Technologies, Architecture & Design Flashcards
Network Address Translation (NAT)
an IPv4 technique used to link private IP addresses to public ones.
Access control list (ACL)
Lists of users and their permitted actions. Can be identified by ID, network address, or token.
Application-based vs. network-based Firewall
- App-based firewalls look at traffic and block/allow actions within applications (even web-connected ones).
- Network-based firewalls are, um, network-based and look at IP addresses and ports.
Implicit deny
if it isn’t explicitly allowed, then deny it.
Rule-based management
To define desired operational states so that they can be represented as rules.
VPN concentrator
A VPN concentrator is a way of managing multiple VPN conversations on a network while keeping them isolated from each other.
IPSec
IPSEC is a set protocols for securely exchanging packets at the network layer (layer 3)
Tunnel Mode
Tunnel-mode means that the data, as well as source and destination addresses are encrypted.
Transport Mode
Transport mode encrypts only the data, allowing an observer to see that a transmission is happening. The original IP header is exposed.
Authentication Headers (AH)
Authentication Headers (AH) are a type of header extension that ensure data integrity and authenticity of the data’s origin.
Encapsulating Security Payload (ESP)
Encapsulating Security Payload (ESP) header extensions provide confidentiality but do not help with data integrity.
Split Tunnel vs. Full Tunnel
- Split-tunnel VPNs do not route all traffic through the VPN. This helps avoid bottlenecks that might come from encrypting all traffic. -
- All traffic going over VPN is called a full tunnel VPN.
Transport Layer Security (TLS)
Transport Layer Security (TLS) can be used for VPNs, to exchange keys and create secure tunnels for communication.
Always-on VPN
“Always on” VPNs are pre-configured and always on, by default.
NIPS
Network-based intrusion prevention systems. NIPS can take automated action to block an attack, as determined by pre-set rules.
NIDS
NIDS stands for a network-based intrusion detection system. These detect, log and respond to unauthorized network usage. This can be in real-time or after the fact.
Signature Based (IDS)
An IDS can be signature-based, meaning it detects intrusion based on known signature definitions.
Heuristic/Behavioral (IPS/IDS)
This means that “normal” behavior is defined, and behavior that is outside of those bounds is considered malicious or bad.
This can have a high false-positive rate
Anomaly (IDS)
Anomaly-based is similar and looks for traffic that is anomalous based on known “normal” behavior.
Inline vs. Passive (IDS)
IDS can be inline, meaning it monitors data as it flows through the device, or passive, meaning that it copies off the data and examines it offline.
In-Band vs. Out-of-Band (IDS)
It can be in-band, meaning that it examines data and can take actions within that system (if something looks bad, don’t send it along). Out-of-band cannot.
Security Information and Event Management (SIEM)
- SIEM stands for security information and event management.
- SIEM systems are hardware and software meant to analyze aggregated security data.
Agreggation (SIEM)
Aggregation of data: event logs, firewall logs security, application logs.
Correlation (SIEM)
Correlation, meaning that events or behaviors can be related based on time, common events, etc.
