Chapter 9: Introduction to Network Security

Network Security Policy

a document that describes the rules governing access to an organization's information resources, enforcement of these rules, and steps taken if rules are breached

Privacy policy

describes what staff, customers, and business partners can expect for monitoring and reporting network use

Acceptable use policy

explains for what purposes network resources can be used

Authentication Policy

describes how users identify themselves to gain access to network resources, such as logon names, password conventions, and authentication methods

Internet use policy

explains what constitutes proper or improper use of internet resources

Access policy

specifies how and when users are allowed to access network resources

Auditing policy

explains the manner in which security compliance or violations can be verified and the consequences for violations

Data protection

outlines the policies for backup procedures, virus protection, and disaster recovery

Kerberos

the authentication protocol used in a Windows domain environment to authenticate logons and grant accounts access to domain resources. Provides mutual authentication between a client and server or between two servers.

Mutual authentication

the identity of both parties is verified

Remote Authentication Dial-In User Service (RADIUS)

An industry-standard client/server protocol that centralizes authentication, authorization, and accounting for a network. Is used to authenticate administrative access to network devices.

Extensible Authentication Protocol (EAP)

A framework for other authentication protocols that provides encryption and authentication

Multifactor authentication (MFA)

a security technique in which a user must supply two or more types of authentication drawn from these credential categories - knowledge, possession, and inherence.

Encryption

a technology that makes data unusable and unreadable to anyone except authorized users

IPsec

an extension to the IP protocol that encrypts data as it travels the internetwork. It works by establishing an association between two communicating devices.

Preshared key

a series of letters, numbers, and special characters, that both communicating devices use to authenticate each other’s identity

Digital Certificate

a digital document used in encryption and authentication that identifies a computer and can be verified by a certification authority.

Transparent mode

A mode of full disk encryption where the user is prompted for a recovery key on a USB device or a recovery password

USB Key mode

A mode of full disk encryption where an encryption key is stored on a USB drive that the user inserts before starting the system

User authentication mode

a mode of full disk encryption in which the system requires a user password before decrypting the OS files and boots.

Virtual Private Network (VPN)

a network connection across a public network that uses encryption technology to transmit and receive data.

Point-to-Point Tunneling Protocol (PPTP)

a commonly used VPN protocol in Windows OS with client support for Linux and Mac OS X.

Layer 2 Tunneling Protocol with IPsec (L2TP/IPsec)

a VPN protocol developed cooperatively by Cisco and Microsoft that provides a higher level of security than PPTP. It provides data integrity and identify verification

Secure Socket Tunneling Protocol (SSTP)

A VPN protocol that works behind most firewalls without administrators needing to configure the firewall to allow it.

Site-to-site VPN mode

a VPN connection is established between two VPN devices with no software needed.

Client-to-site

a VPN connection between a single client computer and a VPN device.

Wardriver

an attacker who drives around looking for wireless LANs to intercept

Wi-Fi protected access 3

the strongest encryption standard that uses Protected Management Frames (PMF) and offers a personal or enterprise variation

Wi-Fi protected access 2

the most commonly used encryption standard that uses advanced encryption standard (AES) algorithms and has a personal and enterprise variation.

Wi-Fi protected Access

an encryption standard that uses Temporal Key Integrity Protocol (TKIP) and offers a personal and enterprise variation

Wired Equivalent Privacy

a wireless security protocol that encrypts data so that unauthorized people receiving wireless network signals can’t interpret the data easily

MAC address filtering

a feature on APs that restricts network access to computers with specific MAC addresses

Network perimeter

the boundary between your network and external networks such as the Internet.

Firewall

a hardware device or software program that inspects packets going in or out of a network or computer, and then discards or forwards the packets based on a set of rules.

Stateful packet inspection

a filtering method used in a firewall, whereby packets aren’t simply filtered based on packet properties but are checked for the context in which they’re being transmitted.

Content filter

a type of firewall or security device that looks for key words or phrases in the data portion of each packet to determine whether to allow it into the network

Intrusion Detection System (IDS)

a component of a firewall that detects an attempted security breach and notifies the network administrator.

Network-based IDS (NIDS)

Host-based IDS (HIDS)

a software application used to protect a single computer, usually a critical server

Demilitarized zone (DMZ)

the part of a network that contains publicly accessible devices, such as web servers and VPN servers, but is still protected by a firewall.

Honeypot

a network device installed as a decoy to lure potential attackers

Intrusion Prevention system (IPS)

a variation of IDS that can take countermeasures if an attack is in progress

Malware

any type of software that presents a nuisance to users of a threat to the integrity of a system or network

Virus

a program that spreads by replicating itself into other programs or documents. To spread, a virus requires a file to be opened, a program to be run, or the computer to be booted.

File Infector Virus

a common virus that attaches itself to an existing executable file.

Virus Signature

a pattern of computer code that is unique to a virus and can be used to identify its presence on an infected system

Boot sector virus

a type of virus that infects the code that loads when a system is powered on, and can result in the inability to boot the system and the destruction of system files.

Polymorphic virus

a type of virus that uses encryption techniques to change itself every time it infects a computer.

Macro virus

a virus that commonly spreads via email attachments and infects documents containing macros

Overwrite virus

a virus that deletes data within a file and replaces it with virus code, making the original file useless. Deleting the file usually removes the virus, but the original file data cannot be retrieved.

Browser hijacker virus

a virus that redirects the Web browser to URLs the user didn’t intend to access.

Ransomware

a type of malware that redirects you to a web site warning that your system is infected and that you must install the vendor’s software or call a phone number to clean your system. Your system is held hostage until you pay the perpetrator a fee to unlock the computer or decrypt your files.

Worm

a type of malware that doesn’t require another file to spread to other computers.

Backdoor

a program installed on a computer that permits access to the computer thus bypassing the normal authentication process.

Trojan Horse

a program that appears to be useful, but in reality contains some type of malware

Rootkit

a form of malware that can monitor traffic to and from a computer, keystrokes, and capture passwords.

Hoax virus

a “virus” that is just an e-mail announcement of a made up virus. It preys on people’s good intentions and clogs e-mail servers, decreases productivity, and wastes time.

Social engineering

a tactic of attackers to get users to perform an action without being aware that they’re aiding the hacker.

Logic bomb

a time-dependent malware that can come in different forms. Its main characteristic is that it’s activated when a particular event occurs, or when a particular file is accessed.

Spyware

a type of malware that monitors or controls part of your computer at the expense of your privacy and the gain of some third party.

Spam

unsolicited email.

Penetration tester

a security consultant who detects holes in a system’s security for the purpose of correcting these vulnerabilities

Ping scanner

an automated method for pinging a range of IP addresses

Port scanner

software that determines which TCP and UDP ports are available on a computer or device.

Protocol analyzers

programs or devices that can capture packets traversing a network and display the packets’ contents in a form useful to the user

Denial of service attack (DoS)

an attempt to tie up network bandwidth or services so that network resources are rendered useless to legitimate users

Spoofed address

a source address inserted into a packet that is not the sender’s actual address

Distributed Denial-of-Service attacks

attacks that use many systems to tie up network bandwidth or services so that network resources are rendered useless to legitimate users.

Tunneling

How do virtual private networks ensure privacy?

DoS

Which of the following terms refers to attacking a Web server by forcing it to respond to a flood of ping packets so that the server can’t respond to normal traffic?

physical security

Which phrase from the following list best completes the next sentence? “If there’s access to the equipment, there’s no .”

adequate cooling

Which of the following is a requirement for rooms housing network servers?

authorization

Which procedure specifies what resources users can access and the tasks they can perform on a network?

Account lockout

If you want to prevent password guessing to foil intruders, you should enable which of the following?

Kerberos

Which authentication protocol is used in a Windows domain environment?

EFS

To encrypt data stored on a hard drive on a Windows Server computer, you should use which of the following?

IDS

If network administrators want to be informed when an attempt has been made to compromise the network, what should they use?

Site-to-site

Which VPN mode should you use if you want to establish a secure tunnel between a main office and a branch office?

in the DMZ

Where’s a common place to install an NIDS?

IPS

What device should you consider installing if you want countermeasures to take place when an attack is detected?