewall to determine whether a particular type of communication is permitted. You can configure inbound rules, outbound rules, and connection security rules from the Windows Firewall with Advanced Security snap-in.
NAC (Network Access Control)
A term that refers to collected protocols, policies, and hardware that govern access on devices to and from a network.
how does ccmp provide faster and more secure encryption?
AES (advanced encryption standard)
NAC systems might have software installed to help authenticate a user, what is this software called?
AGENT
a kerberos server runs two services
AS TGS
SKA (Shared Key Authentication)
All wireless access clients use the same key, which can then be used for encrypted transmissions.
EAP-TLS
An Extensible Authentication Protocol that uses digital certificates for authentication. uses TLS encryption to protect comms, and PKI (public key infrastructure) certs to exchange public keys and authenticate both the supplicant and server thru mutual authentication.
MAC (Mandatory Access Control)
An access control model that uses labels to determine access. NTFS uses DAC instead of MAC.
UTM (Unified Threat Management)
An approach to threat management that combines multiple security related products (antivirus software, IPS, and so on) into a single management console.
agentless authentication
An authentication process in which the user is authenticated rather than the device. The device is then scanned to determine compliance with access control requirements., sometimes thru active directory
OSA (Open System Authentication)
An insecure form of authentication used by WEP where no key is used at all.
DAC (Discretionary Access Control)
Authorization method based on the idea that there is an owner of a resource who may at his or her discretion assign access to that resource. DAC is considered much more flexible than mandatory access control (MAC).
BPDU
Bridge protocol data unit. The generic name for Spanning Tree Protocol messages.
CCMP uses what to provide message integrity?
CBC-MAC
ticket in kerberos
Contains the identity of the client, the session key, the timestamp and the checksum. Encrypted with the server's key.
FIM
File Integrity Monitoring
file integrity monitoring is performed on which device usually?
HIDS
TGS (Ticket-Granting Service)
In Kerberos terminology, an application separate from the AS (authentication service) that runs on the KDC and issues Ticket-Granting Tickets to clients so that they need not request a new ticket for each new service they want to access.
AS (authentication service)
In Kerberos terminology, the process that runs on a KDC (Key Distribution Center) to initially validate a client that is logging on.
stateful firewall
Inspects traffic leaving the inside network as it goes out to the Internet. Then, when returning traffic from the same session (as identified by source and destination IP addresses and port numbers) attempts to enter the inside network, the stateful firewall permits that traffic. The process of inspecting traffic to identify unique sessions is called stateful inspection.
IDS
Intrusion detection system. A detective control used to detect attacks after they occur. A signature-based IDS (also called definition-based) uses a database of predefined traffic patterns. An anomaly-based IDS (also called behavior-based) starts with a performance baseline of normal behavior and compares network traffic against this baseline. An IDS can be either host-based (HIDS) or network-based (NIDS). In contrast, a firewall is a preventative control that attempts to prevent the attacks before they occur. An IPS is a preventative control that will stop an attack in progress.
IPS
Intrusion prevention system. A preventive control that will stop an attack in progress. It is similar to an active IDS except that it's placed in-line with traffic. An IPS can actively monitor data streams, detect malicious content, and stop attacks in progress. It can be used internally to protect private networks, such as those holding SCADA equipment.
what is the most common cause of firewall failure?
Misconfiguration
which choice is best suited to operate in a network DMZ? NIDS, HIDS, firewall, all three
NIDS
NIDS
Network-based intrusion detection system. IDS used to monitor a network. It can detect network-based attacks, such as smurf attacks. A NIDS cannot monitor encrypted traffic, and cannot monitor traffic on individual hosts.
legacy network protocols
PAP, CHAP, MS CHAP, MS CHAPv2
implicit deny rule
Rule that ensures that any traffic that the ACL does not explicitly permit is denied by default
SIEM (Security Information and Event Management)
Software that can be configured to evaluate data logs from IDS, IPS, firewalls, and proxy servers in order to detect significant events that require the attention of IT staff according to predefined rules.
TKIP
Temporal Key Integrity Protocol. Wireless security protocol introduced to address the problems with WEP. TKIP was used with WPA but many implementations of WPA now support CCMP.
TACACS+
Terminal Access Controller Access Control System Plus is made by cisco and allows the separation of authentication, accounting, and authorization, it uses tcp unlike RADIUS which uses UDP, is typically installed on a router or switch, unlike RADIUS
supplicant
The device that wants to gain access to the network.
Your organization's network has multiple layers of security devices. When you attempt to connect to a service on the Internet. However, you receive a security message from the operating system stating that this service is blocked on your workstation. What could be the probable cause?
The host-based firewall settings are blocking the service.
iptables
The software firewall that is included with most Linux distributions.
utm appliance
Unified threat management (UTM) provides multiple security features and services in a single device or service on the network, protecting users from security threats in a simplified way. UTM includes functions such as anti-virus, anti-spam, content filtering, and web filtering.
RBAC (Role Based Access Control)
Which access control model manages rights and permissions based on job descriptions and responsibilities?
organizations will usually use what kind of system for extensive authentication?
a RADIUS server with EAP
prinicipal in kerberos means
a kerberos client or user
To deny ICMP traffic from any IP address or network to any IP address or network:
access-list acl_2 deny icmp any any
To permit ICMP traffic from any IP address or network to any IP address or network:
access-list acl_2 permit icmp any any
To permit TCP traffic from 2.2.2.2 host machine to 3.3.3.3 host machine to destination web port 80 (the "eq" parameter says "equal to" and "www" is a keyword that stands for port 80):
access-list acl_2 permit tcp host 2.2.2.2 host 3.3.3.3 eq www
To permit TCP traffic from 2.2.2.2 host machine to 5.5.5.5 host machine:
access-list acl_2 permit tcp host 2.2.2.2 host 5.5.5.5
user aware
adapts to the class of the user or group
Which of these features is in the next generation firewalls?
all of them
what are the 3 things NGFWs offer
application awareness user aware context aware
a routers ACLs
can determine which packets make it passed the router and which don't which adds some level of protection
context aware firewall
designed to consider not just the source, destination, port, and application. It also considers context such as date and time and location for mobile devices
An ACL acts like a
filter, and instructs the router to deny or allow traffic depending on network layer protocol, transport layer protocol, destination, and source ip address, and other information
when you create rules on ubuntu terminal they last the session, in order to save rules through the command line you must?
first you have to export them to a file to save
firewalls
hardware, software, or both designed to prevent unauthorized persons from accessing electronic information
software enables computers to perform the functions of a packet filtering firewall. which choice is a command line utility?
iptables
EAP-FAST
is also a form of tunneled EAP is faster than PEAP, it uses PACs (protected access credentials) and is stored on the supplicant device for faster establishment of TLS tunnel in future sessions
the active directory is configured to use the
kerberos protocol
what is another name for next generation firewalls?
layer 7 firewall
use CLI commands to switch off the firewall for all profiles on the PLABDC01 computer.
netsh advfirewall set allprofiles state off
you can use CLI commands to reconfigure the firewall rules. In this task, you will use CLI commands to switch on the firewall on the PLABDC01 computer
netsh advfirewall set allprofiles state on
what are the two types of agents used in NAC systems
persistent agent and nonpersistent agent
TKIP
provided encryption, a key distribution, integrity of message,
reverse proxy
provides identity protection for the server and some application layer firewall protection
Geofencing is an effective way to accomplish which of the following?
restrict access areas
HIDS
runs on a single computer to detect intrusion for that host
WPA (WIFI protected Access) or WPA2
security standards for more advanced encryption techniques over wireless connections
proxy servers
server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers.
RADIUS (Remote Authentication Dial-In User Service)
serves as a center for authentification across different devices or platforms trying to get into authorized services
Which type of firewall monitors each packet according to currently existing data streams?
stateful firewall
IDS uses two primary methods for detecting threats
statistical anomaly signature based
what is the difference betwen stream ciphers and block ciphers?
stream ciphers encrypt 1 byte at a time, while block encrypts in chunks or blocks in each calculation
on ubuntu, to allow all connections, type the command:
sudo iptables -A INPUT -m conntrack --cstate ESTABLISHED,RELATED -j ACCEPT
how do you open a port on ubuntu
sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
how to see rules in ubuntu
sudo iptables -L
to see the rules on ubuntu
sudo iptables -L
to drop any traffic that doesn't match the accept rule
sudo iptables -P INPUT DROP
to export rules on ubuntu to a file to save the rules type the command
sudo sh -c "iptables-save > etc/iptables.rules"
what are the three main EAP entities
supplicant authenticator authentication server
AAA (authentication, authorization, and accounting)
the 3 elements needed to manage access control
authenticator
the network device that initiates the authentication process
a stateless firewall is faster than a stateful firewall
true
pap, chap, and ms chap are legacy protocols
true
WAP2 (Wi-Fi Protected Access 2)
uses CCMP to create more security when dealing with data, CCMP helps ensure data confidentiality with both encryption and packet authentication
kerberos
uses symmetric key encryption to validate an individual user to various network resources.
Refer to the exhibit. Which of the following networking device is being shown in the middle in red color?
utm appliance
where do you go to configure firewall rules?
windows defender firewall
how do you confirm that a file was saved in ubuntu command?
you can check the directory that you put the file in by going to cd /etc, once in the directory, type ls to see the things in it