Flashcards in Chapter 8 - Network Security Deck (26)
What is a DDoS?
Distributed Denial of Service
What is an IDS
Intrusion Detection System
Why should we use network segmentation?
We can segment a network by dividing it into smaller networks called subnets. In this way subnets can be used to direct the flow of particular traffic, and technical problems can be isolated to a particular subnet and is easier to fix.
What is a choke point?
A choke point is a point where network traffic is filtered to be inspected. Examples of choke points include routers that move traffic from one subnet to another, firewalls, proxies, and applications like email
Why is redundancy a good network design element?
It gives us a backup when parts of our network fail so we can re-route traffic
Define a firewall
a mechanism for maintaining control over the traffic that flows in and out of networks
What is packet filtering and why is it susceptible to attacks?
Packet filtering looks at the content of each packet and makes a decision about whether or not to allow it through the firewall by examining source and destination IP addresses, protocol and port. This type of firewall is susceptible to attack because each packet is examined individually, and individual packets may be able to slip through the cracks
What is a stateful firewall
A stateful firewall takes packet filtering a step further by monitoring traffic on all new or existing connections. Once a connection has been closed, the stateful firewall can identify any remaining packets flowing as illegitimate traffic.
What is deep packet inspection?
Deep packet inspection adds an additional layer to our firewall. Deep packet inspection allows the firewall the ability to reassemble the content of packets to inspect what is inside before delivering it.
What is a proxy server?
Proxy servers are a firewall that can serve as a choke point and also log traffic. Many companies rely on them to filter out malware and spam
What does DMZ stand for and how are they used?
DMZ stands for demilitarized zone. A DMZ is a combo of a firewall and network design that gives an extra layer of protection between an external network and our internal system. We can set up filtering so that the only traffic flowing through a DMZ to our system is relevant and travelling on a particular port. A DMZ is a layer between the internal and external firewall
What is HIDS
Host Based Intrusion Detection System
What is APIDS
Application Based Intrusion Detection System
What is NIDS
Network Based Intrusion Detection System
Why is it important to place a NIDS carefully?
It is important to place NIDS carefully because they can be easily overloaded with traffic. We should place NIDS behind a firewall so that the traffic they have to inspect is not overwhelming
What is signature based detection?
A signature based IDE looks for attacks with signatures that match a known attack signature in their database. This type of detection system is great for detecting known attacks but will not detect any new attacks (many of which are designed not to match any existing signatures.
What is anomaly based detection?
Anomaly based detection looks for patterns on the network that are not normally present. This type of detection system is great for identifying new attacks but it also results in a lot of false positive detection.
What are the pros and cons of using both signature based and anomaly based detection?
Using signature based and anomaly based detection will allow us to detect many more attacks (all the known + some unknown), It will however be expensive as far as resources on our operating system to use both types of detection at once, and may result in a lag in detection
Why are wireless networks a security risk?
Free wireless networks are a large security risk because they do not use any type of encryption to protect the information travelling on the network. This is not an insurmountable issue, but it is a big one nonetheless
What is a VPN and why/how do we use them?
VPN stands for virtual private network (also often referred to as a tunnel) that creates an encrypted connection between two points.
We use them to connect remotely to internal networks, as well as to gain anonymity for our IP addresses and the traffic that we are sending. VPN's are often associated with illegal Peer to Peer sharing.
How can the placement of an authorized wireless device threaten our security?
Wireless networks have a range of several miles. Placing an additional wireless device can extend that range. We can avoid this happening by keeping a log of all authorized wireless access points and scan for unauthorized ones on a regular basis.
Why are FTP and POP protocols often not secure methods to use?
Because they tend to send sensitive information in plain-text, so anyone listening to traffic across the network could gain access to sensitive information
It is better to use SSH and SFTP which use public key encryption to protect our information
What is penetration testing and what types of attacks can it protect against?
Penetration testing is conducting assessments on our own network regularly and thoroughly to look for holes in our security. As we update our software and reconfigure our network, our vulnerabilities will change, this is why it is important to test regularly. Penetration testing will only protect against known attacks, new attacks may not be able to be protected against
What is Kismet?
Kismet is a tool for detecting wireless access points (authorized or otherwise), it is available for Linux but has a windows cousin NetStumbler
What are scanners and why do we use them?
Scanners are a tool used for security testing and assessment that fall into two categories: port scanners and vulnerability scanners. One of the port scanners that we use is called Nmap. It scans ports and can also detect hosts on a network and find their operating systems and services running on any ports on our network