Network Security Flashcards
(47 cards)
Confidentiality
Keeping the data private and safe, only people who should access data, can
Encryption
Authentication to access resources
Symmetric Encryption
examples
cons
sender and receiver share the same key DES - weak, snmpv3 3DES AES - strong, WPA2 cons: key management, poor scalability
Asymmetric Encryption
example
cons
Uses different keys for sender and receiver
RSA: most popular, uses public key infrastructure PKI
used for online shopping (HTTPS)
slower than symmetric
Integrity
Ensures data has not been modified in transit
Verifies the source that traffic originates from
uses hashing
ex: MD5, SHA1, SHA256
Availability
Measures accessibility of the data
Increased by designing redundant networks
Threat
A person or event that has the potential for impacting a valuable
resource in a negative manner
external: outside org
internal: inside org
Technical Vulnerabilities
System-specific conditions that create security weaknesses
Common Vulnerabilities and Exposures: CVE (Known vulnerabilities)
Zero-Day Vulnerability (Brand new vulnerability)
Exploit
Piece of software code that takes advantage of a security flaw or
vulnerability within a system or network
Security Risk Assessment
Used to identify, assess, and implement key security controls within an application, system, or network -threat -vulnerability -penetration -posture
Threat Assessment
Focused on the identification of the different threats that may wish to
attack or cause harm to your systems or network
Vulnerability Assessment
Focused on identifying, quantifying, and prioritizing the risks and
vulnerabilities in a system or network
Penetration Test
Evaluates the security of an IT infrastructure by safely trying to exploit
vulnerabilities within the systems or network
Posture Assessment
Assesses cyber risk posture and exposure to threats caused by
misconfigurations and patching delays
Business Risk Assessment
Used to identify, understand, and evaluate potential hazards in the
workplace
-process
-vendor
Process Assessment
The disciplined examination of the processes used by the organization
against a set of criteria
Vendor Assessment
The assessment of a prospective vendor to determine if they can
effectively meet the obligations and the needs of the business
Least Privilege
Using the lowest level of permissions or privileges needed in order to
complete a job function or admin task
(RBAC)
Role-Based Access Control
An access model that focuses on a group of
permissions versus an individual’s permissions
Mandatory Access Control: system decides, military classification
Discretionary Access Control: resource owner decides
Zero-Trust
A security framework that requires users to be authenticated and
authorized before being granted access to applications and data
Defense in Depth
Cybersecurity approach in which a series of
defensive mechanisms are layered in order to protect valuable data and
information
Physical, logic, administrative
Screen Subnet the artist formally known as dmz
Subnet in the network architecture that uses a single firewall with three
interfaces to connect three dissimilar networks
Triple-homed firewall (internet, dmz, intranet)
Separation of Duties
Prevent frauds and abuse by distributing various tasks and approval
authorities across a number of different users
(NAC)
Network Access Control
Ensures a device is scanned to determine its current state of security prior to
being allowed network access
IEEE 802.1x - Used in port-based Network Access Control
Honeypot/ Honeynet
Attracts and traps potential attackers to counteract any attempts at
unauthorized access to a network
Track habits of attackers
