Comptia Certmaster Ce Security+ Details

any software or hardware device that protects a system or network by blocking unwanted network traffic. Firewalls generally are configured to stop suspicious or unsolicited incoming traffic through a process called implicit deny.

A stateful firewall does track the active state of a connection and is able to make decisions based on the contents of a network packet as it relates to the state of the connection.

does not track the active state of a connection as it reaches the firewall. It allows or blocks traffic based on some static value associated with that traffic.

a list of objects with permissions attached to those objects. The list specifies which entities (such as individuals) have the rights to access specific resources and to what extent those resources may be modified (if at all).

The principle that establishes that everything that is not explicitly allowed is denied.

A single device that incorporates advanced encryption and authentication methods in order to handle a large number of VPN tunnels.

A remote access VPN connects individual remote users to the private network, whereas a site-to-site VPN connects two private networks together.

an open-source protocol framework for security development within the TCP/IP family of protocol standards. IPSec is not application dependent as it operates at the network layer (layer 3) of the OSI model.

IPSec encrypts just the IP payload, leaving the IP packet header unchanged so it can be easily routed through the internet

both the packet contents and header are encrypted.

One of the two protocols used in IPSec, Authentication Header (AH) provides authentication for the origin of transmitted data as well as integrity and protection against replay attacks.

One of the two protocols used in IPSec, provides the same functionality as Authentication Header (AH), with the addition of encryption to support the confidentiality of transmitted data.

When a device is connected to the VPN in full tunnel mode, all network traffic is sent through the tunnel and encrypted. In split mode, only some of the traffic is sent through the tunnel and encrypted.

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are security protocols that combine digital certificates for authentication with public key data encryption.

Some VPN concentrators support an always-on capability so that the user's device will automatically connect to the VPN any time it has an Internet connection.

A network intrusion prevention system (NIPS) monitors suspicious traffic on the network and reacts in real time to block it.

A NIDS primarily uses passive hardware sensors to monitor traffic on a specific segment of the network. It can sniff traffic and send alerts about anomalies or concerns.

Signature-based monitoring uses a predefined set of rules provided by a software vendor or security personnel to identify events that are unacceptable.

identifies the way in which an entity acts in a specific environment, and makes decisions about the nature of the entity based on this. Behavior-based monitoring identifies the way in which an entity acts, and then reviews future behavior to see if it deviates from the norm.

uses a definition of an expected outcome or pattern to events, and then identifies any events that do not follow these patterns. Events that sufficiently deviate from the preconfigured baseline of acceptable events may be identified as anomalous.

Inline (in-band) monitoring sensors are placed within a network segment so traffic must pass through the monitoring system before it reaches its destination. This allows the system to immediately block suspicious traffic. Passive or out-of-band sensors only receive a copy of the traffic.

Rules are conditions by which a system can identify abnormal operation. In signature-based monitoring, rules are provided by a software vendor or by security personnel to identify events that are unacceptable.

sets of data provided by systems like IDSs/IPSs that help security administrators identify trends and patterns of a device or a system's operation. Analytics are often provided in the form of logs or in graphical user interfaces (GUIs) for easier interpretation.

occurs when a tool identifies something as not being a vulnerability, when it actually is one. This may lead to issues that go undiscovered for a long time and is considered a catastrophic failure on the part of the scanning tool.

A device that transfers data from one network to another in an intelligent way

a device that has multiple network ports and combines multiple physical network segments into a single logical network. It controls network traffic on the logical network by creating dedicated, or switched, connections that contain only the two hosts involved in a transmission.

Switches can enforce port security by limiting the unique hardware that is allowed to receive communications on a particular port.

allows standard switches to forward broadcasts to all ports on the switch, but will send individual packets to the specific destination host based on the unique physical address assigned to each network adapter.

allows switches to perform routing functions based on protocol addresses.

Switches can also implement loop prevention (where traffic is bouncing back and forth between multiple switches connected to each other) by shutting down network access on ports where loops are detected.

Switches may also have flood guards that protect hosts on the switch against SYN flood and ping flood DoS attacks.

a device that acts on behalf of one end of a network connection when communicating with the other end of the connection. Proxies are often used as a method of content filtering.

Proxy used to forward outgoing requests from a private network or intranet to the Internet, usually through a firewall.

A device that routes incoming requests to the correct server.

A proxy that does not require any configuration on the user's computer.

A special proxy that "knows" the application protocols that it supports. For example, an FTP proxy server implements the protocol FTP.

A dedicated network device that can direct requests to different servers based on a variety of factors.

Works from top to bottom of list directing traffic to the next device.

A scheduling policy where tasks are preferentially scheduled onto the same processor they had previously been assigned. intended to reduce the number of open network connections between clients and servers.

one load balancer handles the primary workload, while another load balancer is on standby. If the primary load balancer fails, the load balancer on standby takes over and becomes active.

both load balancers take on equal portions of the workload. If one load balancer fails, the other will keep on providing service.

An IP address that can be shared by a group of routers. Do not have a physical network interface

Service Set Identifier, can be disabled but isn''t a reliable security feature

disabling service set identifier broadcast (SSID), MAC filtering, signal configuration and deciding between fat versus thin access points.

A method of controlling access on a wired or wireless network by denying access to an device that their MAC address does not match one that is on a pre-approved list. easily spoofed

Adjusting the strength of wireless signals can help contain the range of your network.

5 GHz frequency offers greater bandwidth 2.4 GHz frequency offers a larger range and can more easily penetrate solid objects like walls.

Yagi, Parabolic, Backfire and Cantenna Directional antennas transmit signals to a specific point. Have large gain, meaning reliable connection range and power

Rubber Ducky, ceiling dome send and receive radio waves from all directions, usually as the main distribution source of a wireless signal

An access point with limited functionality. (It does not provide authentication or encryption.) Requires additional devices to be secure

Intelligent wireless access point that provides everything needed to manage wireless clients. Need to be configured individually.

Wireless access point that depends on and connects to WLAN controller to configure wireless security settings. Thin APs

An AP that includes everything needed to connect wireless clients to a wireless network. This must be configured independently. Sometimes called a stand-alone AP. Compare with thin AP.

A two-part process consisting of security event monitoring (SEM), which performs real-time monitoring of security events, and security information management (SIM), where the monitoring log files are reviewed and analyzed by automated and human interpreters.

A SIEM feature that can show the order of the events.

To help uphold the integrity of security data, systems that push data to a SIEM can store log files on a Write once read many (WORM) storage medium. This ensures that once data is written, it cannot be modified—only read (in this case, by the SIEM).

software solution that detects and prevents sensitive information in a system or network from being stolen or otherwise falling into the wrong hands.

The set of standards defined by the network for clients attempting to access it. Usually, NAC requires that clients be virus free and adhere to specified policies before allowing them on the network.

Software agents can further be classified as either permanent or dissolvable. A permanent agent stays on the device indefinitely—a dissolvable agent is removed once the device is authenticated.

Agent software agents must be installed on the devices that request access for the NAC to carry out its health checks. Agentless NACs use network scanning and analysis techniques to ascertain health information, without devices requiring specific software.

This device or server is placed in the DMZ and sends out or receives e-mail for the organization. It does a virus scan and spam filter check to ensure it is a valid message.

A network device similar to a switch. The main difference is that a bridge has a single port for incoming traffic and a single port for outgoing traffic. Bridges are less ideal for high-speed and high-load networks.

SSL/TLS accelerators can offload the resource-intensive encryption calculations in SSL/TLS to reduce overhead for the server.

SSL/TLS decryptors solve this issue by decrypting traffic and then forwarding the plaintext traffic to the relevant security device for analysis.

which translate streaming media between different types of networks, may contain voice communications or intellectual property that the organization wants to keep secure.

A physical device that deals with the encryption of authentication processes, digital signings, and payment processes.