WGU - D315 Network and Security Foundations

Network devices

Switches, routers, and firewalls with access to data

Compromised device

Device accessed by a malicious user or attacker

Wireless networks

Networks vulnerable to attackers in close proximity

Hardening

Process of securing and testing network devices

Default passwords

Factory-set passwords that should be changed

Unnecessary logins

Accounts not used by the network administrator

Strong password policy

Requiring complex passwords and regular changes

Unnecessary services

Optional features that increase the risk of attack

Patching

Installing security updates to fix vulnerabilities

Physical access

Ability to physically interact with a device

Trusted network

Network authorized to make changes to a device

Wireless network encryption

Configuring WPA2 or WPA3 for secure traffic

Audit logs

Records of device activity for analysis and detection

Backup

Creating copies of device configurations for restoration

Authentication

Process of confirming a person's identity

Microsoft Active Directory

Authentication system that confirms user identity via passwords

Public Key Infrastructure (PKI)

Authentication system that uses certificates to validate website identity

Authorization

Determines what a user may access after authentication

Restrictive Permissions

Applying limited access to data and securing servers and network devices

Data Leaks

Risk of unauthorized access to confidential data

Malware Infection

Accidental infection of network data files by a user's infected computer

AAA Interaction

Client communication with a radius server via the cloud

Accounting

Process of verifying access control settings and providing a forensic trail

Immutable Logs

Audit logs stored in an unchangeable form to prevent tampering

MFA

Multi-factor authentication, an optional add-on to the authentication process

2FA

Another term for multi-factor authentication

PIN

Personal Identification Number used as part of multi-factor authentication

Biometric Scan

Facial, retinal, or fingerprint scan used for multi-factor authentication

Touch ID

Fingerprint scan used for authentication on Apple devices

Face ID

Facial recognition scan used for authentication on Apple devices

Proximity-based Security

Automatic unlocking of devices when in close range

Windows Hello

Mechanism on Microsoft Windows computers using fingerprint or facial recognition

Wireless network attacks

Attacks on wireless networks that can be done remotely

Denial of Service (DoS) attack

An attack that enables unauthorized access and traffic monitoring of a wireless network

Deauth attack

A denial-of-service (DoS) attack where the attacker can force clients off a network

WPA3 security

A security protocol that encrypts management packets in a wireless network

WPA2 security

A security protocol that encrypts data traffic in a wireless network

Fake Access attack

An attack where an attacker sets up an illegitimate wireless network to intercept data

VPN tunnel

A secure connection that encrypts all traffic sent and received over a wireless network

802.1x

Network access control protocol for trusted network access

WAP

Wireless Access Point used for network access

RADIUS

Remote Authentication Dial-In User Service for validating credentials

EAP

Extensible Authentication Protocol used for validating credentials

Authorization Policies

Policies defined by a network administrator for determining user's access rights

Antivirus or Malware Scanners

Software used to check for viruses or malware on a computer

Corporate Standard

Set of requirements or guidelines for devices used in a corporate network

Limited Network Access

Restricted access to certain network resources

Network Access Request

Request made by a client to connect to a network

Network Access Grant

Permission given by the WAP or switch to allow network access

Ad-hoc mode

Wireless communication in a peer-to-peer fashion without a WAP

Ad-hoc networks

Used for setting up new devices or transferring files between devices

Infrastructure mode

Wireless devices connected to the network via wireless routers or access points

Wireless router

Combination of a WAP and a router, used to connect to the internet and provide wireless connectivity

Triple DES

Symmetric encryption algorithm using DES three times in a row

AES

Advanced Encryption Standard with key lengths of 128-bit, 192-bit, or 256-bit

WEP

Wired Equivalent Privacy, an outdated wireless security standard

WPA

Wi-Fi Protected Access, a wireless security standard to overcome WEP weaknesses

WPA2

Wi-Fi Protected Access 2, the standard for wireless security for 15 years

WPA3

Wi-Fi Protected Access 3, released in 2018 to address WPA2 weaknesses

DES

Data Encryption Standard, an antiquated encryption algorithm

NIST

National Institute of Standards and Technology, a US government agency

Microsoft

A multinational technology company

Wi-Fi

Wireless networking technology

Brute force

Method of trying all possible combinations to crack encryption

Encryption

Process of converting data into a secure form

Symmetric key algorithm

Encryption algorithm that uses the same key for both encryption and decryption

Key length

Number of bits in an encryption key

Quantum computing

Computing using quantum bits (qubits) instead of classical bits

Hardware acceleration

Using specialized hardware to speed up a specific task

CPU instruction set

Set of commands that a CPU can understand and execute

AES-NI

AES New Instructions, CPU instructions for AES encryption

WEP key

Encryption key used in Wired Equivalent Privacy

Hexadecimal

Number system with base 16, using digits 0-9 and letters A-F

Bit length

Number of bits in an encryption key

Wi-Fi Alliance

Organization that certifies interoperability of Wi-Fi devices

Wi-Fi protected access

Wireless security standard to overcome WEP weaknesses

IEEE

Institute of Electrical and Electronics Engineers, a professional association

Alphanumeric

Containing both letters and numbers

Passphrase

Sequence of characters used to authenticate or encrypt

Temporal key integrity protocol

Encryption process that generates a new key for every packet

TKIP

Temporal Key Integrity Protocol, encryption process used in WPA

WPA2

Wi-Fi Protected Access 2, the standard for wireless security for 15 years

Counter Mode Cipher Block Chaining Message Authentication Code Protocol

CCMP, part of the AES encryption standard used in WPA2

Data confidentiality

Protection of data from unauthorized access

Authentication

Process of verifying the identity of a user or device

Access control

Restricting access to resources based on user permissions

WPA3

Wi-Fi Protected Access 3, released in 2018 to address WPA2 weaknesses

Enterprise mode

Mode of operation for Wi-Fi networks in organizations

Personal mode

Mode of operation for Wi-Fi networks for personal use

Simultaneous authentication of equals

SAE, method used in WPA3 to exchange network keys

IEEE 802.11-2016

Standard for wireless network communication

Forward secrecy

PFS, method that ensures compromised keys only affect one session

Perfect forward secrecy

PFS, method that ensures compromised keys only affect one session

Encryption session

Period of time during which data is encrypted

Management frames

Network control messages exchanged between devices

Deauth Attack

Exploit that de-associates a device from a Wi-Fi network

Interoperability

Ability of different systems to work together

Wireless devices

Devices that connect to a wireless network

Routers

Devices that connect multiple networks together

Authentication

Proving your identity to access cloud resources