Ch. 9 Infrastructure Security

0.0(0)
Studied by 0 people
call kaiCall Kai
Locked
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/49

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 7:39 PM on 7/6/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai
Chat

No analytics yet

Send a link to your students to track their progress

50 Terms

1
New cards

gap analysis

a comparison of the organization’s current state of information security with reecommended controls

2
New cards

segmentation

dividing a network into multiple subnets or segments with each acting as its own small network to improve monitoring and enhance security

3
New cards

isolation

keeping multiple instances of an attack surface separate so that each instance can only see and affect itself

4
New cards

least privilege

granting access that is limited to what is only necessary for a device or user to complete their work

5
New cards

configuration enforcement

applying security measures to reduce unnecessary vulnerabilities

6
New cards

decommissioning

removing or dismantling a technology or serviuce from a live production

7
New cards

removal of unnecessary software

deleting softwaree that is not essential to an operation in order to eliminate an attack vector

8
New cards

selection of effective controls

choosing productive safeguards or countermeasures to limit the exposure of an asset to a danger

9
New cards

device placement

physically locating important devices in secure locations

10
New cards

network switch

a device that connectrs network devices

11
New cards

port security

configuring switches to limit the number of MAC addresses that can be learned on ports, preventing the MAC address table from being overwhelmed

12
New cards

MAC flooding

an attacker can overflow the switch’s address table with fake MAC addresses, forcing it to act like a hub, sending packets to all devices

13
New cards

MAC address spoofing

If two devices have the same MAC address, a switch may send frames to each device. An attacker can change the MAC address on their device to match the target device’s MAC address

14
New cards

ARP poisoning

the attacker sends a forged ARP packet to the source device, substituting the attacker’s computer MAC address

15
New cards

Port mirroring

An attacker connects their device to the switch’s port

16
New cards

router

network device that can forward frames across different computer networks

17
New cards

antispoofing

routers that can protect devices that imitate another computer’s IP address

18
New cards

server

a device that distributes resources and services to devices connected to the network

19
New cards

firewall

hardware or software that is designed to limit the spread of malware

20
New cards

policy-based firewall

more flexible type of firewall which allows more generic statements instead of specific rules

21
New cards

forward proxy

a computer or an application that intercepts user requests from the internal secure network and processes the requests on behalf of the user

22
New cards

reverse proxy

routes requests coming from an external network to the correct internal server

23
New cards

hoineypot

a computer located in an area with limited security that serves as “bait” to threat actors

24
New cards

low-interaction honeypot

may only contain login prompth

25
New cards

high-iinteraction honeypot

designed for capturing more information from the threat actor

26
New cards

honeynet

network of honeypots set up with intentional vulnerabilities

27
New cards

sinkhole

“bottomless pit” designed to steer unwanted traffic away from its intended destination to another device

28
New cards

intrusion detection system (IDS)

can detect an attack as it occurs

29
New cards

intrusion prevention system (IPS)

attempts to block the attack

30
New cards

passive system

connected to a port on a switch which receives a copy of network traffic

31
New cards

web filtering

monitors the websites users are browsing so that the organization can either allow or block web traffic to protect against potential threats and enforce corporate policies

32
New cards

DNS filtering

blocks harmful or inappropriate content

33
New cards

File Integrity Monitoring (FIM)

technology designed to “keep an eye on” files to detect any changes within the files that may indicate a cyberattack

34
New cards

extended detection and response (XDR)

collects and correlates data across various network appliances, including servers, email systems, cloud repositories, as well as endpoints

35
New cards

air-gapped network

most restricted level of all

network that has physical isolation from all other networks or the internet

36
New cards

logical segmentation

creates subnets via “virtual networks” or through network addressing schemes

37
New cards

virtual LAN (VLAN)

allows scattered users to be logically grouped together even though they are physically attached to different switches

38
New cards

demilitarized zone (DMZ)

functions as a separate network thatr rests outside the secure network perimeter

39
New cards

jump server

minimally configured server within the DMZ that runs only essential protocols and ports

40
New cards

zero trust

strategic initiative that is designed to prevent successful attacks by threat actors who are already within a network

41
New cards

threat scope reduction

minimizes threats against assets

42
New cards

policy automation

an automated process for referring to policies for approval

43
New cards

control plane

means for communication in a zero-trust architecture

44
New cards

data plane

means for the transfer of resources in a zero-trust architecture

45
New cards

remote access

accessing a network infrastructure from a location other than the campus on which the organization is located

46
New cards

protocol selection

selecting the best networking protocol to use for remote access

47
New cards

port selection

opening the correct ports on devices for remote access

48
New cards

virtual private network (VPN)

a security technology that enables authorized users to use an unsecured public network (the Internet) as if it were a secure private network

49
New cards

network access control (NAC)

a security method that examines the current state of an endpoint before it can connect to a network and then restricts unauthorized users and devices from gaining access

50
New cards

zero trust

not designed to make a system trusted but rather, to eliminate trust