Network Security Concepts and Practices

Layered Defense-in-Depth Security Approach

A security approach where multiple layers of security are placed throughout an organization, such that the failure of one safeguard does not compromise others.

First Line of Defense

The edge router, which forms the initial layer of security in a defense-in-depth approach.

WPA2

A wireless security standard that made AES and CCM mandatory for encryption.

Crossover Error Rate

In biometric systems, it refers to the rate of false negatives and false positives.

VLAN (Virtual LAN)

Provides logical segmentation by creating multiple broadcast domains on the same network switch.

Biometric Systems Factors

Accuracy, speed or throughput rate, and user acceptability are critical for biometric systems.

Privilege Escalation Attack

Exploiting vulnerabilities to grant unauthorized users higher privilege levels than intended.

Nondiscretionary Access Control Model

An access control model that bases access decisions on user roles and responsibilities.

TACACS+ vs. RADIUS

TACACS+ encrypts all communication and separates authentication from authorization, while RADIUS combines both.

Access Control List (ACL)

A set of rules used to control network traffic and enforce an access policy.

Stateless vs. Stateful Firewalls

Stateless firewalls inspect packets individually, while stateful firewalls track connection states.

Zone-Based Policy Firewall

A firewall that applies security policies based on predefined zones within a network.

Proxy Firewall

An application gateway firewall that filters information at multiple OSI layers using a proxy