Studied by 0 people
Looks like no one added any tags here yet for you.
What is Device Placement?
It’s the strategic positioning of network devices (e.g., firewalls, routers) within a network to maximize security.
What are Security Zones?
Network segments with distinct security policies, such as DMZ or internal networks.
Define Attack Surface.
All the vulnerable points in a network that are exposed to potential threats.
What is Fail-Open?
A configuration that allows network traffic through if the device fails, prioritizing availability.
Fail-Closed?
A configuration that blocks network traffic if the device fails, prioritizing security.
Active devices
devices (e.g., firewalls) interact with traffic
Inline
sit directly in the traffic path (e.g., IPS),
Jump Server?
A secure intermediary server providing access to a sensitive network segment.
Proxy Server.
A server that acts as an intermediary for requests between clients and servers, adding security and caching.
IPS
ctively blocks threats
What is a Load Balancer?
A device that distributes network traffic across multiple servers to prevent overload.
what is Port Security.
A method to control which devices can connect to physical network ports to prevent unauthorized access.
What does 802.1X do?
It’s a port-based network access control standard used with authentication protocols like EAP.
What is Extensible Authentication Protocol (EAP)?
A framework providing authentication methods for network access.
What is a Web Application Firewall (WAF)?
A firewall specifically designed to protect web applications from attacks like XSS and SQL injection.
What does Unified Threat Management (UTM) provide?
It combines multiple security functions like firewall, antivirus, and content filtering into one solution.
What is a Next-Generation Firewall (NGFW)?
A firewall with advanced features like deep packet inspection and application awareness.
Layer 4
filters by IP/port;
VPN
It creates an encrypted tunnel for secure remote access to a network.
Define Tunneling.
A method of encapsulating data within secure protocols for safe transmission.
TLS?
Encrypts data during transfer, ensuring confidentiality and integrity.
What is IPSec?
A protocol suite for securing IP communications with encryption and authentication.
SD-WAN.
A wide area network approach that dynamically manages connections for cost-effective and reliable performance.
What is Secure Access Service Edge (SASE)?
A cloud-based network security model combining SD-WAN with security services.
Effective Controls?
Choose security measures based on network needs for confidentiality, integrity, and availability.
Note 
Flashcard (314)