Ap Networking Unit 3

Confidentiality

ensures data is accessible to only authorized users

ie. encryption, access, controls, authentication

integrit

ensures data is accurate, unaltered, and trustworthy

availability

ensures data and systems are accessible when needed

ie. redundancy, backups

Administrative controls

security policies, password policies, acceptable use policy, training and awareness, incident response plans

technical controls

firewalls, port security, IDS/IPS, antivirus, encryption, VLANs

physical controls

locks, badges, cameras, fences, secured server rooms

Preventive controls

stop incidents before they happende

deterrent

discourage attacks

detective

identify incidents after or during occurrence

corretive

fix damage after an icdient

recovery

restore operations

comprehensive

combine multiple control types

mac spoofing

changing a mac address to impersonate another device, gaining unauthorized access

mac flooding

sending a lot of fake mac addresses, fills cam table, forces the switch to flood traffic out all ports

protect

drops unauthorized traffic silently

restrict

drops traffic and logs violation

shutdown

disables the port

which violation action is the more secure?

shutdown

what does firewalls control?

traffic flow based on ip, addresses, ports, protocols, connection states

stateless firewalls

filter packets individually, use header data only, fast with low overhead, no awareness of sessions

stateful firewalls

tracks, active connections, understands session context, more secure than stateless, but high resource usage

new generation firewalls

stateful inspection, application awareness, IDS/IPS capabilites

intrusion detection system (IDS)

detects intruders and alters about them

intrusion prevention system (IPS)

detects intruders and blocks them from doing harm

defense in depth

a layered security approach that assumes no single control is sufficient. Includes: physical, administrative, and techination securities, policies, and enforcement