Information Technology /Security+ (SY0-701): Lesson 5: Secure Enterprise Part 3
Security+ (SY0-701): Lesson 5: Secure Enterprise Part 3
This deck covers key concepts and mechanisms related to intrusion detection and prevention systems, load balancers, web application firewalls, and remote access architecture.
What mechanism does an intrusion detection system (IDS) use to function?
A sensor/packet sniffer (SPAN/TAP)
Tap or swipe ↕ to flip
Swipe ←→Navigate
SSpeak
FFocus
1/30
Key Terms
Term
Definition
What mechanism does an intrusion detection system (IDS) use to function?
A sensor/packet sniffer (SPAN/TAP)
Define 'Snort'
Open source Network intrusion detection system (NIDS).
How does an intrusion detection system (IDS) detect malicious traffic?
When traffic matches a detection signature, the IDS raises an alert or generates a log entry but does not block the source host.
Define an 'intrusion prevention system (IPS)'
Security appliance or software that can detect malicious traffic and can actively block attacks.
How does an intrusion prevention system (IPS) detect malicious traffic?
Scans traffic to match detection signatures.
What are the 3 actions an intrusion prevention system (IPS) can take after matching a signature?
Block the source
Reset the connection
Redirect traffic to a honeypot/honeynet for additional analysis
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
What mechanism does an intrusion detection system (IDS) use to function? | A sensor/packet sniffer (SPAN/TAP) |
Define 'Snort' | Open source Network intrusion detection system (NIDS). |
How does an intrusion detection system (IDS) detect malicious traffic? | When traffic matches a detection signature, the IDS raises an alert or generates a log entry but does not block the source host. |
Define an 'intrusion prevention system (IPS)' | Security appliance or software that can detect malicious traffic and can actively block attacks. |
How does an intrusion prevention system (IPS) detect malicious traffic? | Scans traffic to match detection signatures. |
What are the 3 actions an intrusion prevention system (IPS) can take after matching a signature? |
|
What are the two ways of deploying an intrusion prevention system (IPS)? |
|
What are 4 features of a 'next-generation firewall (NGFW)'? |
|
Define 'Unified threat management (UTM)' | All-in-one security appliances and agents that combine the functions of a firewall, malware scanner, intrusion detection, vulnerability scanner, data-loss prevention, content filtering, and so on. |
What is a downfall to implementing Unified threat management (UTM)? | Creates single point of failure; Latency issues due to consolidated overhead; Overall performance issues. |
Define a 'Load balancer' | A type of switch, router, or software that distributes client requests between different resources. |
What are the benefits of a load balancer? | Mitigation against denial of service attacks; Provide fault tolerance. |
What are the two main types of load balancers? |
|
Define a 'layer 4 load balancer' | Makes forwarding decisions based on IP address and TCP/UDP port values, working at the transport layer of the OSI model. |
Define a 'layer 7 load balancer' (content switch) | Makes forwarding decisions based on application-level data; Uniform resource locator (URL) web address or data types like video or audio streaming. |
Define the 'scheduling' function implemented by load balancers | Algorithm and metrics that determine which node is selected for processing each incoming request from the load balancer. |
What is the most common/simplest form of the scheduling function in a load balancer? | Round-robin |
Define 'Round robin' scheduling | Picking the next node based on a defined metric. |
How is a heart beat mechanism used in determine scheduling in a load balancer? | To verify whether each node is available and under load or not. |
How does a client keep a persistent connection with a node configured behind a layer 4 load balancer? | Source IP Session affinity |
Define 'Source IP/Session Affinity' | Layer 4 load balancer scheduling approach. |
What is the function of 'Source IP (Session) Affinity? | To route traffic to nodes that have previously established connections with the client in question. |
How does a layer 7 load balancer keep a client connected to a session with a node? | Persistence configuration |
Define 'persistence' configuration in a layer 7 load balancer | Sticky Sessions; Enables a client to maintain a connection with a load-balanced server over the duration of the session. |
How does the persistence configuration in a layer 7 load balancer keep a client connected to a session? | By setting a cookie on the node or injected by the load balancer. |
Define a 'web application firewall (WAF)' | Firewall designed specifically to protect software running on web servers and their back-end databases from code injection and DoS attacks. |
How does a web application firewall (WAF) detect/protect? | Uses application-aware processing rules to filter traffic and perform application-specific intrusion detection; Programmed with signatures of known attacks and use pattern matching to block requests containing suspect code. |
How can a web application firewall (WAF) be deployed/implemented? | Deployed as an appliance protecting the zone that the web server is placed in or as plug-in software for a web server platform. |
Define 'Remote access architecture' | Infrastructure, protocols, and software that allow a host to join a local network from a physically remote location. |
What is the most common modern remote access mechanism/technology? | virtual private network (VPN) |