Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...

More documents

Recommendations

Info

124 CHAPTER 8 Security Standards and Services ■ ■ Systems or devices used as lures often also contain deliberately tantalizing objects or resources to attract and hold an attacker’s interest long enough to give a backtrace a chance of identifying the attack’s point of origin. Systems or devices used as lures also include or are monitored by passive applications that can detect and report on attacks or intrusions as soon as they start, so the process of backtracing and identification can begin as soon as possible. Honeynets A honeynet is a network that is set up to attract potential attackers and distract them from your production network. In a honeynet, attackers will not only find vulnerable services or servers but also find vulnerable routers, firewalls, and other network boundary devices, security applications, and so forth. The following characteristics are typical of honeynets: ■ Network devices used as lures are set up with only “out of the box” default installations so that they are deliberately made subject to all known vulnerabilities, exploits, and attacks. ■ The devices used as lures do not include sensitive information, so these lures can be compromised, or even destroyed, without causing damage, loss, or harm to the organization that presents them to be attacked. ■ Devices used as lures also include or are monitored by passive applications that can detect and report on attacks or intrusions as soon as they start, so the process of backtracing and identification can begin as soon as possible. Content filtering is the process used by various applications to examine content and make a decision based on the analysis of the content and the resulting actions can result in block or allow. Protocol analyzer takes a capture of each packet for later analysis, as traffic moves across the network from machine-to-machine. They are called by many names such as packet analyzer, network analyzer, and sniffer. Characteristics of protocol analyzers are as follows: ■ ■ ■ ■ Capture data is essentially a photocopy, and the original packet is not harmed or altered. All broadcast traffic will be captured. To capture traffic addressed to/from another machine on the network, the sniffer should be run in promiscuous mode. If a hub exists on the network, this allows the capturing of all packets on the network regardless of their source or destination. EXAM WARNING Remember that an IPS is designed to be a preventive control. When an IDS identifies patterns that may indicate suspicious activities or attacks, an IPS can take immediate action that can block traffic, blacklist an IP address, or even segment an infected host to a separate virtual local area network (VLAN) that can only access an antivirus server.
Security Zones 125 SECURITY ZONES You must imagine the different pieces that make up a network as discrete network segments, called security zones, each holding systems that share common requirements. Characteristics of security zones include the following: ■ ■ ■ ■ Systems in a zone may be running different protocols and OSes, such as Windows and NetWare. The type of a computer and its operating system do not dictate a particular security zone. Where the machine resides in the environment helps to define the security zone it resides in. Common requirements of a security zone may include the following: ■ The types of information the zone handles. ■ Who uses the zone. ■ What levels of security the zone requires to protect its data. EXAM WARNING A security zone is defined as any portion of a network that has specific security concerns or requirements. Intranets, extranets, demilitarized zones (DMZs), and VLANs are all security zones. The following are samples of security zones that may be defined in your environment: ■ DMZs A DMZ is a network segment which exists between the hostile Internet and the trusted internal network. Often, systems which need to be made accessible to the public Internet are placed in the DMZ, which offers some basic levels of protection against attacks but is not considered as secure as the trusted internal network. ■ DMZ segments can exist in one of the following two ways: • Layered DMZ implementation – the systems that require protection are placed between two firewall devices with different rule sets, which allow systems on the Internet to connect to the offered services on the DMZ systems, but prevent them from connecting to the computers on the internal segments of the organization’s network. • Multiple interface firewall implementation – a third interface is added to the firewall and the systems that require protection are placed on that network segment. The same firewall is used to manage the traffic between the Internet, the DMZ, and the protected network. See Figure 8.1 for a diagram of a multiple interface firewall implementation. The role of the firewall in all these scenarios is to manage the traffic between the network segments. The systems in the DMZ can host any or all the following services: ■ Hypertext Transfer Protocol (HTTP) servers Internet Information Services (IIS) or Apache servers provide Web sites for public and private usage.
Page 2 and 3:
Syngress is an imprint of Elsevier
Page 4 and 5:
xii About the Authors Technical Edi
Page 6 and 7:
2 CHAPTER 1 Network Fundamentals Ne
Page 8 and 9:
4 CHAPTER 1 Network Fundamentals re
Page 10 and 11:
6 CHAPTER 1 Network Fundamentals
Page 12 and 13:
8 CHAPTER 1 Network Fundamentals Wh
Page 14 and 15:
10 CHAPTER 1 Network Fundamentals d
Page 16 and 17:
12 CHAPTER 1 Network Fundamentals
Page 18 and 19:
14 CHAPTER 1 Network Fundamentals T
Page 20 and 21:
16 CHAPTER 1 Network Fundamentals T
Page 22 and 23:
18 CHAPTER 1 Network Fundamentals I
Page 24 and 25:
20 CHAPTER 2 Network Media DID YOU
Page 26 and 27:
22 CHAPTER 2 Network Media Table 2.
Page 28 and 29:
24 CHAPTER 2 Network Media ■ Perf
Page 30 and 31:
26 CHAPTER 2 Network Media Table 2.
Page 32 and 33:
28 CHAPTER 2 Network Media LAN TECH
Page 34 and 35:
30 CHAPTER 2 Network Media CONNECTO
Page 36 and 37:
32 CHAPTER 2 Network Media EXAM WAR
Page 38 and 39:
34 CHAPTER 2 Network Media problems
Page 40 and 41:
36 CHAPTER 2 Network Media electrom
Page 42 and 43:
38 CHAPTER 3 Network Devices Table
Page 44 and 45:
40 CHAPTER 3 Network Devices some o
Page 46 and 47:
42 CHAPTER 3 Network Devices ■
Page 48 and 49:
44 CHAPTER 3 Network Devices ■
Page 50 and 51:
46 CHAPTER 3 Network Devices EXAM W
Page 52 and 53:
48 CHAPTER 3 Network Devices ■ Du
Page 54 and 55:
50 CHAPTER 3 Network Devices Proxy
Page 56 and 57:
52 CHAPTER 3 Network Devices Top Fi
Page 58 and 59:
54 CHAPTER 3 Network Devices the co
Page 60 and 61:
56 CHAPTER 4 Wireless Networking
Page 62 and 63:
Page 64 and 65:
60 CHAPTER 4 Wireless Networking Ta
Page 66 and 67:
62 CHAPTER 4 Wireless Networking WE
Page 68 and 69:
64 CHAPTER 4 Wireless Networking Th
Page 70 and 71:
66 CHAPTER 4 Wireless Networking us
Page 72 and 73:
Page 74 and 75:
70 CHAPTER 4 Wireless Networking si
Page 76 and 77: 72 CHAPTER 4 Wireless Networking co
Page 78 and 79: 74 CHAPTER 5 The OSI Model and Netw
Page 94 and 95: 90 CHAPTER 6 TCP/IP and Routing ■
Page 96 and 97: 92 CHAPTER 6 TCP/IP and Routing For
Page 98 and 99: 94 CHAPTER 6 TCP/IP and Routing UND
Page 100 and 101: 96 CHAPTER 6 TCP/IP and Routing ■
Page 102 and 103: 98 CHAPTER 6 TCP/IP and Routing Sub
Page 104 and 105: 100 CHAPTER 6 TCP/IP and Routing co
Page 106 and 107: 102 CHAPTER 6 TCP/IP and Routing
Page 108 and 109: 104 CHAPTER 6 TCP/IP and Routing al
Page 110 and 111: CHAPTER 7 Wide Area Networking 107
Page 112 and 113: WAN Protocols and Properties 109 In
Page 114 and 115: WAN Protocols and Properties 111 Cr
Page 116 and 117: Internet Access Methods 113 EXAM WA
Page 118 and 119: Internet Access Methods 115 Wireles
Page 120 and 121: Internet Access Methods 117 Top Fiv
Page 122 and 123: Internet Access Methods 119 with th
Page 124 and 125: 122 CHAPTER 8 Security Standards an
Page 146 and 147: 144 CHAPTER 9 Network Management
Page 148 and 149: 146 CHAPTER 9 Network Management Wi
Page 150 and 151: 148 CHAPTER 9 Network Management Cr
Page 152 and 153: 150 CHAPTER 9 Network Management
Page 154 and 155: 152 CHAPTER 9 Network Management An
Page 156 and 157: 154 CHAPTER 9 Network Management Lo
Page 158 and 159: 156 CHAPTER 10 Network Troubleshoot
Page 176 and 177:
174 CHAPTER 10 Network Troubleshoot
Page 178 and 179:
Glossary 177 Access Determines who
Page 180 and 181:
Glossary 179 Extensible Authenticat
Page 182 and 183:
Glossary 181 Oscilloscope A cable t
Page 184 and 185:
Glossary 183 Wireless Network A net
Page 186 and 187:
186 Index Data link layer, 74-75 fu
Page 188 and 189:
188 Index Network troubleshooting,
show all

Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...

Create successful ePaper yourself

Delete template?

Save as template?