Untitled Flashcards Set

What is Device Placement?

It’s the strategic positioning of network devices (e.g., firewalls, routers) within a network to maximize security.

What are Security Zones?

Network segments with distinct security policies, such as DMZ or internal networks.

Define Attack Surface.

All the vulnerable points in a network that are exposed to potential threats.

What is Fail-Open?

A configuration that allows network traffic through if the device fails, prioritizing availability.

Fail-Closed?

A configuration that blocks network traffic if the device fails, prioritizing security.

Active devices

devices (e.g., firewalls) interact with traffic

Inline

sit directly in the traffic path (e.g., IPS),

Jump Server?

A secure intermediary server providing access to a sensitive network segment.

Proxy Server.

A server that acts as an intermediary for requests between clients and servers, adding security and caching.

IPS

ctively blocks threats

What is a Load Balancer?

A device that distributes network traffic across multiple servers to prevent overload.

what is Port Security.

A method to control which devices can connect to physical network ports to prevent unauthorized access.

What does 802.1X do?

It’s a port-based network access control standard used with authentication protocols like EAP.

What is Extensible Authentication Protocol (EAP)?

A framework providing authentication methods for network access.

What is a Web Application Firewall (WAF)?

A firewall specifically designed to protect web applications from attacks like XSS and SQL injection.

What does Unified Threat Management (UTM) provide?

It combines multiple security functions like firewall, antivirus, and content filtering into one solution.

What is a Next-Generation Firewall (NGFW)?

A firewall with advanced features like deep packet inspection and application awareness.

Layer 4

filters by IP/port;

VPN

It creates an encrypted tunnel for secure remote access to a network.

Define Tunneling.

A method of encapsulating data within secure protocols for safe transmission.

TLS?

Encrypts data during transfer, ensuring confidentiality and integrity.

What is IPSec?

A protocol suite for securing IP communications with encryption and authentication.

SD-WAN.

A wide area network approach that dynamically manages connections for cost-effective and reliable performance.

What is Secure Access Service Edge (SASE)?

A cloud-based network security model combining SD-WAN with security services.

Effective Controls?

Choose security measures based on network needs for confidentiality, integrity, and availability.