BOR3307: Intro to Cybersecurity

Similar documents
Indicate whether the statement is true or false.

Indicate whether the statement is true or false.

PESIT Bangalore South Campus

5. Execute the attack and obtain unauthorized access to the system.

CyberP3i Course Module Series

Chapter 9. Firewalls

firewalls perimeter firewall systems firewalls security gateways secure Internet gateways

Protecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Introduction to Security

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

Firewalls can be categorized by processing mode, development era, or structure.

Chapter Topics Part 1. Network Definitions. Behind the Scenes: Networking and Security

Network Security and Cryptography. 2 September Marking Scheme

Why Firewalls? Firewall Characteristics

CSE 565 Computer Security Fall 2018

Computer Network Vulnerabilities

IC32E - Pre-Instructional Survey

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

COMPUTER NETWORK SECURITY

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Post-Class Quiz: Access Control Domain

Network Security: Firewall, VPN, IDS/IPS, SIEM

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

CIS Controls Measures and Metrics for Version 7

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

ECCouncil Exam v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ]

2. INTRUDER DETECTION SYSTEMS

Distributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015

CSC Network Security

Network Security Terms. Based on slides from gursimrandhillon.files.wordpress.com

1. Intrusion Detection and Prevention Systems

Define information security Define security as process, not point product.

CIS Controls Measures and Metrics for Version 7

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 10 Authenticating Users

CIH

Education Network Security

Google Cloud Platform: Customer Responsibility Matrix. December 2018

CSE 565 Computer Security Fall 2018

Computer Security: Principles and Practice

Intruders. significant issue for networked systems is hostile or unwanted access either via network or local can identify classes of intruders:

Point ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core

CHAPTER 8 FIREWALLS. Firewall Design Principles

Network Security and Cryptography. December Sample Exam Marking Scheme

INTRODUCTION TO ICT.

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

Fundamentals of Network Security v1.1 Scope and Sequence

CN!Express CX-6000 Single User Version PCI Compliance Status Version June 2005

Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1

ASA/PIX Security Appliance

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Wired internetworking devices. Unit objectives Differentiate between basic internetworking devices Identify specialized internetworking devices

Intrusion Detection. Comp Sci 3600 Security. Introduction. Analysis. Host-based. Network-based. Distributed or hybrid. ID data standards.

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

CND Exam Blueprint v2.0

GISF. GIAC Information Security Fundamentals.

Ready Theatre Systems RTS POS

Spring 2010 CS419. Computer Security. Vinod Ganapathy Lecture 14. Chapters 6 and 9 Intrusion Detection and Prevention

Firewall and IDS/IPS. What is a firewall?

Overview Intrusion Detection Systems and Practices

(2½ hours) Total Marks: 75

Security+ SY0-501 Study Guide Table of Contents

Intrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis

Children s Health System. Remote User Policy

Firewalls, IDS and IPS. MIS5214 Midterm Study Support Materials

University of Sunderland Business Assurance PCI Security Policy

School of Computer Sciences Universiti Sains Malaysia Pulau Pinang

High School Graduation Years 2016, 2017 and 2018

Overview. Computer Network Lab, SS Security. Type of attacks. Firewalls. Protocols. Packet filter

10 Defense Mechanisms

Unit 4: Firewalls (I)

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

Google Cloud Platform: Customer Responsibility Matrix. April 2017

Objective Applications, Devices, Protocols Applications, Devices, Protocols Classifying Network Components Objective 1.

What is a firewall? Firewall and IDS/IPS. Firewall design. Ingress vs. Egress firewall. The security index

Hands-On Ethical Hacking and Network Defense 3 rd Edition

Security SSID Selection: Broadcast SSID:

PA-DSS Implementation Guide For

Introduction and Statement of the Problem

CTS2134 Introduction to Networking. Module 08: Network Security

Radius, LDAP, Radius, Kerberos used in Authenticating Users

Intrusion Detection Systems and Network Security

Chapter Three test. CompTIA Security+ SYO-401: Read each question carefully and select the best answer by circling it.

CS System Security 2nd-Half Semester Review

Top-Down Network Design

Chapter 8 roadmap. Network Security

Understanding Cisco Cybersecurity Fundamentals

Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking

Payment Card Industry (PCI) Data Security Standard

align security instill confidence

NETWORK THREATS DEMAN

Networking interview questions

Network+ Guide to Networks 6th Edition. Network Security

E-Commerce Security Pearson Prentice Hall, Electronic Commerce 2008, Efraim Turban, et al.

Distributed Systems. Lecture 14: Security. Distributed Systems 1

Configuring BIG-IP ASM v12.1 Application Security Manager

Lecture 9 User Authentication

CISNTWK-440. Chapter 5 Network Defenses

Overview of Honeypot Security System for E-Banking

Transcription:

Key Terms for lesson 4 are listed below: It is important that you maintain a copy of these key terms handy as you take this course and complete the readings. Working from a standard lexicon will keep you from misinterpreting what the readings are. Access control list (ACL): the column of attributes associated with a particular object (such as a printer) in lattice- based access control. Access control: the method by which systems determine whether and how to admit a user into a trusted area of the organization that is, information systems, restricted areas such as computer rooms, and the entire physical location. Access point and wireless switch locations: Wireless components with bundled IDPS capabilities must be carefully deployed to optimize the IDPS sensor detection grid. Accountability (auditability): ensures that all actions on a system authorized or unauthorized can be attributed to an authenticated identity. Active vulnerability: scanners scan networks for highly detailed information. Address restrictions: rules designed to prohibit packets with certain addresses or partial addresses from passing through the device. Alarm clustering and compaction: A process of grouping almost identical alarms that happen at close to the same time into a single higher- level alarm. Alarm Filtering: The process of classifying IDPS alerts so that they can be more effectively managed. Alert or Alarm: An indication that a system has just been attacked and/or continues to be under attack. Application gateway (application- level firewall or application firewall): frequently installed on a dedicated computer, separate from the filtering router, but is commonly used in conjunction with a filtering router. Application protocol verification: the higher- order protocols (HTTP, FTP, and Telnet) are examined for unexpected packet behavior or improper use. Asynchronous tokens: don t require that the server and tokens all maintain the same time setting, use a challenge/response system. Authentication: the process of validating a supplicant s purported identity. Authorization: the matching of an authenticated entity to a list of information assets and corresponding access levels. Back hack: a hack into a hacker s system to find out as much as possible about the hacker. Bastion host (sacrificial host): stands as a sole defender on the network perimeter. Biometric access control: based on the use of some measurable human characteristic or trait to authenticate the identity of a proposed systems user (a supplicant). Capabilities table: the row of attributes associated with a particular subject (such as a user) in lattice- based access control. Centralized IDPS: control strategy where all IDPS control functions are implemented and managed in a central location Circuit gateway firewall: operates at the transport layer and connections are authorized based on addresses. Confidence Value: The measure of an IDPS s ability to correctly detect and identify certain types of attacks. Content filter: a software filter technically not a firewall that allows administrators to restrict access to content from within a network. Cost: The more sensors deployed, the more expensive the configuration. Wireless components typically cost more than their wired counterparts, and thus the total cost of ownership of IDPS of both wired and wireless varieties should be carefully considered.

Crossover error rate (CER): the level at which the number of false rejections equals the false acceptances, and is also known as the equal error rate. Diameter protocol: defines the minimum requirements for a system that provides authentication, authorization and accounting (AAA) services and can go beyond these basics and add commands and/or object attributes. Discretionary access controls (DACs): implemented at the discretion or option of the data user. Dumb cards: ID cards or ATM cards with magnetic stripes containing the digital (and often encrypted) user personal identification number (PIN), against which the number a user input is compared. Dynamic packet- filtering firewall: allows only a particular packet with a particular source, destination, and port address to enter. Enticement: the act of attracting attention to a system by placing tantalizing information in key locations. Entrapment: the act of luring an individual into committing a crime to get a conviction. Evasion: The process by which attackers change the format and/or timing of their activities to avoid being detected by the IDPS. False accept rate: the percentage of identification instances in which unauthorized users are allowed access to systems or areas as a result of a failure in the biometric device. False Attack Stimulus: An event that triggers alarms and causes a false positive when no actual attacks are in progress. False Negative: The failure of an IDS system to react to an actual attack event. False Positive: An alert or alarm that occurs in the absence of an actual attack. A false positive can sometimes be produced when an IDPS mistakes normal system activity for an attack. False reject rate: the percentage of identification instances in which authorized users are denied access a result of a failure in the biometric device. Fifth generation firewalls: include the kernel proxy, a specialized form that works under Windows NT Executive, which is the kernel of Windows NT. This type of firewall evaluates packets at multiple layers of the protocol stack, by checking security in the kernel as data is passed up and down the stack. Fingerprinting: a systematic survey of all of the target organization s Internet addresses (which were collected during the footprinting phase). Firewall: prevents specific types of information from moving between the outside world and the inside world. First generation firewalls: static packet- filtering firewalls that is, simple networking devices that filter packets according to their headers as the packets travel to and from the organization s networks. Footprinting: the organized research of the Internet addresses owned or controlled by a target organization. Fourth generation firewalls (dynamic packet- filtering firewalls): allow only a particular packet with a particular source, destination, and port address to enter. Fully distributed IDPS control strategy: all control functions are applied at the physical location of each IDPS component. Honeynet: a collection of honeypots connected to several honeypot systems on a subnet. Honeypots: decoy systems designed to lure potential attackers away from critical systems. Host- based IDPS (HIDPS): resides on a particular computer or server, known as the host, and monitors activity only on that system. Hybrid VPN: combines the trusted VPN and secure VPN, providing encrypted

transmissions (as in secure VPN) over some or all of a trusted VPN network. Identification: a mechanism whereby an unverified entity called a supplicant that seeks access to a resource proposes a label by which they are known to the system. Inline sensors: typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall. Intrusion detection and prevention system (IDPS): combined term; generally used to describe current anti- intrusion technologies. Intrusion detection systems (IDSs): works like a burglar alarm in that it detects a violation (some system activity analogous to an opened or broken window) and activates an alarm. Intrusion prevention system (IPS): can detect an intrusion and also prevent that intrusion from successfully attacking the organization by means of an active response. Kerberos: uses symmetric key encryption to validate an individual user to various network resources. Lattice- based access control: are assigned a matrix of authorizations for particular areas of access. Log file monitor (LFM) IDPS: similar to a NIDPS. Using LFM, the system reviews the log files generated by servers, network devices, and even other IDPSs, looking for patterns and signatures that may indicate that an attack or intrusion is in process or has already occurred. Mandatory access controls (MACs): use data classification schemes; they give users and data owners limited control over access to information resources. Minutiae: unique points of reference that are digitized and stored in an encrypted format when the user s system access credentials are created. Monitoring port (switched port analysis (SPAN) port or mirror port): a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device. Network- based IDPS (NIDPS): resides on a computer or appliance connected to a segment of an organization s network and monitors network traffic on that network segment, looking for indications of ongoing or successful attacks. Noise: Alarm events that are accurate and noteworthy but that do not pose significant threats to information security. Nondiscretionary controls: a strictly- enforced version of MACs that are managed by a central authority in the organization. Packet sniffer (network protocol analyzer): a network tool that collects copies of packets from the network and analyzes them. Packet- filtering firewall (filtering firewall): examines the header information of data packets that come into a network. Partially distributed IDPS control strategy: combines the best of centralized and fully distributed IDPS strategies. Passive vulnerability scanner: one that listens in on the network and determines vulnerable versions of both server and client software. Passphrase: a series of characters, typically longer than a password. Password: a private word or combination of characters that only the user should know. Physical security: Unlike wired network sensors, which can be physically secured, many wireless sensors are located in public areas like conference rooms, assembly areas, and hallways in order to obtain the widest possible network range. Port scanners: tools used by both attackers and defenders to identify (or fingerprint) the computers that are active on a

network, as well as the ports and services active on those computers, the functions and roles the machines are fulfilling, and other useful information. Protocol stack verification: in this process the NIDPSs look for invalid data packets that is, packets that are malformed under the rules of the TCP/IP protocol. Proxy server: see application gateway. Remote Authentication Dial- In User Service (RADIUS) system: centralizes the management of user authentication by placing the responsibility for authenticating each user in the central RADIUS server. Reverse firewalls: see content filters. Screened subnet: an entire network segment that performs two functions: it protects the DMZ systems and information from outside threats by providing a network of intermediate security (more secure than the general public networks but less secure than the internal network); and it protects the internal networks by limiting how external connections can gain access to them. Second generation firewalls: application- level firewalls or proxy servers that is, dedicated systems that are separate from the filtering router and that provide intermediate services for requestors. Secure VPNs: use security protocols and encrypt traffic transmitted across unsecured public networks like the Internet. Sensor range: A wireless device s range can be affected by atmospheric conditions, building construction, and the quality of both the wireless network card and access point. Signature- based IDPS (knowledge- based IDPS or a misuse- detection IDPS): examines network traffic in search of patterns that match known signatures that is, preconfigured, predetermined attack patterns. Site Policy Awareness: An IDS s ability to dynamically modify its site policies in reaction or response to environmental activity. Site Policy: The rules and configuration guidelines governing the implementation and operation of IDSs within the organization. Smart card: contains a computer chip that can verify and validate a number of pieces of information instead of just a PIN. State table: tracks the state and context of each packet in the conversation by recording which station sent what packet and when. Stateful inspection firewalls (stateful firewalls): keep track of each network connection between internal and external systems using a state table. Stateful protocol analysis (SPA): a process of comparing predetermined profiles of generally accepted definitions of benign activity for each protocol state against observed events to identify deviations. Statistical anomaly- based IDPS (stat IDPS) or behavior- based IDPS: collects statistical summaries by observing traffic that is known to be normal. Strong authentication: at minimum two different authentication mechanisms drawn from two different factors of authentication, most often something you have and something you know. Synchronous tokens: synchronized with a server, both devices (server and token) use the same time or a time- based database to generate a number that must be entered during the user login phase. System integrity verifiers: also known as HIDPSs; benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files. Terminal Access Controller Access Control System (TACACS): another remote access authorization system that is based on a client/server configuration. Third generation firewalls: stateful inspection firewalls, which, as described

previously, monitor network connections between internal and external systems using state tables. Trap- and- trace applications: an extension of the attractant technologies discussed in the previous section, are growing in popularity. True Attack Stimulus: An event that triggers alarms and causes an IDS to react as if a real attack was in progress. Trusted network: the inside world. Trusted VPN (legacy VPN): uses leased circuits from a service provider and conducts packet switching over these leased circuits. Tuning: The process of adjusting an IDPS to maximize its efficiency in detecting true positives, while minimizing both false positives and false negatives. Untrusted network: outside world for example, the Internet. Virtual password: derived from a passphrase. Virtual private network (VPN): a private and secure network connection between systems that uses the data communication capability of an unsecured and public network. War dialer: an automatic phone- dialing program that dials every number in a configured range (e.g.,555-1000 to 555-2000), and checks to see if a person, answering machine, or modem picks up. Wired network connections: Wireless network components work independently of the wired network when sending and receiving between stations and access points.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback