ch 19

1. Load Balancing

Technique to distribute workloads across multiple servers to prevent overload, improve resource utilization, and increase fault tolerance.

2. Active/Active Load Balancing

Configuration where all load balancers simultaneously handle network traffic, distributing workload evenly.

3. Active/Passive Load Balancing

Configuration with a primary active load balancer and a secondary passive balancer ready to take over if the primary fails.

4. Affinity-Based Scheduling

Method ensuring that user requests remain connected to the same server throughout a session.

5. Round-Robin Scheduling

Method of distributing each new user request sequentially across available servers.

6. Weighted Round-Robin Scheduling

Modified round-robin method accounting for varying server capacities or loads.

7. Virtual IP (VIP)

Single IP address representing multiple systems behind a load balancer, hiding the actual IP addresses.

8. Persistence (Session Persistence)

Ensuring subsequent requests from a user are directed to the same server to maintain continuity.

9. Network Segmentation

Dividing a network into multiple segments to limit traffic flow, enhance security, and improve management.

10. VLAN (Virtual Local Area Network)

Logical segmentation of a physical network, allowing separate networks to exist on shared hardware.

11. Trunking

Technique for spanning VLANs across multiple switches, enabling extended VLAN functionality.

12. Screened Subnet (DMZ)

Isolated network segment between the public internet and private internal networks, designed as a secure zone for externally facing servers.

13. Hardened Operating Systems

Systems specifically secured to minimize vulnerabilities and reduce the attack surface.

14. East-West Traffic

Network traffic flowing horizontally between servers and systems within the same data center or network segment.

15. North-South Traffic

Network traffic flowing vertically into and out of a data center, typically between internal and external networks.

16. Extranet

Semiprivate network using common internet technologies to share resources securely with external partners.

17. Intranet

Private internal network using common internet technologies to provide resources within an organization.

18. Proxy Server

Intermediate server handling requests from internal users to external resources, enhancing security by filtering traffic.

19. Forward Proxy

Proxy server acting on behalf of the client, typically used to enforce security and filtering policies for outbound traffic.

20. Reverse Proxy

Server-side proxy intercepting incoming requests, providing load balancing, traffic filtering, and SSL offloading.

21. Zero Trust Security Model

Security strategy assuming no implicit trust and verifying each request before granting access.

22. Virtual Private Network (VPN)

Secure encrypted tunnel allowing private communications over public networks.

23. Always-On VPN

VPN configuration that automatically establishes and maintains a secure connection whenever internet connectivity is detected.

24. Split Tunnel VPN

VPN method routing only specified traffic through the secure tunnel, while other traffic accesses the internet directly.

25. Full Tunnel VPN

VPN method routing all traffic through the secure VPN connection, enhancing security but possibly impacting performance.

26. Remote Access VPN

Securely connects individual remote users to an internal network from remote locations.

27. Site-to-Site VPN

Secure connection linking two geographically separate networks through an encrypted tunnel.

28. IPSec (Internet Protocol Security)

Protocol suite providing secure communication through authentication, integrity, confidentiality, and anti-replay at the network layer.

29. Transport Mode (IPSec)

IPSec mode encrypting only the data payload of packets, leaving headers visible for routing.

30. Tunnel Mode (IPSec)

IPSec mode encrypting entire IP packets, including headers, providing maximum security.

31. SSL/TLS VPN

VPN utilizing Secure Sockets Layer/Transport Layer Security to encrypt communication between web browsers and servers.

32. HTML5 VPN

Browser-based secure remote access solution leveraging HTML5, eliminating the need for additional plugins.

33. Layer 2 Tunneling Protocol (L2TP)

VPN protocol used to create encrypted tunnels, often combined with IPSec for enhanced security.

34. Network Access Control (NAC)

Security methodology enforcing access policies based on device security posture and user credentials.

35. Agent-based NAC

NAC solution deploying software agents on connecting devices to verify compliance.

36. Agentless NAC

NAC solution where compliance checks occur without persistent agents, typically using network-based assessments.

37. Out-of-Band Management

Separate communication channel for managing network devices independently of regular network data channels.

38. Port Security

Network security method restricting access based on allowed MAC addresses.

39. Static Learning (Port Security)

Manually assigning specific MAC addresses to ports.

40. Dynamic Learning (Port Security)

Allowing switches to learn MAC addresses dynamically upon connection.

41. Sticky Learning (Port Security)

Dynamically learning and retaining MAC address information persistently across reboots.

42. Flood Guard

Protection mechanism managing and mitigating flooding attacks by monitoring and limiting network traffic rates.

43. BPDU Guard (Bridge Protocol Data Unit Guard)

Security feature preventing unauthorized BPDU packets to protect Spanning Tree Protocol configurations.

44. Loop Prevention

Techniques like Spanning Tree Protocol (STP) to prevent network loops at layer 2 of OSI model.

45. DHCP Snooping

Security measure preventing rogue DHCP servers from providing malicious configuration data to clients.

46. MAC Filtering

Allowing or denying network access based on permitted MAC addresses, primarily used on switches and wireless networks.

47. Jump Server

Hardened server providing controlled access to secure zones of a network.

48. NIDS (Network-based Intrusion Detection System)

System analyzing network traffic to detect suspicious activities and intrusions.

49. NIPS (Network-based Intrusion Prevention System)

System analyzing and actively blocking suspicious network traffic.

50. Signature-based Detection

Intrusion detection method using known patterns of malicious activity.

51. Heuristic/Behavioral Detection

Intrusion detection method identifying deviations from normal network behavior, typically using artificial intelligence.

52. Anomaly-based Detection

Intrusion detection method identifying traffic deviating from established normal patterns.

53. Inline NIPS

Intrusion prevention system directly inspecting and potentially blocking traffic in real-time.

54. Passive NIDS

Intrusion detection system monitoring network traffic passively without interfering directly.

55. Hardware Security Module (HSM)

Hardware device managing cryptographic keys and operations securely, often used for sensitive transactions.

56. Sensor

Device capturing network or system data to detect and report anomalies or malicious activities.

57. Aggregator

Device combining inputs from multiple sources into a single output channel, optimizing network efficiency.

58. Firewall

Security device enforcing network security policies by filtering inbound and outbound traffic based on predetermined rules.