CCDA chapter 7
Terms
undefined, object
copy deck
- Network Authorization
- -defines what a subject can do in a network
- What does Access Conrol do?
-
-guarantees confidentialty and integrity
-based on accounting, authorizing, authentication - What are the network authentication guidelines
-
-strong authentication for access from external and untrusted networks (Inernet, PSTN) and access to network devices
-use user friendly authentication - What is the principle of least privelege
- -each subjct has only the necessary priveleges to perform a task
- What are the common risk associated with Ecommerce modules?
-
-compromise of exposed hosts and applications
-compromise of other hosts from compromised hosts
-DoS directed at exposed hosts - What are common risks associted with Remote Access and VPN
-
-client and remote site identity spoofing
-data trasmission confidentiality and integrity
-compromise of client or remot site - Common risks in WAN module?
-
-data transmission confidentialty and integrity
-service provider WAN misconfiguration - What are the common risks asscoated with the Server Farm?
-
-network mapping attempts
-compromise of exposed hosts
-DoS directed at hosts and links
-Introduction to malicious code into trusted networks - What 3 key services does network security provide the networks and their users?
-
-data integrity
-data confidentitalty
-data and system availablity - What are integrity violations?
- -when attacker comes in and tries ot change the data without detection
- What are confidentialiaty threats?
- -attacker can read data taht he shouldnt read
- What is priveledge escalation
- -when attacks are done through first getting into other applications
- What are integrity violations and confidentialty breaches caused by?
-
-failure of network access control
-failure of operating system control
-failure of application access control
-failure to protect data in transit over the network - What is an example of an availabilty threat and what are they caused by?
-
-DoS
-caused by failure to handle exceptional conditions
-failure to handle vast quantities of data - Ahat are the 3 Network attacks?
-
-reconnaissance- networking mapping, network wide probing
-traffic attacks- reading and changing of data
-DoS- compromising availabilty - what are network target attacks stopped by?
-
-VPNs, firewalls
-perimeter defenses - What do network security policies document?
-
-level of risk a network is exposed to and how that risk will be managed
-continous process of revisions
-broken down in separate areas of applicability