SDN, networking security technologies,

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/32

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

33 Terms

1
New cards

software defined networking (SDN)

treats network functionality and implementation details separately, separates the control plane from the data plane

  • makes the network programmable, made possible using encapsulation

    security benefits:

  • allows granular network configuration

  • facilitates faster response to security incidents

    security concerns:

  • increases network complexity

2
New cards

control plane of network

responsible for making routing and switching decisions

3
New cards

data plane of network

responsible for carrying out the instructions of the control plane

4
New cards

VXLAN protocol

builds overlay networks that operate at layer 2 using layer 3 equipment

5
New cards

transmission media

allows digital information to be sent over a distance

-ex: cables

6
New cards

ethernet cables

transmit electricity over copper wires

7
New cards

fiber optic cables

transmit light over strands of glass

8
New cards

wifi communications

use radio waves instead of physical media

9
New cards

Li-Fi

replaces the radio waves of WiFi with light

10
New cards

private IP range

  • Class A- 10.0.0.0 to 10.255.255.255

  • Class B- 172.16.0.0 to 172.31.255.255

  • Class C- 192.168.0.0 to 192.168.255.255

11
New cards

public IP range

  • 1.0.0.0 – 9.255.255.255

  • 11.0.0.0 – 126.255.255.255

  • 129.0.0.0 – 169.253.255.255

  • 169.255.0.0 – 172.15.255.255

  • 172.32.0.0 – 191.0.1.255

  • 192.0.3.0 – 192.88.98.255

  • 192.88.100.0 – 192.167.255.255

  • 192.169.0.0 – 198.17.255.255

  • 198.20.0.0 – 223.255.255.255

12
New cards

role based access

  • authentication server provides additional user information

  • authenticator places user on a role appropriate network based upon that info

13
New cards

network access control (NAC)

intercepts network traffic coming from unknown devices and verifies that the system and user are authorized before allowing further communication

14
New cards

NAC posture checking

  • Verifying

  • antivirus software presence

  • validating current signatures

  • ensuring proper firewall configuration

  • verifying presence of security patches

15
New cards

NAC implementations

  • agent based

  • agentless

  • inline

  • out of band

16
New cards

Remote Dial IN User Service (RADIUS)

  • offers centralized approach to network and application authentication

  • RADIUS client is usually an application server

  • disadvantages include uses UDP, does not encrypt everythings

17
New cards

TACACS+

cisco proprietary

  • similar to radius

  • uses TCP and encrypts full session

18
New cards

shadowed firewall rules

occur when a rule base contains a rule that will never be executed because of its placement in the rule base

19
New cards

promiscuous firewall rules

allow more access than necessary

20
New cards

orphaned firewall rules

allow access to decomissioned systems and services

21
New cards

router access control list

restricts network traffic

22
New cards

standard router ACL

perform filtering based upon source IP address

23
New cards

extended router ACL

blocks traffic based upon more advanced criteria, such as source and destination IP addresses, source and destination ports, and the protocols used for communication

24
New cards

firewalls vs routers

  • firewalls are purpose specific and efficient. They have advanced rule capabilities, and offer advanced security functionality

  • placing ACLs on routers may reduce burden on firewalls

25
New cards

VLAN pruning

limit unnecessary exposure of VLANs by limiting the number of switches where they are trunked, especially for sensitive VLANs

26
New cards

VLAN trunk negotiation

deny the use of automatic VLAN trunk negotiation to limit the effectiveness of VLAN hopping attacks

27
New cards

port security

limit the devices that may connect to a network swithport by MAC address

2 modes:

  • static- administrators manually configure valid MAC addresses for each port

  • dynamic- switches memorize the first MAC address they see on each port and limit access to that address

28
New cards

DHCP snooping

blocks malicious DHCP traffic

29
New cards

SYN flood

fill connection state tables on firewalls with half open connection entries

30
New cards

MAC flood

fills switch’s MAC address table with many entries, causing it to flood traffic on all ports

31
New cards

flood guard technology

protects network devices against flood attacks

works by controlling the number of open connections

32
New cards

routing loops

allow broadcast storms. occurs when there are multiple physical paths between two network devices and they mistakenly begin routing broadcast traffic in a redundant fashion

33
New cards

spanning tree protocol (STP)

  • prevents routing broadcast storms by implementing loop prevention

  • BPDU guards block malicious traffic

Explore top notes

Explore top flashcards