Chapter 7 Flashcards
network perimeter
The border of a computer network, commonly secured by devices
such as firewalls and NIDS/NIPS solutions.
explicit allow
When an administrator sets a rule that allows a specifi c type of traffi c
through a fi rewall, often within an ACL.
explicit deny
When an administrator sets a rule that denies a specific type of traffic access
through a firewall, often within an ACL.
implicit deny
Denies all traffic to a resource unless the users generating that traffic
are specifi cally granted access to the resource.
packet filtering
In the context of firewalls, inspects each packet passing through the
fi rewall and accepts or rejects it based on rules.
stateful packet inspection (SPI)
Type of packet inspection that keeps track of network
connections by examining the header in each packet.
application-level gateway (ALG)
Applies security mechanisms to specifi c applications,
such as FTP and/or BitTorrent.
circuit-level gateway
Works at the Session Layer of the OSI model and applies security
mechanisms when a TCP or UDP connection is established; acts as a go-between
for the Transport and Application Layers in TCP/IP.
IP proxy
Secures a network by keeping machines behind it anonymous; it does this
through the use of NAT.
HTTP proxy
Caches web pages from servers on the Internet for a set
amount of time.
web security gateway
An intermediary that can scan for viruses and fi lter Internet
content.
honeynet
One or more computers, servers, or an area of a network, used to attract and
trap potential attackers to counteract any attempts at unauthorized access of the network.
data loss prevention (DLP)
Systems that are designed to protect data by way of content
inspection.
promiscuous mode
n a network adapter, this passes all traffi c to the CPU, not just the
frames addressed to it.
false positive
When a system authenticates a user who should not be allowed access to
the system