Flashcards in Test 2 Deck (86):
The most widely used firewall filtering method is ______________.
Stateful packet inspection (SPI)
How does Stateful packet inspection (SPI) treat packets?
Stateful Packet Inspection (SPI) treats different types of packets differently by spending the most resources on the riskiest packets, which are relatively few, and spending less on the more numerous, less risky packets.
What are the two states of Stateful packet inspection (SPI)?
Opening a connection ( conversation)
Ongoing communication afterward
Stateful packet Inspection (SPI) looks at a packet and compares it to what?
Access control list
What are the three rules of Stateful packet inspection?
1: Check to see if the port connection is 25. Allow if true, check against rule 2 if false.
2. Check against a match with a single internal host on port 80. Allow if true, check against rule 3 if false.
3. Called the 'default rule' which checks if the packet is explicitly allowed and if not drops and logs it.
What happens if a Stateful packet inspection decides to permit a connection?
It adds the connection to its approved connections table.
What are Next-Generation Firewalls (NGFWS)?
Firewalls that deeply inspect packets by looking at EACH piece of the packet.
Next-Generation Firewalls (NGFWS) rely on what technology to process traffic at the full speed of the lines coming into them?
Application-specific integrated circuits
What is the difference between antivirus and a firewall?
Firewalls work at the level of packets and groups of packets. Antivirus (AV) programs, in contrast, examine entire files.
What are the Limitations of Stateful Packet Inspection (SPI) Firewalls?
-Limited primarily to examining socket data
-Cannot detect what applications are actually using Port 80
-Cannot identify problems in streams of packets
What can Intrusion Detection System (IDS) do?
-Can detect suspicious traffic
-Log suspicious traffic
-Notify the security administrator of high-threat suspicious traffic
-Produce many false alarms that can dull vigilance
What is signature detection?
Looks for byte patterns that characterize individual malware programs
What is the problem with signature detection?
-There are now too many malware programs to test for all malware program signatures
-Also, many malware programs mutate, changing their signatures
Filtering packets going from the network to the outside of the network.
Filtering packets coming from outside of the network to the inside.
For humans, EUI-48 addresses are expressed in _______ notation.
Ethernet switches can provide up to _____ priority levels.
Manageable switches can be managed by _____.
Although manageable switches cost much more than non-manageable switches, this is more than made up for by _____ management costs
802.1X __________________ can stop someone from entering the building and plug their computer into a switch or into a wall RJ-45 port, which connects to a switch.
Port Based Access Control
802.1X Port Based Access Control was created by the ______ WG.
The dominant WLAN standards today are _____
802.11 Standards were created by the ______
IEEE 802.11 Working Group
The term Wi-Fi steams from the _________ which is an industry consortium of 802.11 product vendors.
Radios for data transmission are called _______ because they both transmit and receive.
While optical fiber waves are described in terms of wavelength, radio waves are described in terms of another wave characteristic called _______.
In waves, frequency is the number of complete cycles per second. One cycle per second is one ________.
The most common radio frequencies are between ________ and ________
A transceiver must have a _____ to transmit its signal.
____________ antennas transmit signals equally strong in all directions and receive incoming signals equally well from all directions. These are best for short distances.
____________ antennas point in a particular direction, which allows them to send stronger signals in that direction. Good for longer distances.
The area of the sphere is proportional to the square of its radius, so signal strength in any direction weakens by an __________.
Inverse square law
As radio signal travels, it is partially absorbed by the air molecules, plants, and other things it passes through. This is called ___________.
Multiple signals travelling different paths will interfere, so we call this type of interference __________.
Many devices produce _____ at frequencies used in wireless data communications which create wireless interference.
Electromagnetic Interference (EMI)
The _______ is the range of all possible frequencies from zero hertz to infinity.
Regulators divide the frequency spectrum into contiguous spectrum ranges called ___________.
Service bands are subdivided further into smaller frequency ranges called ______.
Signals spread over a range of frequencies. This range is called the signal's _______.
A channel also has a bandwidth. For instance, if the lowest frequency of an FM channel is 89.0 MHz and the highest frequency is 89.2 MHz, then the ___________ is .2 MHz.
2.4 GHz service bands have only __ channels.
The 3 channels that the 2.4 GHz band has are ____
1, 6, 11
The 5 GHz service band is far wider than the 2.4 GHz with between __ and __ non-overlapping 20 MHz bands.
A _______ consists of an access point and the wireless hosts it serves.
Basic service set (BSS)
The access point in a BSS has an identifier called the _______.
service set identifier (SSID)
When a host wishes to send, the host may send a ________ message to the wireless access point. This message asks the access point for permission to send messages.
If the access point responds by broadcasting a ________ message, then other hosts must wait. The host sending the RTS may then transmit, ignoring CSMA/CA.
This channel bandwidth is dominant in sales today
This channel bandwidth is dominant in installed base today
______ can double, triple, or even quadruple transmission speed by sending two signal through the same channel.
MIMO (multiple input/multiple output)
Total _______ is substantially lower than rated speed.
_________ is the number of bits that the host or access point will transmit per second according to 802.11.
_________ throughput is shared by all users of an access point.
_______ mode or personal mode was created for home use.
pre-shared key (PSK)
A ________ is used for a limited time between the host and the user.
Most PSK wireless access points have a serious security vulnerability. To simplify the configuration of wireless clients so that users can connect to acess points more easily, the WIFI Alliance created _________.
Wireless Protected Setup (WPS)
802.1X mode is called _______ mode
A ____ access point is an unauthorized access point set up within a firm by an employee or department.
An _____ access point has software to impersonate a real access point.
____ is a short-range radio technology designed for personal area networks (PANs).
The switches that connect hosts to the network are called _______ switches.
The switches that connect switches to other switches are called _____ switches.
_______ is copper wire that carries electrical signals over copper wire pairs.
4-pair unshieled twisted pair (UTP)
_________ carries light signals through very thin glass tubes.
Transmission links that connect hosts to workgroup switches are called _____ links.
Transmission links that connect switches to other switches are called ______ links.
Single networks use standards at the ______ layer and the ____ link layer.
______ signaling has two states which may be two voltage levels or light being turned off and on.
____ signaling has a few states but is more expensive.
When other wire pairs in a wire bundle create interference, this is called ________.
In fiber, the core is surrounded by a thin glass cylinder called _____.
Travelling different distances, signals will arrive at slightly different times is called ________
The strength of signal is called ______ amplitude
OM4 fiber can carry signals _______ than OM3 fiber.
A company can use two or more UTP or fiber trunk links to connect a pair of switches. This is called _______.
Ethernet requires ______ switch topology.
________ (RSTP) is used by Ethernet switches to detect and break loops automatically and restore the hierarchy.
Rapid Spanning Tree Protocol (RSTP)
______ poisoning packet is a packet that falsely tells the victim that the EUI-48 address for 188.8.131.52 is FF-FF-FF-DD-DD-DD. This is really the EUI-48 address of the hacker.
Transmitting over a single pair of wires is called ______ because the bits of successive clock cycles follow one another in a series.
If there is more than one pair carrying the transmission bits, this is called __________.
100BASE-TX speed is
1000BASE-T speed is
10GBASE-T speed is
Wireless network standards operate at ________.
the Data Link layer
A wireless host sends a packet to a server on the company's wired Ethernet LAN via an access point. How many frames will be involved in this one-way transmission?