Network Security Flashcards
Confidentiality
Prevents disclosure of information to unauthorized individuals
Integrity
Ensuring that data has not been modified
Availability
Information is accessible to authorized users
CVE
Common Vulnerabilities and Exposures - a database containing known vulnerabilities
Zero-Day Vulnerability
One that has never been detected or published
Least privilege
Giving people just enough privileges to do their jobs.
Role-based Access
Your access is based on your role in the organization. In Windows, use Groups to provide this type of access.
Zero Trust
Everything must be verified. Nobody is trusted until authentication is provided by the user. Systems are constantly monitored.
Network segmentation enforcement
Physical segmentation (using separate devices) or VLANs.
Screened subnet
Formerly a “DMZ” - a separate subnet containing assets that outside users need access to.
Separation of duties
Limit what a single person can do: split knowledge, etc.
Network access Control
IEEE 802.1X - Port-based Network Access Control (NAC). The physical ports require authentication.
Honeypot
Fake virtual systems put in place to lure attackers so they can be monitored.
Multifactor authentication
Something you are
Something you have
Something you know
Somewhere you are
Something you do
TACACS+
Remote authentication protocol. Released as an open standard in 1993.
SSO
RADIUS
Common AAA protocol; supported on wide variety of devices. Centralized authentication for users.
LDAP
Protocol for reading/writing directories over an IP network. Can be used as authentication protocol.
Kerberos
Network authentication protocol; authenticate once (SSO). Mutual authentication