Chapter 8 - Network Security

Ace your homework & exams now with Quizwiz!

These characteristics make malware hard to detect

-encryption -stealth -polymorphism -time dependence

user awareness

A NGFW's ability to adapt to the class of a specific user or user group.

context aware

A NGFW's ability to adapt to various applications,users, and devices.

ACL (access control list)

A filter that instructs the router to permit or deny traffic according to different variables

network-based firewall

A firewall that is placed internally or externally to a private network monitoring the connection between the internet and the private network.

quarantine network

A network for devices to be separated from sensitive network resources until remediation steps can be completed.

Trojan horse

A program that disguises itself as something useful but actually harms a system.

bot

A program that runs automatically, without requiring a person to start or stop it.

packet-filtering firewall

A router that examines the header of every packet of data it receives to determine whether that type of packet is authorized to continue to its destination.

Implicit deny

A rule that ensures that any traffic that the ACL does not explicitly permit is denied by default

proxy service

A software application on a network host that acts as an intermediary between the external and internal networks, screening all incoming and outgoing traffic

Firewall

A specialized device with specialized software that selectively filters or blocks traffic between networks.

IDS (intrusion detection system)

A stand-alone device or software running on a device, which might be managed from another computer on the network and is used to monitor network traffic and create alerts when suspicious activity happens.

Stateful firewall

Able to inspect each incoming packet to determine whether it belongs to a currently active connection and is a legitimate packet.

On a router...

An ACL is not automatically installed. It must be created manually and assigned to an interface.

persistent agent

An agent permanently installed on a device

nonpersistent agent (dissolvable agent)

An agent that remains on the device long enough to verify compliance and complete authentication, and then uninstalls

honeynet

An elaborate setup of several honeypots.

Malware

Any program or piece of code designed to intrude upon or harm a system or its resources.

file-infector viruses

Attach themselves to executable files. When the executable file runs, the virus copies itself to memory and attaches onto other executable files.

Users should

Be grouped according to their security levels and assigned additional rights that meet the needs of those groups.

content-filtering firewalls

Block designated types of traffic based on application data contained within packets.

PDoS attack (Permanent DoS)

Damages a router or switch's firmware beyond repair.

Honeypot

Decoy system that is purposely vulnerable and filled with what appears to be sensitive content.

AUP (Acceptable Use Policy)

Explains to users what they can and cannot do and penalties for violations.

Next Generation Firewalls (NGFW)

Have built-in Application Control features and are application aware, meaning they can monitor and limit the traffic of specific applications, including the application's vendor and digital signature.

RF(radio frequency) emanation

Layers 1-3 Condition created by the leaking of radio or electrical signals from computer equipment.

port scanner

Layers 1-3 Software that searches a node for open ports.

jamming

Layers 1-3 The attacker creates a high volume of illegitimate wireless traffic and overwhelms the wireless network.

ARP cache poisoning

Layers 1-3 When attackers use faked ARP replies to alter ARP tables in the network.

DDoS attack (distributed DoS)

Layers 4-7 A DoS attack that comes from several sources, known as zombies.

ping of death

Layers 4-7 A buffer overflow condition created by sending an ICMP packet that exceeded the maximum 65,535 bytes.

smurf attack

Layers 4-7 A hacker issues a flood of broadcast ping messages.

DHCP snooping

Layers 4-7 A security feature that checks and filters DHCP messages on the network.

Dynamic ARP inspection (DAI)

Layers 4-7 A security feature that detects faked ARP messages.

FTP Bounce

Layers 4-7 An attacker commands the FTP server to connect to a different computer and can scan the ports on other hosts and transmit malicious code.

IP spoofing

Layers 4-7 An outsider obtains an internal IP address to pretend they have authority to access an internal network from the Internet.

flashing

Layers 4-7 Commands sent to a user's machine via a chat session that cause the screen to fill with garbage characters and require them to terminate the chat session.

banner-grabbing attack

Layers 4-7 Hackers transmit bogus requests for connection to servers or applications in order to harvest useful information to guide their attack efforts.

backdoors

Layers 4-7 Security flaws that allow unauthorized users to gain access to the system.

man-in-the-middle (MitM) attack

Layers 4-7 When a person redirects or captures secure transmissions as they occur.

session hijacking attack

Layers 4-7 When a session key is stolen or intercepted, an attacker can take control of the session.

DRDoS attack (distributed reflector DoS)

Layers 4-7 a DDoS attack bounced off of uninfected computers called reflectors, achieved by spoofing.

Buffer overflow

Layers 4-7 A vulnerability of older operating systems. When a buffer's size is forced beyond its alloted space, causing a system crash.

DoS attack (Denial-of-service)

Layers 4-7 Occurs when a system becomes unable to function because it has been inundated with requests for services and can't respond to any of them.

domain local groups

Local groups that can be managed through Active Directory

Filters for an ACL

Network layer protocol Transport layer protocol Source IP address Destination IP address TCP or UDP port number

port mirroring

One port is configured to send a copy of all its traffic to a second port on the switch.

host-based firewalls

Only protect the computer on which they are installed.

Boot sector viruses

Positions its code in the boot sector of a computer's hard disk so that when the computer boots up, the virus runs in place of the computer's normal system files.

Worms

Programs that run independently and travel between computers and across networks.

Network viruses

Propagate themselves via network protocols, commands messaging programs, and data links. Designed to take advantage of network vulnerabilities.

NIDS (network based intrusion detection system)

Protects a network and is usually situated at the edge of the network or in a network's protective perimeter or DMZ.

reverse proxy

Provides services to Internet clients from servers on its own network.

HIDS (host-based intrusion detection system)

Runs on a single computer to alert about attacks to that one host

Network segmentation

Separating portions of the network to protect some resources while granting access to other resources.

agent

Software that monitor's a device's status regarding the security benchmarks to determine the device's compliance.

Packet-filtering firewalls might accept or deny traffic by certain criteria such as

Source and destination IP addresses Source and destination ports Flags set in the TCP header Transmissions that use the UDP or ICMP protocols A packet's status

IPS (intrusion prevention system)

Stands between the attacker and the network or host, and can prevent traffic from reaching the protected network or host.

SIEM (Security Information and Event Management)

Systems that can be configured to evaluate data from IDS,IPS, firewalls and proxy servers, and look for significant events that require attention.

Macro viruses

Takes the form of a macro which can be executed as the user works with a program.

virtual wire mode

The firewall is transparent to surrounding nodes as if it's just one part of the wire.

Firewall misconfiguration

The most common cause of firewall failure

proxy server

The network host that runs the proxy service

zombies

The owners are unaware that their computers are being used in a DDoS attack.

outbound traffic

Traffic attempting to exit a LAN

consent to monitoring form

a document that ensures that employees are made aware that their use of company equipment and accounts can be monitored and reviewed as needed for security purposes.

unintentional DoS attack

a friendly attack because it is not done with malicious intent.

Virus

a program that replicates itself with the intent to infect more computers,

Unified Threat Management (UTM)

a security strategy that combines multiple layers of security appliances and technologies into a single safety net.

Network access control (NAC)

employs network policies which determine the level and type of access granted to a device when it joins a network.

security policy

identifies your security goals, risks, levels of authority, designated security coordinator and team members, responsibilities for each team member, and responsibilities for each employee.

spoofing

impersonating a source IP address

amplification attack

instigated using small,simple,requests that trigger very large responses from the target.

Stateless firewall

manages each incoming packet as a stand-alone entity without regard to currently active connections.

Logon restrictions

time of day, total time logged on, source address, and unsuccessful logon attempts


Related study sets

Organization - Employee and Labor Relations

View Set

Chapter 18 - Neurologic Emergencies

View Set

GERIATRIC ASSESSMENT B #2 RACIEL

View Set