Security Technologies

CompTIA+ Network Learning

Security Technologies

Various technologies used to ensure network security, including firewalls, intrusion detection and prevention systems, remote access, virtual private networks, IPsec, and network logging and monitoring.

Domain one

networking fundamentals:The first domain in the course, covering the basics of networking.

Domain two

network implementations:The second domain in the course, focusing on the implementation of network devices and features.

Domain three

network operations:The third domain in the course, covering network operations and management.

Domain four

network security:The fourth domain in the course, focusing on network security concepts and practices.

Objective 1.5

Explaining common ports and protocols, their application, and encrypted alternatives.

Objective 2.1

Comparing and contrasting various network devices, their features, and appropriate placements on the network.

Objective 3.1

Using appropriate statistics and sensors to ensure network availability.

Objective 4.1

Explaining common security concepts.

Objective 4.3

Applying network hardening techniques.

Objective 4.4

Comparing and contrasting remote access methods and security implications.

Firewall

A network security device that uses a set of rules to permit or deny traffic based on defined criteria, acting as a barrier to protect networks.

Packet-filtering firewall

A type of firewall that permits or denies traffic based on packet headers, specifically source and destination IP addresses and ports.

Stateful firewall

A type of firewall that inspects traffic as part of a session and only allows replies to requests made within that session.

Next-generation firewall (NGFW)

A third-generation firewall that conducts deep packet inspection and operates at layers five, six, and seven of the OSI model.

Access Control List (ACL)

A set of rules assigned to a router interface or firewall that permit or deny traffic based on IP address, MAC address, or port.

Firewall zones

Classifications of firewall interfaces into inside, outside, and DMZ zones, allowing for the creation of rules specific to each zone.

Intranet

A local area network that connects devices within an organization.

Internet

The global network of networks that allows communication between devices and networks worldwide.

DMZ (Demilitarized Zone)

A zone that connects devices with restricted access from the outside, such as web servers and email servers, to the internal network.

Stateful Firewall

A firewall that allows traffic from the internet to the internal network only if it has been requested by an internal device.

UTM (Unified Threat Management)

A device that combines multiple security functions, such as firewall, router, intrusion detection and prevention, and antimalware, into a single device.

NAC (Network Access Control)

A function of the UTM that authenticates and authorizes new devices before allowing them onto the network.

Border Device

A device placed at the network boundary that provides security functions such as firewall and routing.

Outbound Connection

A connection initiated from devices within the network to external devices or networks.

Inbound Connection

A connection initiated from external devices or networks to devices within the network.

Windows Firewall

The built-in firewall in the Windows operating system that allows users to configure inbound and outbound rules for network traffic.

Mac Firewall

The built-in firewall in macOS that allows users to configure inbound and outbound rules for network traffic.

Secure Shell (SSH)

A cryptographic network protocol that allows secure remote access and control of devices over an unsecured network.

Firewall

A security measure that controls the incoming and outgoing network traffic based on predetermined rules.

Allow Action

A setting that permits a program or connection to pass through the firewall.

Any/Any Rule

A rule that allows any program, protocol, and port to pass through the firewall, potentially compromising security.

Port

A numerical identifier that specifies a particular process or service on a device.

Web Server

A program or computer that serves web pages to clients upon request.

TCP Traffic

Transmission Control Protocol (TCP) is a protocol that ensures reliable, ordered, and error-checked delivery of data packets over a network.

UDP Traffic

User Datagram Protocol (UDP) is a protocol that allows for the transmission of datagrams over an IP network without the need for a connection.

VPN Tunnel

A secure, encrypted connection between two networks or devices over a public network, such as the internet.

Block

A setting that prohibits a program or connection from passing through the firewall.

Telnet

A network protocol that allows for remote login and control of a device over a network, often considered insecure.

Monitoring

A feature that allows users to view and analyze network activity, log files, and active firewall rules.

IDS

Intrusion Detection System, a passive security device that monitors network traffic and alerts the administrator of potential attacks.

IPS

Intrusion Prevention System, an active security device that monitors and blocks network traffic to prevent attacks in real-time.

Snort

A widely used open-source software-based IDS/IPS that detects and responds to network attacks.

Signature-based Detection

A method of detecting attacks based on predefined patterns or signatures.

Policy-based Detection

A method of detecting attacks based on predefined security policies or rules.

Anomaly-based Detection

A method of detecting attacks based on deviations from normal network behavior or statistical patterns.

Non-statistical anomaly

An anomaly that is based on a pattern or baseline defined by the administrator.

Network-based IDS

An intrusion detection system that is a network device designed to protect the entire network.

Host-based IDS

An intrusion detection system that is installed as software on a host or server.

Network-based IPS

An intrusion prevention system that is a network device designed to protect the entire network.

Host-based IPS

An intrusion prevention system that is installed as software on a host or server.

In-line protection

Using a network-based IPS to protect against denial of service attacks.

Software-based protection

Using host-based IPS to prevent unauthorized software installation and running.

Remote access

Various methods to access a server or network device remotely over a network.

Telnet

A text-based remote access technology that operates on port 23.

SSH

Secure Shell, a text-based remote access technology that encrypts the connection and operates on port 22.

RDP

Remote Desktop Protocol, a proprietary protocol developed by Microsoft for graphical interface remote access to computers over a network.

RDG

Remote Desktop Gateway, a Windows server that creates a secure connection using SSL or TLS protocols for RDP sessions.

VPN

Virtual Private Network, used to establish a secure connection between a client and a server over an untrusted public network.

VNC

Virtual Network Computing, a cross-platform remote access technology that operates on port 5900.

VDI

Virtual Desktop Infrastructure, a form of desktop virtualization that hosts a desktop environment on a centralized server.

In-band management

Managing devices through the use of Telnet or SSH protocols over the network.

Out-of-band management

Managing devices through an alternate path or management network separate from the production network.

Authentication

The process of confirming a user's identity.

Authorization

Granting the user the proper permissions to access a specific resource on the network.

PAP (Password Authentication Protocol)

An insecure authentication protocol that sends usernames and passwords in clear text over the network.

CHAP (Challenge Handshake Authentication Protocol)

An improvement over PAP that encrypts credentials and uses a challenge-response mechanism for authentication.

MS-CHAP (Microsoft Challenge Handshake Authentication Protocol)

Similar to CHAP but developed by Microsoft.

EAP (Extensible Authentication Protocol)

A more secure authentication protocol that allows for various methods of authentication, such as smart cards and digital certificates.

VPN (Virtual Private Network)

A network that extends a private network across a public network, enabling users to send and receive data as if they were directly connected to the private network.

Site-to-site VPN

A VPN configuration used to connect two offices together.

Client-to-site VPN

A VPN configuration used to connect a single remote user to a corporate network.

Clientless VPN

A VPN configuration used for web browsing without requiring a client software.

Full tunnel VPN

A VPN configuration that routes and encrypts all traffic requests through the VPN connection to the headquarters, regardless of the destination.

Split tunnel VPN

A VPN configuration that allows certain traffic to be routed through the VPN connection while other traffic can access local resources directly.

Split tunnel VPN

A type of VPN configuration that divides network traffic, routing some traffic over the VPN while sending other traffic directly to the internet.

Encrypted VPN tunnel

A secure pathway created by a VPN that encrypts data packets and sends them over the network.

Full tunnel VPN

A VPN configuration that routes all network traffic, including internet traffic, through the VPN.

Clientless VPN

A type of VPN that allows secure remote access using a web browser without the need for additional software or hardware clients.

SSL (Secure Socket Layer)

A protocol that provides cryptography and reliability for secure web browsing over HTTPS.

TLS (Transport Layer Security)

A protocol that has replaced SSL for secure web browsing over HTTPS, providing improved security.

IPsec (IP Security)

A secure network protocol suite used for authentication and encryption of data packets in VPNs to create a secure communication path.

Confidentiality

A feature provided by IPSec that ensures data encryption to protect sensitive information from unauthorized access.

Integrity

A feature provided by IPSec that ensures data integrity by verifying that data has not been modified during transmission.

Authentication

A feature provided by IPSec that verifies the identities of the communicating parties to prevent unauthorized access.

Anti-replay

A feature provided by IPSec that prevents the transmission of duplicate packets and protects against packet capture and resend attacks.

IKE Phase 1

The initial phase of IPSec where the identities of the IPSec peers are authenticated and a secure channel for negotiation is established.

IKE Phase 2

The phase of IPSec where the security association parameters are negotiated, and the secure tunnel is fully established.

Data transfer

The phase of IPSec where data is transferred between the IPSec peers over the secure tunnel using the negotiated IPSec parameters and keys.

IPSec tunnel termination

The phase of IPSec where the security associations are terminated, either through mutual agreement or due to non-responsiveness of one party.

ISAKMP

An acronym for Internet Security Association and Key Management Protocol, which is used for exchanging security associations between IPSec peers.

Security Associations

Contains authentication methods, encryption and hash algorithms, Diffie-Hellman groups, expiration of the IKE SA, and shared secret values for encryption algorithms. These are used by IPSec peers to make and maintain their IPSec tunnels.

Aggressive Mode

A mode in ISAKMP with fewer exchanges than the main mode, resulting in faster initial connection and fewer packets exchanged.

Diffie-Hellman

A key exchange algorithm that allows two systems to exchange a secret key and trust each other without knowing each other beforehand.

IKE Phase Two

The phase of IKE that negotiates IPSec security associations to set up the IPSec tunnel.

Quick Mode

A mode used in IKE Phase Two to negotiate a shared IPSec policy, drive shared secret key materials, and establish IPSec Security Associations.

IPSec Security Associations (SAs)

Established during IKE Phase Two, these SAs are used for encrypting and decrypting packets in the IPSec tunnel, ensuring confidentiality and security.

Data Transfer

The process of securely transmitting data over the established IPSec tunnels using IPSec SAs.

Termination of Tunnel

The process of ending the IPSec tunnel by deleting the IPSec SAs either by mutual agreement or when they reach their lifetime expiration.

Diffie-Hellman Key Exchange

A method used in IKE Phase One to establish a shared secret key between two systems using their private and public keys generated through the Diffie-Hellman protocol.