Chapter 2.1 Flashcards
SSL Decryptor Pros vs Cons
PRO: A benefit (or pro) for deploying an SSL decryptor is that it will block connections that use weak cipher suites or implementations and block connections that cannot be inspected.
CON: Placing the SSL decryptor at the edge is a drawback (or con). The edge of the network is also the point where internal network meets the public network. The placement makes the SSL decryptor a single point of failure.
multipurpose proxy
A multipurpose proxy server can be configured with filters for multiple protocol types, such as HTTP (Hypertext Transfer Protocol), FTP (File Transfer Protocol), and SMTP (Simple Mail Transfer Protocol).
application proxy
An application-specific proxy, like a web proxy, will only filter out content from the web. A proxy server is required for FTP services as well.
non-transparent proxy
A non-transparent class of proxies requires a client to be configured with the proxy server address and port settings.
transparent proxy
A transparent class of proxies requires no extra configuration of client computers. This proxy intercepts client traffic through a switch, router or other inline network appliance.
bridge
A bridge connects two network segments together. An example includes a bridged connection between the wireless and Ethernet adapters of a laptop.
STP
STP stands for Spanning Tree Protocol. It prevents loops with multiple switches and routers.
port security
Port security is used to prevent the attachment of unauthorized client devices on wall ports, switches, or routers. A maximum number of MAC addresses can be set to record, which will prevent future connections once the maximum is met.
SNMP
SNMP or Simple Network Management Protocol is used for sending traps to network monitoring tools with status information. Changing the custom string will prevent unauthorized tools from gathering data using default string names.
HTTPS for switches
HTTPS can be enabled on the network switch for secure web management. This is an alternative to managing switches via SSH.
SSL decryptor/inspector/interceptor
An SSL decryptor, inspector, or interceptor is a type of proxy used to examine encrypted traffic before it enters or leaves the network. This ensures that traffic complies with data policies and strong cipher suites are used.
The SSL interceptor is at the network’s edge as a transparent bridge to evade a hacker’s view. It will not be a regular device with an IP address on its own subnet range.
Round Robin setting
A round robin setting is used in load balancing scenarios. New client sessions are established with the next server in the group. Round robin and affinity provide stateless fault tolerance.
session affinity
A session affinity setting is used in load balancing scenarios. This is also known as source IP (internet protocol) and is a layer 4 approach to handling user sessions.
active/active
An active/active cluster provides Enterprise services to clients from both virtual servers. All services will transparently transfer to the other server if one virtual host goes offline.
active/passive
An active/passive cluster provides Enterprise services to clients from only one virtual server. The other server comes online only when the currently active server goes offline.