70 terms

chapter 6

IP addresses are ____-bit addresses.
all in one network security appliance
Network hardware that provides multiple security functions
anomaly based monitoring
A monitoring technique used by an IDS that creates a baseline of normal activities and compares actions against the baseline. Whenever a significant deviation from this baseline occurs an alarm is raised
ARP poisoning
The attacker sends a forged ARP packet to the source device, substituting the attacker's computer MAC address
A reference set of data against which operational data is compared
behavior based monitoring
A monitoring technique used by an IDS that uses the normal processes and actions as the standard and compares actions against it
frames sent to all devices
temporary storage area
Core switches
reside at the top of the hierarchy and carry traffic between switches
demilitarized zone
A separate network that rests outside the secure network perimeter; untrusted outside users can access it but cannot enter the secure network
A(n) ____ is the end of the tunnel between VPN devices.
false positives
alarms that are raised when there is no actual abnormal behavior
What is another name for a packet filter?
heuristic monitoring
A monitoring technique used by an IDS that uses an algorithm to determine if a threat exists
host based software firewall
a program that is run on a local system to filter traffic
host intrusion detection system
A software-based application that runs on a local host computer that can detect an attack as it occurs
a standard network device for connecting multiple Ethernet devices together using twisted pair copper or fiber optic cables in order to make them function as a single network segment
integrated network security hardware
combine or integrate multipurpose security appliances with a traditional network device such as a switch or router
Internet content filters
monitor Internet traffic and block access to preselected Web sites and files
intrusion detection system
A device designed to be active security; it can detect an attack as it occurs
IP spraying
Load balancing that is used for distributing HTTP requests received through port 80
Layer 4-7 router
A hardware load balancer
load balancer
A device that can direct requests to different servers based on a variety of factors, such as the number of server connections, the server's processor utilization, and overall performance of the server
load balancing
a technology that can help to evenly distribute work across a network
MAC address impersonation
If two devices have the same MAC address, a switch may send frames to each device; an attacker can change the MAC address on their device to match the target device's MAC address
MAC flooding
An attacker can overflow the switch's address table with fake MAC addresses, forcing it to act like a hub, sending packets to all devices
MX record
an entry in the DNS that identifies the mail server responsible for handling that domain name
Layer 3 of the OSI model is the ____ layer.
network access control
A technique that examines the current state of a system or network device before it is allowed to connect to the network
network address translation
A technique that allows private IP addresses to be used on the public Internet
network intrusion detection system
A technology that watches for attacks on the network and reports back to a central device
network intrusion prevention system
A technology that monitors network traffic to immediately react to block a malicious attack
network tap
a separate device that can be installed between two network devices to monitor traffic
OSI model
illustrates how a network device prepares data for delivery over the network to another device, and how data is to be handled when it is received
____ is typically used on home routers that allow multiple users to share one IP address received from an Internet service provider (ISP).
port address translation
A technique that gives each packet the same IP address but a different TCP port number
Port mirroring
An attacker connects his device to the switch's mirror port
Post Office Protocol
responsible for handling incoming mail on port 110
Private IP address
IP addresses that are not assigned to any specific user or organization
proxy server
A computer or an application program that intercepts a user request from the internal secure network and then processes that request on behalf of the user
remote access
any combination of hardware and software that enables remote users to access a local internal network
reverse proxy
A computer or an application program that routes incoming requests to the correct server
A device that can forward packets across computer networks
rule based firewall
rules set by an administrator that tell the firewall precisely what action to take with each packet that comes through it
Layer 5 of the OSI model is the ____ layer.
settings based firewall
allows the administrator to create sets of related parameters that together define one aspect of the device's operation
signature based monitoring
A monitoring technique used by an IDS that examines network traffic to look for well-known patterns and compares the activities against a predefined signature
Simple Mail Transfer Protocol
handles outgoing mail on port 25
site to site VPN
multiple sites can connect to other sites over the internet
stateful packet filtering
___ keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions.
stateless packet filtering
packets filtered by a firewall that looks at the incoming packet and permits or denies it based on the conditions that have been set by the administrator
stateless packet filtering
A firewall using ____ is the most secure type of firewall
Subnet Addressing
Allows an IP address to be split anywhere within its 32 bits
A technique that uses IP addresses to divide a network into network, subnet and host
A device that connects network segments and forwards only frames intended for that specific device or frames sent to all devices
system call
an instruction that interrupts the program being executed and requests a service from the operating system
frames intended for a specific device
virtual LAN
A technology that allows scattered users to be logically grouped together even though they may be attached to different switches
virtual private dial up network
a user-to-LAN connection used by remote users
virtual private network
a technology to use an unsecured public network, such as the Internet, like a secure private network
A(n) ____ encrypts all data that is transmitted between the remote device and the network.
VPN concentrator
A device that aggregates hundreds or thousands of VPN connections
Web application firewall
A special type of firewall that looks more deeply into packets that carry HTTP traffic
Web security gateway
A device that can block malicious content in "real time" as it appears (without first knowing the URL of a dangerous site)
workgroup switches
connected directly to the devices on the network
True or False: Workgroup switches must work faster than core switches.
True or False: The OSI model breaks networking steps down into a series of six layers.
True and False: Behavior-based monitoring attempts to overcome the limitations of both anomaly-based monitoring and signature-based monitoring by being more adaptive and proactive instead of reactive.
True or False: A basic level of security can be achieved through using the security features found in network hardware.
True or False: Security is enhanced by subnetting a single network into multiple smaller subnets in order to isolate groups of hosts.