Podcast Beta
Questions and Answers
What is the primary function of a virtual firewall?
Which type of firewall specifically focuses on application-level traffic?
What does a NAT Gateway do?
What is a characteristic of signature-based detection in IDS?
Signup and view all the answers
What capability does the Client-to-Site VPN provide?
Signup and view all the answers
Which of the following statements is true about HIDS?
Signup and view all the answers
What does anomaly-based detection in IDS build its model from?
Signup and view all the answers
What is one of the advantages of heuristic-based detection?
Signup and view all the answers
What is the main advantage of using Full Tunnel over Split Tunnel in a VPN?
Signup and view all the answers
Which VPN protocol is commonly used for site-to-site connections?
Signup and view all the answers
How does MAC Filtering enhance port security?
Signup and view all the answers
What causes broadcast storms in a network?
Signup and view all the answers
What is the purpose of DHCP Snooping?
Signup and view all the answers
Which method can help prevent network loops?
Signup and view all the answers
What does load balancing primarily improve in a network?
Signup and view all the answers
Which component is essential for preventing DHCP Starvation attacks?
Signup and view all the answers
What is the primary purpose of network segmentation?
Signup and view all the answers
Which zone in network segmentation contains sensitive resources only accessible by authorized users?
Signup and view all the answers
What does the Zero Trust framework require for all users and devices?
Signup and view all the answers
What characterizes a stateful firewall?
Signup and view all the answers
What is the function of a Jump Server in network security?
Signup and view all the answers
Which of the following best describes a next-generation firewall (NGFW)?
Signup and view all the answers
What does the control plane manage in a Zero Trust architecture?
Signup and view all the answers
What is a characteristic of an untrusted zone in network segmentation?
Signup and view all the answers
What is the primary benefit of session persistence?
Signup and view all the answers
What distinguishes the active/passive mode from the active/active mode in load balancers?
Signup and view all the answers
Which scheduling algorithm distributes traffic to the server with the least number of active connections?
Signup and view all the answers
What is east-west traffic?
Signup and view all the answers
What is the key difference between an intranet and an extranet?
Signup and view all the answers
What type of traffic involves data entering or leaving a data center?
Signup and view all the answers
Which term refers to the secure network used exclusively by an organization's internal users?
Signup and view all the answers
What happens in the active/active mode of load balancers?
Signup and view all the answers
Study Notes
Network Segmentation
- Is dividing a network into secure zones to better manage access and enhance security
- Trusted zones contain sensitive resources and are only accessible by authorized users
- Untrusted zones are external networks with the lowest trust level, like the internet
- Demilitarized zones (DMZs) protect the trusted network from untrusted traffic, often used for web servers
- Jump servers are controlled access points for managing resources across different security zones, typically used for managing resources securely.
Zero Trust Framework
- Assumes both internal and external threats exist, requiring continuous authentication and authorization for all users and devices, regardless of location
- Core principles include:
- The network is considered compromised
- Trust is not based on device location
- Every access request is authenticated and authorized
- Security policies are dynamic and derived from multiple data sources
- Controlled plane manages authentication, authorization, and policy enforcement
- Data plane enforces security policies and controls access to protected resources through a policy enforcement point (PEP).
Firewalls
- Controls traffic based on rules, isolating trusted internal networks from untrusted external networks
- Stateless firewalls filter packets based on header information like Access Control Lists (ACLs)
- Stateful firewalls track the state of network traffic and allow packets belonging to established sessions
- Unified Threat Management (UTM) combines multiple security functions into a single device, simplifying management
- Next-Generation Firewalls (NGFWs) enhance traditional firewalls with deep packet inspection, application-level controls, and real-time threat intelligence integration
- Host-based firewalls are software running on individual hosts, managing their traffic
- Virtual firewalls operate inside virtual environments, controlling traffic via bridge or hypervisor modes
- Application firewalls focus on application-level traffic and protect against attacks like SQL injection
- Web Application Firewalls (WAFs) are a type of application firewall.
NAT Gateway
- Provides internet access to hosts in private networks by masking their private IP addresses with a single public IP
- Adds an extra layer of security.
Web Filtering
- Protects organizations from malicious or inappropriate web content
- DNS filtering blocks access to entire domains
- URL filtering blocks access to specific URLs
- Content filtering analyzes content to block risky or unwanted data based on predefined categories.
Network Intrusion Detection and Prevention Systems (NIDS/NIPS)
- NIDS (Network-based Intrusion Detection System) monitors network traffic for malicious activity
- HIDS (Host-based IDS) focuses on protecting individual hosts
- NIPS (Network-based Intrusion Prevention System) actively blocks threats in real-time
- Inline mode actively blocks attacks at the network edge
- Passive mode monitors network traffic without directly interacting, typically used for analysis but cannot prevent attacks
- Signature-based detection identifies threats using pre-defined attack signatures but struggles with new attacks (e.g., zero-day threats)
- Anomaly-based detection flags deviations from established normal behavior, but can lead to false positives
- Behavior-based detection focuses on abnormal actions by processes (e.g., scanning multiple ports)
- Heuristic-based detection is adaptive, updating its signatures dynamically and useful for detecting new threats.
VPN (Virtual Private Network)
- Enables private communication over public networks, ensuring confidentiality
- Site-to-Site VPNs connect different locations within the same organization
- Client-to-Site VPNs allow individual remote users to securely connect to a network (e.g., remote work)
- Full Tunnel encrypts all traffic, is more secure but slower
- Split Tunnel only encrypts private traffic, is faster but less secure
- SSL/TLS (Secure Sockets Layer/Transport Layer Security) ensures secure communication over the web, used in SSL VPNs
- IPSec secures data at the network layer, commonly used for site-to-site connections
- L2TP (Layer 2 Tunneling Protocol) is often paired with IPSec for secure tunneling at the data link layer.
Port Security
- Protects data link layer (OSI Layer 2) traffic on devices like switches, firewalls, and routers
- Port Disablement disables unused ports to prevent unauthorized devices from connecting
- MAC Filtering allows only specific MAC addresses to connect to a port
- IEEE 802.1X requires devices to authenticate before accessing the network
Network Loop Prevention
- Network loops occur when there are multiple paths between two endpoints at Layer 2, causing broadcast storms
- Broadcast storm prevention methods include disabling ports and limiting broadcast traffic
- Bridge Protocol Data Unit (BPDU) packets are exchanged by switches to detect loops and prevent them using the Spanning Tree Protocol (STP).
DHCP Snooping
- Prevents unauthorized DHCP servers from providing network configuration to clients
- Trusted Ports receive traffic from legitimate DHCP servers
- Untrusted Ports block rogue DHCP traffic
- Attacks Prevented by DHCP Snooping:
- DHCP Spoofing - Redirects client traffic by providing forged DHCP responses
- DHCP Starvation - Depletes the DHCP server's IP address pool, preventing legitimate clients from connecting (a form of DoS attack).
Load Balancing
- Distributes network or application traffic across multiple servers to improve capacity, reliability, and performance
- Typically operates at the transport layer (Layer 4) or application layer (Layer 7)
- Session Persistence (Sticky Session) ensures a client's requests are directed to the same server during a session
- Active/active mode increases capacity and redundancy, but is more costly
- Active/ passive mode has a primary load balancer active and a secondary standby, is commonly used for disaster recovery
- Load Balancer Scheduling Algorithms include:
- Least connection
- Least response time
- Round robin
- IP hash
Data Center Traffic
- East-west traffic is internal data traffic between components within the same data center or between data centers in the same security zone
- North-south traffic involves data that enters or leaves a data center, crossing security zones
Intranet and Extranet
- Intranet is a private, secure network accessible only by authorized internal users
- Extranet is a controlled network that provides limited access to an organization's intranet by external partners or customers.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
This quiz explores essential concepts of network security, focusing on network segmentation and the Zero Trust framework. Participants will learn about trusted and untrusted zones, DMZs, jump servers, and the importance of continuous authentication. Test your understanding of how these principles work together to enhance security in modern network environments.