1/49
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai | Chat |
|---|
No analytics yet
Send a link to your students to track their progress
gap analysis
a comparison of the organization’s current state of information security with reecommended controls
segmentation
dividing a network into multiple subnets or segments with each acting as its own small network to improve monitoring and enhance security
isolation
keeping multiple instances of an attack surface separate so that each instance can only see and affect itself
least privilege
granting access that is limited to what is only necessary for a device or user to complete their work
configuration enforcement
applying security measures to reduce unnecessary vulnerabilities
decommissioning
removing or dismantling a technology or serviuce from a live production
removal of unnecessary software
deleting softwaree that is not essential to an operation in order to eliminate an attack vector
selection of effective controls
choosing productive safeguards or countermeasures to limit the exposure of an asset to a danger
device placement
physically locating important devices in secure locations
network switch
a device that connectrs network devices
port security
configuring switches to limit the number of MAC addresses that can be learned on ports, preventing the MAC address table from being overwhelmed
MAC flooding
an attacker can overflow the switch’s address table with fake MAC addresses, forcing it to act like a hub, sending packets to all devices
MAC address spoofing
If two devices have the same MAC address, a switch may send frames to each device. An attacker can change the MAC address on their device to match the target device’s MAC address
ARP poisoning
the attacker sends a forged ARP packet to the source device, substituting the attacker’s computer MAC address
Port mirroring
An attacker connects their device to the switch’s port
router
network device that can forward frames across different computer networks
antispoofing
routers that can protect devices that imitate another computer’s IP address
server
a device that distributes resources and services to devices connected to the network
firewall
hardware or software that is designed to limit the spread of malware
policy-based firewall
more flexible type of firewall which allows more generic statements instead of specific rules
forward proxy
a computer or an application that intercepts user requests from the internal secure network and processes the requests on behalf of the user
reverse proxy
routes requests coming from an external network to the correct internal server
hoineypot
a computer located in an area with limited security that serves as “bait” to threat actors
low-interaction honeypot
may only contain login prompth
high-iinteraction honeypot
designed for capturing more information from the threat actor
honeynet
network of honeypots set up with intentional vulnerabilities
sinkhole
“bottomless pit” designed to steer unwanted traffic away from its intended destination to another device
intrusion detection system (IDS)
can detect an attack as it occurs
intrusion prevention system (IPS)
attempts to block the attack
passive system
connected to a port on a switch which receives a copy of network traffic
web filtering
monitors the websites users are browsing so that the organization can either allow or block web traffic to protect against potential threats and enforce corporate policies
DNS filtering
blocks harmful or inappropriate content
File Integrity Monitoring (FIM)
technology designed to “keep an eye on” files to detect any changes within the files that may indicate a cyberattack
extended detection and response (XDR)
collects and correlates data across various network appliances, including servers, email systems, cloud repositories, as well as endpoints
air-gapped network
most restricted level of all
network that has physical isolation from all other networks or the internet
logical segmentation
creates subnets via “virtual networks” or through network addressing schemes
virtual LAN (VLAN)
allows scattered users to be logically grouped together even though they are physically attached to different switches
demilitarized zone (DMZ)
functions as a separate network thatr rests outside the secure network perimeter
jump server
minimally configured server within the DMZ that runs only essential protocols and ports
zero trust
strategic initiative that is designed to prevent successful attacks by threat actors who are already within a network
threat scope reduction
minimizes threats against assets
policy automation
an automated process for referring to policies for approval
control plane
means for communication in a zero-trust architecture
data plane
means for the transfer of resources in a zero-trust architecture
remote access
accessing a network infrastructure from a location other than the campus on which the organization is located
protocol selection
selecting the best networking protocol to use for remote access
port selection
opening the correct ports on devices for remote access
virtual private network (VPN)
a security technology that enables authorized users to use an unsecured public network (the Internet) as if it were a secure private network
network access control (NAC)
a security method that examines the current state of an endpoint before it can connect to a network and then restricts unauthorized users and devices from gaining access
zero trust
not designed to make a system trusted but rather, to eliminate trust