Comptia Security+ 1
First 20 videos of Professor Messer Comptia security+ course
Terms in this set (22)
- An OSI level 2 device, Hardware bridging ASIC's, - forwards traffic based on MAC addresses, - the core of an enterprise network, - High bandwidth many simultaneous packets
- An OSI level 3 device, -Routes traffic between IP subnets, -Routers inside of switches are sometimes called "layer 3 switches", -Layer 2=Switch, Layer 3=Router, -Often connects diverse network types (WAN, LAN, Copper, Fiber)
-OSI level 4 (TCP/UDP), some firewalls filter through OSI level 7, filters traffic by port number, Can encrypt traffic into and out of network and between sites, Can proxy traffic - a common security technique. Most firewalls can also be layer 3 devices.
-Distributes the load over many physical servers, -Very common in large environments, -Load balanced evenly across servers or based on specific content types.
-Sits between the users and the external network, -Receives the users request and sends the request on their behalf, -Applications may need to know how to use the proxy(explicit), -Some proxies are invisible(transparent)
Unified Threat Management (UTM)
-Web security gateway, -Url filter/content inspection, -Malware inspection, -spam filter, -CSU/DSU, -router, -switch, -firewall, -IDS/IPS, -bandwidth shaper, -VPN endpoint
-The connection point for remote users, -Traffic is encrypted across the internet and then decrypted on the internal private network.
Intrusion Detection/Prevention System
-Protects against OS and application exploits, Detection=Alerts but does not prevent attacks, Prevention=Blocks the attack
-Captures network packets, -Decodes each part of the communication, -See's all of the network conversation.
-Stop unsolicited email at the gateway, -Whitelist= only receive email from trusted senders, -SMTP standards checking=Block anything that does not follow RFC standards, rDNS= Block email where the senders domain does not match their IP address, -Tarpitting= Intentionally slow down the server conversation, -Recipient filtering= Block all email not addressed to a valid recipient email address
Web Application Firewall
-Applies Rules to HTTP conversations, -Allow or deny based on expected input, -Protects against exploits like SQL injections and buffer overflows, -Focus of Payment Card Industry Data Security Standard
Application Aware Security Devices
-Network Based Firewalls=Control traffic flows based on the application, (Microsoft SQL server, twitter, youtube). -Intrusion Prevention System= ID the application, apply application specific vulnerability signatures to the traffic. Host Based Firewalls= Work with the OS to determine the application
-Allow or disallow traffic based on firewall tuples (source IP, destination IP, port number, time of day, etc..). -Evaluated top to bottom. -There is usually an implicit deny at the bottom.
-Logically separate yours switch ports into subnets. -VLAN's cannot communicate with each other without a router. -Group users together by function
Secure Router Configuration
-Always change the default log in and password. -Protect configuration file transfers. -TFTP=In the clear, not encrypted, -SCP=encrypted, -HTTPS=encrypted.
Access control lists
-Permissions associated with an object, -Used in file systems, network devices, operating systems, and more.
Switch Port Security
-IEEE 802.1X= Port based network access control software. Makes extensive use of EAP (Extensible Authentication Protocol) and Radius (Remote Authentication Dial in User Service). Disable your unused ports, Enable duplicate MAC address checking / spoofing
-Commonly seen on Intrusion Prevention Systems. -Dos/DDos (denial of service / distributed denial of service). Syn floods= overload the server. Ping floods/ping scans=overwhelm the network, determine devices on a network. -Port floods/port scans=identify open ports on a device.
Spanning tree protocol
-IEEE standard 802.1D. -Prevents loops in bridged (switched) networks. -Built into the switch configuration options.
-Seperate switches, seperate routers, no overlap. -Used in sensitive environments. -Logical seperation. -Virtualization of the network infrastructure.
-Used for post event analysis. -Can provide useful real time analysis. -Automation and consolidation is the key.
DMZ (demilitarized zone)
-A layer of security between your network and the internet. -Protects external facing services. -Usually less trusted than the Internal Network connection.