10.3.1 - Defense In Depth

Flashcards reviewing key concepts from CertMaster Perform Network+ 9.1 regarding defense in depth and network security.

What is the purpose of firewalls in establishing network security?

A secure barrier at the network perimeter designed to subject connections between internal and external networks to access controls.

What is an example of how a host on a public network might be permitted to join a private network?

Authenticating over a virtual private network (VPN).

What is the perimeter security model?

Focusing on the boundary between the public and private network and trusting everything that has connected via internal switches.

What factors have eroded confidence in a solely perimeter-based security model?

Mobile devices, cloud services, insider threats, and vulnerabilities to malware.

What is defense in depth?

Placing security controls throughout the network, so that all access attempts are authenticated, authorized, and audited.

What are some examples of logical security controls that are important parts of defense in depth?

Access management, deception/honeypot strategies, and identity and access management (IAM).

What is endpoint security?

Procedures and technologies designed to restrict both remote and local network access at a device level and to ensure that each endpoint device is hardened to mitigate vulnerabilities.

What is the network perimeter?

The border between the private network and external, public networks.

Beyond the traditional network edge, what other components are now included in the concept of the network edge due to the erosion of the perimeter security model?

Access switches and wireless access points.