Flashcards in Networking Test 3 Deck (75):
What is cloud computing?
Flexible provisioning of computer, storage, and network resources, and other services to multiple clients
List multiple cloud computing features:
1. On demand services2. Elastic services3. Multiple platform support4. Resource pooling5. Metered services
What are the 3 types of cloud models?
Public, private, hybridAll models are based on resource virtualization
Describe the public cloud model
Resources and services owned and hosted by a third party and available to many clients
Describe the private cloud model
Resources and services owned by an organization and available to internal clients
Describe the hybrid cloud model
Utilizes resources and services of both public and private clouds in an integrated fashion
What are the cloud service models?
Infrastructure as a servicePlatform as a serviceSoftware as a serviceEach has a different level of management, control, cost and risk
Describe Infrastructure as a service (IaaS)
Hardware and network resources provided, workloads responsibility of the client
Describe Platform as a Service (PaaS)
IaaS plus OS and libraries, applications are the responsibility of the client
Describe Software as a Service (SaaS)
Complete application, client has no responsibility
What is remote access?
Service allowing connection to a resource (server, network, etc) from a remote geographic location
What are some types of remote access?
Remote connection to OS (computer or network device)Dedicated line between sitesVirtual Private Network (VPN)
What is a VPN?
Virtual Private NetworkConnection between devices, networks, or devices and networks* Traffic is tunneled (encapsulated within host network PDUs)* May secure communications via one or a combination of confidentiality, integrity, availability, commonly known as CIA
What uses generic routing encapsulation to send non-IP traffic across an IP only VPN?
Layer 2 traffic tunneling VPN
What is encryption?
Transforming data via a mathematical algorithm known as a cipherData can only be read by reversing the cipherUsed to keep information private (provides the C in CIA)
What is a key?
Random string of characters used in conjunction with data and cipher to create unique data block
What is a cipher text?
An encrypted block of data
What is a brute force attack?
An attempt to break encryption by guessing keys
What is symmetric encryption?
AKA Private encryption or shared key____________Same key is used to encrypt and decrypt data__________Most efficient___________Drawback- Key must be known by multiple parties
What is asymmetric encryption?
Two keys - known as a key pair_____Data is encrypted by one and can only be decrypted by the other__________Private key is only known by key owner___________Public key available to anyone_________Requires a public key server which is publicly accessible server distributing public keys
Encrypted data can be __________
Some _______ should never be decrypted
One way transformation
List 2 types of encryption algorithms
List types of remote device access
Remote desktop protocol - microsoft (all MS OS can be server)SSH - UNIX command (free and paid servers and clients for unix and windows)VNC - UNIX GUI (Free and paid servers and clients, unix and windows)
Remote Authentication Dial In User ServiceCentralized service for authenticationAAA
What 3 services does kerberos provide?
Key Distribution Center (KDC)Authentication Service (AS)Ticket Granting Service (TGS)
Three categories of multifactor authentication
What does a firewall do?
Allows desirable traffic to be transported from an untrusted network/host to a trusted network/hostPrevents harmful traffic from doing the same.
A firewall _____ _____ to permit and/or prevent traffic transport.
What is the first generation of firewall methodologies?
Packet filtering - inspects layers 3 and 4 addressing
What is the second generation of firewall methodologies?
Stateful filtering - inspects TCP connection state
What rules govern traffic transport in a firewall?
permit or deny________source and/or destination IP__________source and/or destination ports_______________layer 4 protocol______________direction (in/outbound)
what's another name for cisco IOS packet filtering?
Access controlAccess Control Entries (ACEs) within Access Control Lists (ACLs)
Using stateful firewall filtering the firewall works up to and including layer ____
For Cisco IOS Stateful filtering you may see the stateful filtering be referred to as what?
Context Based Access Control (CBAC)
What medium does a WLAN use?
the AIR lol the atmosphere tho
What does a wireless network transmit?
RF - radio frequency
Who governs transmission frequencies, including those transmitted by WLANs?
Industry Canada, FCC for the US, ITU internationally
What wireless technologies use a wireless personal area network?
bluetooth, infrared, near-field communications (NFC)
What GHz does Bluetooth use?
What is bluejacking?
Unsolicited data sent through bluetooth
What is bluesnarfing?
Data downloaded without permission via bluetooth
What is a posture assessment?
A thorough exam of each aspect to determine how it might be compromisedShould be performed annually at minimum
What security assessment will be performed by an organization that has been accredited by an agency that sets security standards?
A security audit
Who is an individual who gains unauthorized access to systems?
Vulnerability is the weakness of a _____, process, or __________.
Weakness of a system, process, or architecture.
What is an exploit?
A means of taking advantage of a vulnerability
What is a zero-day attack?
Taking advantage of an undiscovered vulnerability
What is phishing?
A way to gain sensitive information by posing as a trusted person.organization through electronic communications
What layer risk is this:Wireless jamming
What layer risk is this:RF emanation on private wireless / copper media communications
What layer risk is this:Eavesdropping on connections to internet
What layer risk is this:Sniffing data on public wifi
What layer risk is this:Access to unused and unsecured ports on switches n routers
What layer risk is this:ARP table poisoning
What layer risk is this:Computers with sensitive data connected to publicly accessible networks
What layer risk is this:Banner grabbing attack
What layer risk is this:Session hijacking/man in the middle attack
What layer risk is this:Invalid trust relationships - DHCP snoopin, dynamic ARP inspection
What layer risk is this:NOS backdoors
What layer risk is this:Buffer overflows
What layer risk is this:Default admin security config
What is a banner grabbing attack?
Malicious use of network monitoring tools to inventory services running on servers
What are the 3 Denial of Service (DoS) attacks?
Distributed DoS (DDoS)Distributed Reflection DoS (DRDoS)Permanent DoS (PDoS)
Which DoS Attack is orchestracted through many sources called zombies?
a distributed dos
Which DoS attack is bounced off of uninfected computers and directed at the target?
Distributed Reflected DoS
Which DoS attack replaces device firmware to permanently damage it?
A virus replicates code that attaches to an _______ ______ or ______
a virus replicates code that attaches to an existing code or data
What is a trojan horse?
malware that disguises itself as something useful while harming a system
A worm runs ________________ ___________ between computers over the network
runs independently travelling between computers over the network
What is a boot sector virus?
Embedded in the disk boot sector
How is anti-malware software implemented?
Through host , serve,r network, cloud based software
What is the difference between intrusion detection and prevention?
IDS detects suspicious network activity, is a typically dedicated device and logs data and alerts (passive)_____________IPS detects and reacts to suspicious network activity, is also typically a dedicated device but prevents traffic flow (active)