1
Q
Load balancing
A
2
Q
- Active/active
A
3
Q
- Active/passive
A
4
Q
- Scheduling
A
5
Q
- Virtual IP
A
6
Q
- Persistence
A
7
Q
Network segmentation
A
8
Q
VLAN
A
Virtual local area network
Chapple 365
Gibson 93
Weiss 342-345
9
Q
- Screened subnet (previously
known as demilitarized zone)
A
Chapple
Gibson
Weiss
10
Q
- East-west traffic
A
11
Q
- Extranet
A
12
Q
- Intranet
A
13
Q
- Zero Trust
A
14
Q
Virtual private network (VPN)
A
15
Q
- Always-on
A
16
Q
- Split tunnel vs. full tunnel
A
17
Q
- Remote access vs. site-to-site
A
18
Q
- IPSec
A
19
Q
- SSL/TLS
A
20
Q
- HTML5
A
21
Q
- Layer 2 tunneling protocol (L2TP)
A
22
Q
Out-of-band management
A
23
Q
Port security
A
24
Q
Port security - Broadcast storm prevention
A
25
- Bridge Protocol Data Unit (BPDU) guard
26
- Loop prevention
27
- Dynamic Host Configuration
Protocol (DHCP) snooping
28
- Media access control (MAC) filtering
29
Jump servers
Access secure network zones
– Provides an access mechanism
to a protected network
Highly-secured device
– Hardened and monitored
SSH / Tunnel / VPN to
the jump server
– RDP, SSH, or jump from there
A significant security concern
– Compromise to the
jump server is
a significant breach
30
Network appliances - Proxy servers
31
Proxy servers - Forward
32
Proxy servers - Reverse
33
Network appliances - Network-based intrusion detection
system (NIDS)/network-based intrusion prevention system (NIPS)
34
Network-based intrusion detection
system (NIDS)/network-based intrusion prevention system (NIPS) - - Signature-based
35
Network-based intrusion detection
system (NIDS)/network-based intrusion prevention system (NIPS) - Heuristic/behavior
36
Network-based intrusion detection
system (NIDS)/network-based intrusion prevention system (NIPS) - Anomaly
37
Network-based intrusion detection
system (NIDS)/network-based intrusion prevention system (NIPS) - Inline vs. passive
38
- HSM
Hardware Security Module (HSM)
* High-end cryptographic hardware
– Plug-in card or separate hardware device
* Key backup
– Secured storage
* Cryptographic accelerators
– Offload that CPU overhead
from other devices
* Used in large environments Clusters, redundant power
39
- Sensors
40
- Collectors
41
- Aggregators
42
Firewalls
43
Web application firewall (WAF)
-work at app layer
-sits in front of web serv. > receives all net. traffic headed to the serv.
> scrutinizes input headed to app/performing input validation b4 passing input to web serv.
-prevent mal. traffic from reaching web serv. + acts as part of layered defense against web app vulns.
44
- NGFW
45
- Stateful
46
- Stateless
47
- Unified threat management (UTM)
48
- Network address translation (NAT) gateway
49
- Content/URL filter
50
- Open-source vs. proprietary
51
- Hardware vs. software
52
- Appliance vs. host-based vs. virtual
53
ACL
Access control lists (ACLs)
– Allow or disallow traffic based on tuples
– Groupings of categories
– Source IP, Destination IP, port number, time of day,
application, etc.
54
Route security
55
Quality of service (QoS)
56
Implications of IPv6
57
Port spanning/port mirroring
58
Port spanning/port mirroring - Port taps
59
Monitoring services
60
File integrity monitors
Sec+ -> 3.0 Implementation (25%)
flashcards
Decks in class (9)
# Cards
-
3.1 - Given a scenario, implement secure protocols.28
-
3.2 - Given a scenario, implement host or application security solutions.42
-
3.3 - Given a scenario, implement secure network designs.60
-
3.4 - Given a scenario, install and configure wireless security settings.22
-
3.5 - Given a scenario, implement secure mobile solutions.49
-
3.6 - Given a scenario, apply cybersecurity solutions to the cloud.29
-
3.7 - Given a scenario, implement identity and account management controls.27
-
3.8 - Given a scenario, implement authentication and authorization solutions.27
-
3.9 - Given a scenario, implement public key infrastructure.33
