Introduction to IP Network Security

Questions and Answers

The "2000 CSI/FBI Computer Crime and Security Survey" was conducted in ______ 2000.

early

According to the survey, ______ percent of participants from large U.S. corporations detected security breaches in 1999.

90

Around ______ percent of survey participants experienced breaches more severe than just viruses or employee web abuse.

70

Over ______ million dollars in financial loss was reported due to cyberattacks by survey participants.

265

The security threats surveyed originated both ______ and ______ to the network borders.

internally

The largest financial loss reported was attributed to the ______ of proprietary information.

theft

The survey revealed that financial losses exceeded those of previous years in ______ out of twelve categories.

eight

The rising popularity of electronic commerce is driving the need for increased ______

security

David Buckland, Wendi Wong, and others are associated with ______ Publishers.

Transquest

Kwon Sung June is affiliated with ______ Publishing.

Acorn

Ethan Atkin is associated with ______ International.

Cranbury

Global Knowledge aims to support various ______ styles for students.

learning

Duncan Anderson holds the position of President and Chief Executive ______ at Global Knowledge.

Officer

Russell Lusignan is a Senior Network Engineer for Bird on a Wire ______.

Networks

Russell's expertise includes LAN routing and switching technologies and network ______ implementations.

security

Chapters 3, 4, and 6 are authored by ______ Lusignan.

Russell

The ______ provides a secure connection between two networks over a public network.

VPN

In the realm of computer security, ______ refers to the ability of a system or network to remain operational in the face of attacks or failures.

Availability

______ is a cryptographic protocol that provides secure communication over a network.

IPsec

______ is a term used to describe the process of verifying the identity of a user or device.

Authentication

The ______ layer of the TCP/IP model handles routing and addressing of data packets.

Internet

A ______ access list allows or denies traffic based on source and destination addresses.

Standard

______ is a technique used to translate private IP addresses to public IP addresses.

Network address translation (NAT)

The ______ firewall is a hardware-based firewall that provides a variety of security services.

Cisco PIX

______ is a cryptographic technique that uses two keys, one for encryption and one for decryption.

Asymmetric cryptography

______ is a security protocol that provides confidentiality, integrity, and authentication for IP communications.

IPsec

______ is a network security technique that involves filtering traffic based on rules configured in a specific order.

Access control

The ______ layer of the TCP/IP model is responsible for providing reliable data transfer between applications.

Transport

______ is a type of NAT that translates multiple private IP addresses to a single public IP address with different port numbers for each connection.

Network Address Port Translation (NAPT)

The ______ is a secure shell protocol that provides encrypted communication between devices.

Secure Shell (SSH)

The ______ of security is a never-ending task.

Challenges

______ is a cryptographic technique that involves using the same key for both encryption and decryption.

Symmetric cryptography

Every network security manager aims to achieve the best possible ______.

security

An enterprise must decide what level of ______ is required.

security

The risks of poor security are ______ and the stakes are high.

real

An enterprise must consider the ______ of security measures on costs, personnel, and training.

impact

Cisco ______ is a security tool.

Secure

Cisco ______ Manager is a tool for managing firewalls.

PIX

Cisco ______ ACL Manager is a tool for managing access control lists.

Works

David G. Schaer is the President of Certified Tech ______, Inc.

Trainers

Oliver Steudler is a Senior Systems ______ at iFusion Networks.

Engineer

Jacques Allison received his engineering diploma in Computer ______ in 1996.

Systems

John Barnes is currently pursuing his ______.

CCIE

David G. Schaer has provided training sessions throughout the United States, Europe, and Central ______.

America

Jacques Allison has been involved in Microsoft-related projects involving IP ______ and network infrastructure design.

addressing

John Barnes has over ten years of experience in ______, design, and troubleshooting of networks.

implementation

Oliver Steudler has over ______ years of experience in complex networks.

10

Cisco's approach to ______ is crucial in network security.

security

The ______ Scanner is used to search for vulnerabilities in a network.

Secure

The functionality of Cisco Secure Intrusion Detection System is known as ______.

NetRanger

PIX Firewall Manager provides an overview of network ______.

security

Using ______ can ensure consistency in Access Control Lists.

ACL Manager

Cisco Secure Policy Manager facilitates ______ management.

security

The installation requirements for Cisco Secure ACS include specific ______.

hardware

Managing Cisco Security Fast Track involves understanding ______ processes.

security

Network ______ analysis tools are essential for identifying vulnerabilities.

vulnerability

A Configuration Example can help users in ______ the Cisco Secure Policy Manager.

using

Cisco Secure ACS benefits include enhanced ______ control.

access

Having a secure network requires regular ______ of the system.

updates

The Data Management Package in NetRanger assists with ______ management.

data

To ensure a smooth operation, installation requirements for systems must be ______.

followed

The ______ feature set is part of the Cisco Secure Integrated Software.

firewall

Flashcards

Global Knowledge's Goal

Global Knowledge is the largest IT training company in the world with a goal of supporting learners in achieving success as technical professionals.

Global Knowledge's Learning Options

Global Knowledge provides a variety of learning options like books, online courses, and instructor-led training.

Global Knowledge's Experience

Global Knowledge leverages its extensive experience training hundreds of thousands of students worldwide to create high-quality books.

Global Knowledge's Commitment

Global Knowledge is committed to providing the best learning experience for students across all its learning formats.

Global Knowledge's Long-Term Goal

Global Knowledge's goal is to be a long-term partner for learning and development.

Russell Lusignan's Expertise

Russell Lusignan is a Senior Network Engineer with expertise in LAN routing, switching, and network security.

Russell Lusignan's Contributions

Russell Lusignan is the contributor of chapters 3, 4, and 6.

Russell Lusignan's Work

Russell Lusignan works for Bird on a Wire Networks, a high-end web server and ASP provider, and is a technical trainer for the Computer Technology Institute.

Network Engineer

A professional who designs, implements, and troubleshoots complex networks. They have extensive experience in network infrastructure and may hold certifications like CCNA or CCNP.

CCNA

An industry-recognized certification that validates a person's skills and knowledge in Cisco networking technologies. It stands for Cisco Certified Network Associate.

CCNP

An industry-recognized certification that verifies an individual's advanced networking skills and knowledge. It stands for Cisco Certified Network Professional.

IPSec

A network security framework that helps protect information during transmission over a network. It uses encryption and authentication to secure communication.

CA Unicenter TNG

A type of network management system that provides a comprehensive view of network devices, performance, and security. It stands for CA Unicenter TNG.

Network Instructor

A professional who teaches and trains others in networking technologies. They may specialize in specific certifications like CCNA, CCNP, or CCIE.

CCIE

A certification that verifies expertise in Cisco networking at the highest level. It's known for being difficult to achieve.

Authentication

A network security protocol that protects data from unauthorized access by verifying the authenticity of the sender and receiver.

Cisco Secure Scanner (NetSonar)

A Cisco tool designed to detect vulnerabilities in a network. It scans for common weaknesses and exploits, helping to identify potential threats and implement corrective actions.

Sensor Placement

The process of strategically placing sensors throughout a network to monitor and detect malicious activity.

Cisco's Approach to Security

A common approach to network security that involves using various techniques to reduce the risk of attacks and protect valuable information.

Network Vulnerability Analysis Tools

A Cisco product designed to analyze network vulnerabilities, identify weaknesses, and improve security posture. It scans for different vulnerabilities and provides detailed reports.

nrConfigure

A configuration that determines how a network intrusion detection system (IDS) operates.

Data Management Package (DMP)

The ability to collect and store critical data about network events for further analysis by a Cisco intrusion detection system.(IDS).

Cisco Secure Intrusion Detection System (NetRanger)

A Cisco product designed to detect malicious network activity in real-time. It monitors network traffic for suspicious patterns and alerts administrators to potential threats.

Cisco IOS Intrusion Detection System

A Cisco product that integrates security features directly into routers and switches using IOS, enabling network devices to detect and block attacks.

PIX Firewall Manager

A Cisco product designed to manage and configure PIX firewalls. It simplifies the administration of these devices and enhances the security of the network as a whole.

CiscoWorks 2000 ACL Manager

A Cisco tool used to manage Access Control Lists (ACLs) in a centralized way. It helps administrators create, modify, and deploy ACLs across the network.

Cisco Secure Policy Manager

A Cisco product designed to provide a comprehensive security management solution for the entire network.

Cisco Secure ACS

A Cisco product that provides authentication, authorization, and accounting (AAA) services for network access. It helps control who can access the network and what resources they are allowed to use.

Cisco Security Fast Track

A Cisco program designed to aid businesses in adopting cutting-edge security technology. It helps companies develop a comprehensive security plan and implement best practices.

Network Security

Protecting network assets from unauthorized access, use, disclosure, disruption, modification, or destruction.

Network Security Management

The process of identifying, analyzing, and mitigating threats to network security.

Security Level Decision

An enterprise must assess its security needs based on its assets, risks, and resources.

Security Challenge

Always protecting your network from threats is challenging.

Security Risks

The risks of failing to secure a network are significant.

Security Decision

Choosing the right security measures for your network is crucial.

Security Impact

Security measures can impact costs, personnel, and training.

Security Customization

Security measures should be tailored to the specific needs of the network.

Traffic Filtering

A security feature that allows a host or network to control incoming and outgoing traffic based on rules.

Access Lists

A set of rules that specify what traffic is allowed or denied entry into or exit from a network.

Standard IP Access Lists

A type of access list that only uses source addresses to decide whether to allow or deny traffic.

Extended IP Access Lists

A type of access list that uses both source and destination addresses, along with port numbers and protocols, to make decisions.

Named Access Lists

A type of access list that uses keywords like "permit" or "deny" to define actions for different traffic types.

Demilitarized Zone (DMZ)

A security technique that involves creating a separate zone within a network, often used to isolate sensitive servers from direct internet access.

Inspection Rule

A specific rule that dictates how a particular application should be handled.

Network Address Translation (NAT)

A mechanism that allows a private network to communicate with the internet using a smaller range of public IP addresses.

Network Address Port Translation (NAPT)

A type of NAT that translates both the IP address and the port number of a private network connection to a public address and port.

Cisco PIX Firewall

A dedicated security device that controls network traffic and enforces security rules.

Virtual Private Network (VPN)

A technology that creates a secure connection over a public network, simulating a private network connection.

IPSec VPN

A type of VPN that uses the Internet Key Exchange (IKE) protocol to establish secure connections.

Internet Key Exchange (IKE)

The first phase of an IPSec VPN connection, used to establish secure communication and authenticate the parties involved.

IP Security (IPSec)

A group of technologies used to protect network communication, including authentication, encryption, and access control.

2000 CSI/FBI Computer Crime and Security Survey

A survey conducted in 2000 that revealed 90% of large U.S. companies experienced security breaches, with 70% facing more serious issues than viruses or employee web abuse.

Cyber Attacks

The deliberate and unauthorized use of computer networks for personal gain or malicious purposes, encompassing various forms of attacks and abuse originating both inside and outside the organization's network.

Theft of Proprietary Information

A security threat that aims to steal confidential data, including proprietary information, financial records, and sensitive documents.

Financial Fraud

A type of cyber attack that manipulates financial systems for unauthorized financial gains, leading to monetary losses.

Viruses

Software programs designed to disrupt or damage computer systems, often spreading rapidly through network connections.

Insider Net Abuse

The misuse of company resources, including internet access and network connections, by employees for personal purposes during work hours.

Unauthorized Insider Access

Unauthorized access to an organization's internal systems and data by individuals who are not authorized to view or modify these resources.

Electronic Commerce (E-commerce)

The process of buying and selling goods and services electronically, often over the internet, used by both businesses and individuals.

Study Notes

Introduction to IP Network Security

• 90% of large US corporations, financial institutions, medical institutions, universities, and government agencies detected security breaches in 1999 (CSI/FBI survey).
• 70% experienced breaches more serious than viruses or employee misuse.
• 42% (273 organizations) reported financial losses over $265 million from cyber attacks in 1999.
• Losses were highest from proprietary information theft, followed by financial fraud, viruses, insider misuse, and unauthorized access.
• Increasing use of electronic commerce (business-to-business and business-to-consumer) exposes more corporate data.
• New initiatives like Application Service Providers (ASPs) expose corporate data and services through the Internet.

Description

Explore the critical aspects of IP network security, which highlight the vulnerabilities and financial impacts of security breaches experienced by large organizations. Understand the trends and challenges in safeguarding sensitive data and the increasing risks associated with electronic commerce. This quiz will test your knowledge of these essential security concepts.