Lesson 10 Implementing Network Security Appliances

0.0(0)
studied byStudied by 0 people
GameKnowt Play
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/54

flashcard set

Earn XP

Description and Tags

Vocabulary flashcards covering firewalls, proxies, NAT, IDS/IPS, NGFW/UTM, content filters, WAFs, SIEM, and related monitoring concepts from the lecture notes.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

55 Terms

1
New cards

Firewall

A security device or software that enforces network access controls by filtering traffic according to rules, protocols, ports, and addresses.

2
New cards

ACL (Access Control List)

A set of rules used by firewalls to accept or deny traffic based on packet characteristics (IP, port, protocol).

3
New cards

Packet Filtering Firewall

An early firewall type that inspects IP headers and applies ACLs, typically stateless.

4
New cards

Stateless

A firewall mode that does not retain session state between packets; analyzes each packet independently.

5
New cards

Stateful Inspection

A firewall technique that tracks active connections in a state table and validates new packets against it.

6
New cards

State Table

A data table that stores information about current connections for stateful inspection.

7
New cards

Transport Layer (OSI Layer 4)

Layer that handles TCP/UDP; where some firewall checks (e.g., handshake) occur.

8
New cards

Application Layer Firewall (Layer 7)

A firewall that inspects application payload and protocols; may perform deep packet inspection.

9
New cards

Application-Aware Firewall

A firewall that recognizes specific applications and enforces policies accordingly.

10
New cards

iptables

Linux command-line utility to manage kernel firewall rules via chains and policies.

11
New cards

Firewall Appliance

Standalone hardware device deployed to monitor and filter traffic at network edges.

12
New cards

Routed Firewall (Layer 3)

Firewall that forwards traffic between subnets; interfaces connect to different security zones.

13
New cards

Bridged Firewall (Layer 2)

Firewall operating as a bridge; inspects traffic without acting as a router.

14
New cards

Transparent Firewall

Bridged firewall with no data-path IP interface; manages traffic without subnet reconfiguration.

15
New cards

Host-Based Firewall

Software firewall on a single host protecting that host and its network access.

16
New cards

Application Firewall

Software firewall protecting a specific application (e.g., a web server) on a server.

17
New cards

NOS Firewall

Software firewall running on a network OS (Windows/Linux) acting as gateway or proxy.

18
New cards

Proxy

Intermediary that filters and forwards traffic by deconstructing and rebuilding packets at the application layer.

19
New cards

Forward Proxy

Proxy that handles outbound client requests (e.g., web access) and may reside in a DMZ.

20
New cards

Non-Transparent Proxy

Proxy requiring clients to be configured with its address and port.

21
New cards

Transparent Proxy

Proxy that intercepts traffic without client configuration; inline with the network.

22
New cards

PAC (Proxy Auto-Config)

Script that configures proxy settings automatically on clients.

23
New cards

WPAD (Web Proxy Auto-Discovery)

Protocol that helps browsers locate a PAC file; potential attack vector if misused.

24
New cards

Reverse Proxy

Proxy at the network edge that handles inbound requests for internal servers, often with load balancing and encryption.

25
New cards

NAT (Network Address Translation)

Translates private IP addresses to public addresses at the network edge; not a filtering function by itself.

26
New cards

RFC 1918 Private Address Ranges

Reserved private IP ranges for internal networks (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16).

27
New cards

Static NAT

One-to-one mapping between an inside local and an inside global address.

28
New cards

Dynamic NAT

NAT using a pool of public addresses to map multiple inside addresses dynamically.

29
New cards

NAPT/PAT (Port Address Translation)

Overloads many private addresses onto a single public address using port mappings.

30
New cards

Destination NAT / Port Forwarding

Forwards incoming traffic to a designated internal host and port.

31
New cards

NAT66 / NAT64 / NPTv6

IPv6/IPv4 translation mechanisms for cross-architecture address handling (IPv6-to-IPv6, IPv6-to-IPv4, and prefix translation).

32
New cards

NAT Overload

NAPT; multiple private addresses share a single public IP via port numbers.

33
New cards

Virtual Firewalls

Firewalls deployed in virtual environments (hypervisor-based, virtual appliance, or multiple contexts).

34
New cards

NGFW (Next-Generation Firewall)

Firewall that combines application awareness, user filtering, and often IPS; may include cloud inspection.

35
New cards

UTM (Unified Threat Management)

Single appliance centralizing firewall, anti-malware, IPS, content filtering, DLP, VPN, etc.; potential single point of failure.

36
New cards

Content Filter / SWG

Filter that controls user web access (block URLs, time-based rules) and often includes threat analysis.

37
New cards

WAF (Web Application Firewall)

Firewall focused on protecting web applications from code injection and DoS; uses signatures and pattern matching.

38
New cards

HIDS (Host-Based IDS)

IDS that monitors a single host's logs, files, and processes; may include FIM (File Integrity Monitoring).

39
New cards

NIDS (Network-Based IDS)

IDS with sensors on the network to monitor traffic for attack signatures; passive by default.

40
New cards

IPS (Intrusion Prevention System)

Inline IDS that can terminate or throttle offending traffic and block attacks.

41
New cards

Inline Deployment

Deployment where traffic passes through the security device, enabling active blocking.

42
New cards

SIEM (Security Information and Event Management)

Platform that aggregates logs and events from many sources, correlates them, and provides alerts and dashboards.

43
New cards

UEBA (User and Entity Behavior Analytics)

SIEM capability that analyzes user and machine behavior to detect anomalies.

44
New cards

NBAD (Network Behavior Anomaly Detection)

ML-based detection of anomalous network traffic patterns; often integrated with SIEM.

45
New cards

NTA (Network Traffic Analysis)

Analysis of network streams for anomalies, similar to IDS but focused on traffic.

46
New cards

SOAR (Security Orchestration, Automation, and Response)

Automation layer that coordinates incident response workflows with SIEM.

47
New cards

Snort / Suricata / Zeek

Popular network-based IDS tools used for signature-based detection.

48
New cards

SPAN / Mirror Port

Switch feature that copies frames to a sensor; may drop frames under load.

49
New cards

TAP (Test Access Point)

Physical device to copy network traffic for monitoring; comes in passive or active forms.

50
New cards

ModSecurity

Open-source WAF for Apache, nginx, and IIS; supports rule sets and signatures.

51
New cards

NAXSI

Open-source WAF module for nginx.

52
New cards

Imperva

Commercial WAF and security suite (e.g., SecureSphere) focusing on web security.

53
New cards

Regex (Regular Expressions)

Pattern-based language used to search/log data and parse text in logs.

54
New cards

grep

Unix command to search text files for patterns; supports exact or regex matching.

55
New cards

Syslog

Standardized protocol for centralized logging used by many devices and SIEMs.