Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...

More documents

Recommendations

Info

122 CHAPTER 8 Security Standards and Services ■ ■ IDSes may be software-based or may combine hardware and software. Network IDS exists for the purpose of catching malicious activity once the activity occurs anywhere within your network environment. Intrusion Prevention Systems An intrusion prevention system (IPS) is basically the same tool as an IDS except that it has the capability to take some sort of action in response to a suspected attack, such as blocking the malicious network traffic. An IPS is capable of responding to attacks when they occur, such as: ■ Halting the attack in progress. ■ Automatically updating firewall and router rules to block future traffic from the same address. FIREWALLS A firewall blocks access to an internal network from outside and blocks users of the internal network from accessing potentially dangerous external networks or ports. There are three distinct firewall technologies: ■ Packet filtering A network layer firewall or packet-filtering firewall works at the network layer of the Open Systems Interconnection (OSI) model and can be configured to deny or allow access to specific ports or Internet Protocol (IP) addresses. It is designed to operate rapidly by either allowing or denying packets simply based on source and destination IP address and port information. This is the simplest and fastest form of traffic-filtering firewall technologies. ■ It works in two directions: to keep intruders at bay and to restrict access to the external network from internal users. ■ Two distinct firewall base policies are as follows: • Allow by default – it allows all traffic to pass through the firewall except traffic that is specifically denied. • Deny by default – it blocks all traffic from passing through the firewall except for traffic that is explicitly allowed. ■ Ports 0 through 1023 are considered well-known ports. These ports are used for specific network services and should be considered the only ports allowed to transmit traffic through a firewall. ■ Ports outside the range of 0 through 1023 are either registered ports or dynamic/private ports. • User ports range from 1024 to 49,151. • Dynamic/private ports range from 49,152 to 65,535. ■ Since only the header of a packet is examined, a packet-filtering firewall has speed. ■ There are two major drawbacks to packet filtering: • A port is either open or closed. • It does not understand the contents of any packet beyond the header. ■ Stateful inspection Stateful inspection operates at the network and the transport layers of the OSI model, but it has the ability to monitor
Hardware and Software Security Devices 123 ■ state information regarding a connection. In effect, when a connection is established between two hosts, the firewall will initially determine if the connection is allowable based on a set of rules about source and destination ports and IP addresses. Once the connection is deemed to be acceptable, the firewall remembers this. Therefore, subsequent traffic can be examined as either permissible or not within the context of the entire session. It then functions by checking each packet to verify that it is an expected response to a current communications session. Application-layer gateways They are also called as application-layer gateway devices or application filtering. Application-layer gateways are more advanced than packet filtering, operate at the application layer of the OSI model, and examine the entire packet to determine what should be done with the packet based on specific defined rules. They use complex rules to determine the validity of any given packet, and part of analyzing each packet includes verifying that it contains the correct type of data for the specific application it is attempting to communicate with. ■ The drawbacks to application-layer gateway technology are as follows: • Application-layer gateways are much slower than packet filters. • A limited set of application rules are predefined and any application not included in the predefined list must have custom rules defined and loaded into the firewall. • Application-layer gateways must then rebuild packets from the top down and send them back out. This breaks the concept behind the client/server architecture and slows the firewall down even further. Proxy Servers A proxy server is a server that sits between an intranet and its Internet connection and provides features such as document caching for faster browser retrieval and access control. ■ ■ Proxy servers can provide security for a network by filtering and discarding requests that are deemed inappropriate by an administrator. Proxy servers protect the internal network by masking all internal IP addresses – all connections to the Internet servers appear to be coming from the IP address of the proxy servers. Honeypot A honeypot is a computer system that is deliberately exposed to public access for express purpose of attracting and distracting attackers. The following characteristics are typical of honeypots: ■ ■ Systems or devices used as lures are set up with only “out of the box” default installations so that they are deliberately made subject to all known vulnerabilities, exploits, and attacks. The systems or devices used as lures do not include sensitive information, so these lures can be compromised, or even destroyed, without causing damage, loss, or harm to the organization that presents them to be attacked.
Page 2 and 3:
Syngress is an imprint of Elsevier
Page 4 and 5:
xii About the Authors Technical Edi
Page 6 and 7:
2 CHAPTER 1 Network Fundamentals Ne
Page 8 and 9:
4 CHAPTER 1 Network Fundamentals re
Page 10 and 11:
6 CHAPTER 1 Network Fundamentals
Page 12 and 13:
8 CHAPTER 1 Network Fundamentals Wh
Page 14 and 15:
10 CHAPTER 1 Network Fundamentals d
Page 16 and 17:
12 CHAPTER 1 Network Fundamentals
Page 18 and 19:
14 CHAPTER 1 Network Fundamentals T
Page 20 and 21:
16 CHAPTER 1 Network Fundamentals T
Page 22 and 23:
18 CHAPTER 1 Network Fundamentals I
Page 24 and 25:
20 CHAPTER 2 Network Media DID YOU
Page 26 and 27:
22 CHAPTER 2 Network Media Table 2.
Page 28 and 29:
24 CHAPTER 2 Network Media ■ Perf
Page 30 and 31:
26 CHAPTER 2 Network Media Table 2.
Page 32 and 33:
28 CHAPTER 2 Network Media LAN TECH
Page 34 and 35:
30 CHAPTER 2 Network Media CONNECTO
Page 36 and 37:
32 CHAPTER 2 Network Media EXAM WAR
Page 38 and 39:
34 CHAPTER 2 Network Media problems
Page 40 and 41:
36 CHAPTER 2 Network Media electrom
Page 42 and 43:
38 CHAPTER 3 Network Devices Table
Page 44 and 45:
40 CHAPTER 3 Network Devices some o
Page 46 and 47:
42 CHAPTER 3 Network Devices ■
Page 48 and 49:
44 CHAPTER 3 Network Devices ■
Page 50 and 51:
46 CHAPTER 3 Network Devices EXAM W
Page 52 and 53:
48 CHAPTER 3 Network Devices ■ Du
Page 54 and 55:
50 CHAPTER 3 Network Devices Proxy
Page 56 and 57:
52 CHAPTER 3 Network Devices Top Fi
Page 58 and 59:
54 CHAPTER 3 Network Devices the co
Page 60 and 61:
56 CHAPTER 4 Wireless Networking
Page 62 and 63:
Page 64 and 65:
60 CHAPTER 4 Wireless Networking Ta
Page 66 and 67:
62 CHAPTER 4 Wireless Networking WE
Page 68 and 69:
64 CHAPTER 4 Wireless Networking Th
Page 70 and 71:
66 CHAPTER 4 Wireless Networking us
Page 72 and 73:
Page 74 and 75: 70 CHAPTER 4 Wireless Networking si
Page 76 and 77: 72 CHAPTER 4 Wireless Networking co
Page 78 and 79: 74 CHAPTER 5 The OSI Model and Netw
Page 94 and 95: 90 CHAPTER 6 TCP/IP and Routing ■
Page 96 and 97: 92 CHAPTER 6 TCP/IP and Routing For
Page 98 and 99: 94 CHAPTER 6 TCP/IP and Routing UND
Page 100 and 101: 96 CHAPTER 6 TCP/IP and Routing ■
Page 102 and 103: 98 CHAPTER 6 TCP/IP and Routing Sub
Page 104 and 105: 100 CHAPTER 6 TCP/IP and Routing co
Page 106 and 107: 102 CHAPTER 6 TCP/IP and Routing
Page 108 and 109: 104 CHAPTER 6 TCP/IP and Routing al
Page 110 and 111: CHAPTER 7 Wide Area Networking 107
Page 112 and 113: WAN Protocols and Properties 109 In
Page 114 and 115: WAN Protocols and Properties 111 Cr
Page 116 and 117: Internet Access Methods 113 EXAM WA
Page 118 and 119: Internet Access Methods 115 Wireles
Page 120 and 121: Internet Access Methods 117 Top Fiv
Page 122 and 123: Internet Access Methods 119 with th
Page 126 and 127: 124 CHAPTER 8 Security Standards an
Page 146 and 147: 144 CHAPTER 9 Network Management
Page 148 and 149: 146 CHAPTER 9 Network Management Wi
Page 150 and 151: 148 CHAPTER 9 Network Management Cr
Page 152 and 153: 150 CHAPTER 9 Network Management
Page 154 and 155: 152 CHAPTER 9 Network Management An
Page 156 and 157: 154 CHAPTER 9 Network Management Lo
Page 158 and 159: 156 CHAPTER 10 Network Troubleshoot
Page 174 and 175:
172 CHAPTER 10 Network Troubleshoot
Page 176 and 177:
174 CHAPTER 10 Network Troubleshoot
Page 178 and 179:
Glossary 177 Access Determines who
Page 180 and 181:
Glossary 179 Extensible Authenticat
Page 182 and 183:
Glossary 181 Oscilloscope A cable t
Page 184 and 185:
Glossary 183 Wireless Network A net
Page 186 and 187:
186 Index Data link layer, 74-75 fu
Page 188 and 189:
188 Index Network troubleshooting,
show all

Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...

Create successful ePaper yourself

Delete template?

Save as template?