Section 4

Barriers that intercept and inspect network traffic to protect networks from unauthorized access.

Barriers that intercept and inspect network traffic to protect networks from unauthorized access.

Firewalls

Firewalls that operate at Layers 3 and 4 of the OSI network model and inspect attributes such as protocol, IP addresses, and port numbers to determine whether to allow or deny traffic.

Packet Filters

Devices that act as intermediaries between systems, changing IP addresses and port numbers to facilitate communication between networks.

Circuit-Level Gateways

Feature in firewalls that allows them to identify and track the connection state of conversations between computers, reducing the number of rules needed to support TCP communication.

Stateful Inspection

Firewalls that have the ability to inspect the contents of packets, providing a deeper level of inspection and preventing malicious traffic from entering the network unchecked.

Application Level

Advanced security solutions that monitor the network to detect threats based on a database of known behaviors and payload signatures.

Intrusion Detection Systems (IDS)

Advanced security solutions that intercept and block suspicious traffic based on a database of known behaviors and payload signatures.

Intrusion Prevention Systems (IPS)

Operating mode for IDS devices where they attach to the network as passive listeners, alerting network administrators of any suspicious behavior.

Tap Mode

Operating mode for IPS devices where they are positioned in the middle of the traffic stream to intercept and block suspicious traffic.

In-Line Mode

Method used by IPS devices to block traffic, particularly files known to carry viruses or malware, based on the frequency of such files being found to be malicious.

Reputation-Based Protection

Virtualized versions of IDS and IPS devices that can be deployed on virtualized environments.

Virtual Appliances

IPS and IDS applications that are installed on servers or workstations to provide intrusion detection and prevention capabilities.

Host-Based IPS/IDS Applications

A conceptual framework that defines the way computers communicate over networks, consisting of seven layers that represent different parts of the computer-to-computer communication process.

OSI Model

The layer of the OSI model that includes protocols, such as 802.3 Ethernet and 802.11 Wi-Fi, which define how computers can share access to a common medium.

Layer 2 (Data Link)

The process of identifying and resolving problems or issues that may arise in a network, such as network connectivity issues.

Troubleshooting

The process of analyzing a network for security threats and vulnerabilities in order to identify potential risks and take appropriate measures to mitigate them.

Network Security Assessment

A set of rules and guidelines that govern the communication between devices in a network.

Protocol

Functions or processes provided by a network that enable communication and other operations.

Services

Weaknesses or flaws in a network's security that can be exploited by attackers to gain unauthorized access or cause harm.

Vulnerabilities

Potential dangers or risks to a network's security, such as malware, unauthorized access, or data breaches.

Threats

The layer of the OSI model that represents the physical medium that connects computers together, such as cables or fiber optic cables.

Layer 1: Physical

A Layer 1 threat that involves tampering with the physical cables of a victim's network to intercept and listen to network traffic.

Wiretapping

The layer of the OSI model that defines how computers logically connect to the network and includes protocols such as Ethernet and Wi-Fi.

Layer 2: Data Link

A Layer 2 attack that uses radio signals to interfere with a victim's wireless network card, preventing communication with a wireless access point.

Radio jammer attack

The layer of the OSI model that allows computers on different networks to exchange data and includes protocols such as IP and ICMP.

Layer 3: Network

An attack at Layer 3 that sends pings to a large number of IP addresses to detect which computers are online and vulnerable to other attacks.

Ping sweep attack

The layer of the OSI model that ensures data is delivered according to the needs of the application and includes protocols such as TCP and UDP.

Layer 4: Transport

A tool used to scan a computer for open ports, which can be used by attackers to identify services running on a victim's computer.

Port scanner

The layer of the OSI model that allows computers to differentiate between connections within a service on the same host, such as remote procedure call (RPC).

Layer 5: Session

The layer of the OSI model that serves as a translation and security layer between applications, allowing for data encoding and encryption.

Layer 6: Presentation

An attack at Layer 6 that involves an attacker intercepting and impersonating the encryption between a victim and a target, such as a bank's website.

Man-in-the-middle attack

The final layer of the OSI model that defines how users connect with application services through protocols such as HTTP, and is host to various attacks.

Layer 7: Application

a tool used by security professionals to detect problems and known bad code that result in vulnerabilities in your applications. It can help you identify weaknesses that could lead to SQL injection attacks, buffer overrun attacks, and a variety of others that may allow an attacker to take control of your server.

Vulnerability scanner

Encryption method that uses the same key for both encrypting and decrypting data.

Symmetric key encryption

Encryption method that uses different keys for encrypting and decrypting data.

Asymmetric key encryption

System that allows secure exchange of encrypted data without prior key exchange by using public and private key pairs.

Public Key Infrastructure (PKI)

Encrypted data block created using a private key to verify the integrity and authenticity of data.

Digital signature

Encryption protocol that combines symmetric and asymmetric key encryption for secure data transmission.

Transport Layer Security (TLS)

Asymmetric key creation method that utilizes the algebraic structure of elliptic curves for stronger encryption.

Elliptic Curve Cryptography (ECC)

The process of converting data into a secure and unreadable form to protect it from unauthorized access.

Encryption

Data that is moving through a network, such as when it is being transmitted between devices.

Data in transit

Data that is stored on a disk or in a permanent or semi-permanent state.

Data at rest

The encryption of data both in transit and at rest, ensuring that the data is never stored or transmitted in a readable form.

End-to-end encryption

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are common forms of encryption used on the internet to create a secure channel between a client and a server.

SSL/TLS encryption

Internet Protocol Security (IPsec) provides authentication and encryption for IP network traffic, commonly used to create VPN tunnels across untrusted networks.

IPsec encryption

A symmetric key cipher used for bulk encryption of data at rest, known for its high level of security and near-impenetrable encryption.

Advanced Encryption Standard (AES)

A part of IPsec that provides data integrity for the connection

Authentication Header (AH) protocol

A part of IPsec that provides encryption for the connection

encapsulating security payload (ESP)

A part of IPsec that define the algorithms to be used and the key exchange method

security associations (SA)

The process of categorizing data based on its security sensitivity and determining the policies and requirements for handling and storing the data.

Data Classification

Policies that dictate the length of time data should be stored, whether in active storage or archive copies, to ensure compliance and avoid fines.

Retention Policies

Requirements that specify the physical or geographical location where data must reside, often seen in government organizations to protect public records.

Data Residency Requirements

Measures and practices implemented to safeguard data from loss, unauthorized access, or damage, including backup and restore processes.

Data Protection

A plan or strategy for creating copies of data to protect against data loss, often involving regular backups and testing of the restore process.

Backup Solution

The process of encrypting data when it is stored or saved in a storage device or server to protect it from unauthorized access.

Data encryption at rest

The key used to encrypt and decrypt data at rest. If obtained by an attacker, it can be used to access and modify the data.

Data encryption key (DEK)

An asymmetric encryption key used to encrypt the DEK. It helps protect the DEK and is stored in a key management server (KMS).

Key encryption key (KEK)

A server that stores and manages encryption keys, including the encrypted DEK. It grants access to the DEK based on the validity of the KEK.

Key management server (KMS)

The process of encrypting data when it is being transmitted or sent over a network to protect it from unauthorized interception or manipulation.

Encryption of data in transit

Another term for data in transit, referring to data that is being transmitted or sent over a network.

Data in flight

A network connection that connects different locations or networks over a wide geographic area, such as the connection between private and public clouds in a hybrid cloud environment.

Wide area network (WAN) link

An authentication service that allows internet users to authenticate to an application using federated identity servers at sites like Google, Facebook, and Twitter, eliminating the need for users to create unique credentials for each application.

Federated Identity Management

The process of determining who should have access to data and what level of access they should have, often assigning permissions to groups rather than individual user accounts.

Access Control

The practice of isolating publicly accessible servers from the rest of the network to minimize the impact of attacks, such as hosting them in a public cloud or within an extranet in a private cloud.

Network Isolation

Security systems implemented within an extranet or network to detect and prevent server-to-server attacks, often used in conjunction with firewalls to enhance network security.

Intrusion Prevention Systems (IPS)

A secure, encrypted connection established over a public network, such as the internet, to allow remote management of servers in a public cloud environment without directly exposing them to the internet.

Virtual Private Network (VPN)

An authentication method that requires the use of multiple forms of identification, such as something you know (username and password), something you are (biometrics), or something you have (token or device), to verify the user's identity.

Multifactor authentication (MFA)

An account used by applications to access resources within a cloud provider, authenticated using API keys instead of a username and password.

Service account

Detailed records of actions taken by users and services within a cloud provider's system, used for accountability, change tracking, and detecting unauthorized use of privileged credentials.

Audit logs

A scalable, single-tenant cluster of computing, storage, and networking resources owned and maintained by a single company, with the company being responsible for the hardware and physical data center security.

Private cloud

Cloud services hosted by companies like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), with the cloud provider being responsible for the physical data center security and most hardware security concerns.

Public cloud

A combination of services running in both public and private clouds, with security concerns falling on the owners of the equipment and the data link between the public and private cloud networks potentially being maintained and secured by a third party.

Hybrid cloud

A Wi-Fi network that does not require a password or key to connect, making it accessible to anyone in the vicinity. Data transmitted on open networks is unencrypted and visible to anyone with a wireless network card.

Open Wi-Fi Network

An encryption algorithm that uses a 56-bit key to encrypt data. It is now considered antiquated and insecure, as it can be compromised by brute force methods in less than a day.

Data Encryption Standard (DES)

A symmetric encryption algorithm that uses the DES algorithm three times in a row to encrypt data. While it increases the complexity of encryption, it can still be compromised, especially as more data is sent in a single session.

Triple Data Encryption Standard (3DES)

A highly secure form of encryption widely used today. It can use a 128-bit, 192-bit, or 256-bit key, with longer key lengths providing stronger security.

Advanced Encryption Standard (AES)

An early wireless security standard that aimed to provide the same level of security as a wired network. It uses a 40-bit or 104-bit encryption key, which can be easily compromised using brute force methods. It has been deprecated and is no longer recommended.

Wired Equivalent Privacy (WEP)

A wireless security standard designed to overcome the weaknesses of WEP. It uses a variable-length alphanumeric passphrase and employs the Temporal Key Integrity Protocol (TKIP) to generate a new encryption key for each packet, enhancing security compared to WEP.

Wi-Fi Protected Access (WPA)

The successor to WPA, introduced in 2004. It supports the Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP), which is based on the AES encryption standard. It became the standard for wireless security for over a decade.

WPA2

The latest wireless security standard, released in 2018. IT increases the minimum key strength for enterprise mode connections and eliminates the use of passphrases for personal-mode networks. It also implements forward secrecy and encrypts management frames for improved security.

WPA3

A security standard that provides network access control at the port level, whether physical or wireless, and uses authentication based on the Extensible Authentication Protocol (EAP).

802.1x

An authentication standard used in 802.1x that provides a framework for various authentication methods, including username and password or public key infrastructure (PKI) certificates.

Extensible Authentication Protocol (EAP)

The process of controlling access to a network based on the authentication and authorization of users and devices.

Network Access Control

A protocol used in 802.1x authentication that allows for centralized authentication, authorization, and accounting for network access.

Remote Authentication Dial-In User Service (RADIUS)

Rules and criteria set by a network administrator that determine the level of access and privileges granted to a user or device on a network.

Authorization Policies

Software programs designed to detect and remove malicious software, such as viruses, worms, and trojans, from a computer system.

Malware Scanners

The set of guidelines, policies, and configurations established by a company to ensure consistency and security across its network and systems.

Corporate Standard

A denial-of-service (DoS) attack where the attacker forces clients off of a wireless network, even without being on the network themselves.

Deauth Attack

The latest security protocol for wireless networks that encrypts management packets, providing better defense against deauth attacks.

WPA3 Security

An attack where the attacker sets up a rogue wireless network without security or authentication, allowing them to intercept and modify unencrypted data.

Fake Access

A secure connection established between a device and a VPN service, encrypting all traffic sent and received over a wireless network.

VPN Tunnel

Public wireless networks that do not require authentication or encryption, posing a significant security risk and should be avoided.

Unsecured Wi-Fi Hotspots

The process of confirming a person's identity, which can be done through usernames and passwords or certificates.

Authentication

The process of determining what a user is allowed to access, such as specific resources, servers, or files.

Authorization

The process of verifying access control settings, providing a forensic trail after a security breach, and storing logs or records in an immutable form.

Accounting

An optional add-on to the authentication process that requires additional factors, such as a PIN, facial or retinal scan, or fingerprint, to verify a user's identity.

MFA (Multi-factor Authentication)

The process of strengthening the security settings and defenses of network devices, servers, and workstations to protect against unauthorized access, data breaches, and other potential threats.

Harden Devices

The pre-configured passwords that come with network devices, which should be changed immediately to prevent unauthorized access.

Default Passwords

User accounts on network devices that are not actively used or needed, which should be removed to reduce the risk of unauthorized access.

Unnecessary Logins

A policy that requires users to create complex passwords with a combination of uppercase and lowercase letters, numbers, and special symbols, and to change their passwords regularly to enhance security.

Strong Password Policy