Detection & Analysis
A device that detects attacks and raises alerts. It is installed on network devices, such as routers or firewalls, and monitors network traffic.
Network-Based Intrusion Detection System (NIDS):
A VPN protocol that lacks security features, such as encryption. However, this protocol can still be used for a secure VPN connection if it is combined with another protocol that provides encryption.
Layer 2 Tunneling Protocol (L2TP):
A private data network that creates secure connections, or "tunnels," over regular Internet lines
Virtual Private Network (VPN):
An appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection
Web Application Firewall (WAF)
A private electronic network that links a company with its suppliers and customers
Extranet:
The method to secure a network by limiting which devices are allowed to connect to a network based on a list of MAC addresses kept by the wireless access points.
Media access control (MAC) filtering:
A system that examines network traffic and automatically responds to computer intrusions.
network-based intrusion prevention system (NIPS):
Used by switches to share information with other switches that are participating in the Spanning-Tree Protocol
Bridge Protocol Data Unit (BPDU):
A VPN that allows the user to always stay connected instead of connecting and disconnecting from it.
Always-on VPN
A hardware- or software-based network security system that is able to detect and block sophisticated attacks by filtering network traffic dependent on the packet contents.
Next generation firewall
a network designed for the exclusive use of computer users within an organization that cannot be accessed by users outside the organization
Intranet:
a preventative measure. The primary purpose is to prevent unauthorized DHCP servers from operating on a network.
Dynamic host configuration protocol (DHCP) snooping
Detection mode that, instead of trying to match known variants to a database, will measure traffic patterns against the baseline. Also known as Anomaly-based.
Heuristic/behavioral-based detection:
comprehensive security management tool that combines multiple security tools, including firewalls, virtual private networks, intrusion detection systems, and web content filtering and anti-spam software
Unified Threat Management (UTM):
An encrypted connection used with VPN's that only encrypts traffic going to private IP addresses used in the private network.
Split Tunnel VPN
Inspects traffic leaving the inside network as it goes out to the Internet.
stateful firewall
Security design paradigm where any request (host-to-host or container-to-container) must be authenticated before being allowed.
Zero trust:
A method of preventing switching loop or bridge loop problems. Both STP and RSTP prevent switching loops.
Loop prevention
the process of identifying rare or unexpected items or events in a data set that do not conform to other items in the data set
Anomaly Detection
instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances.
Network address translation (NAT) gateway
all traffic goes through the encrypted tunnel while the user is connected to the VPN
Full Tunnel VPN
A flrewall that manages and maintains the connection state of a session using the filter and ensures that only authorized packets are permitted in sequence.
stateless firewall
Switch port security feature that disables the port if it receives BPDU notifications related to spanning tree. This is configured on access ports where there any BPDU frames are likely to be malicious.
Bridge Protocol Data Unit (BPDU) guard:
can include avoiding physical cable loops among switches, using spanning tree protocol (STP) on switches, and implementing port security.
Broadcast storm prevention
A software application or gateway that filters client requests for various types of internet content (web, FTP, IM, and so on).
Content/URL filter
Policies that control how much bandwidth a protocol, PC, user, VLAN, or IP address may use.
Quality of Service (QoS):
A user-to-LAN virtual private network connection used by remote users.
Remote Access VPN:
Also known as knowledge-based detection or misuse detection, the examination of system or network data in search of patterns that match known attack signatures.
Signature-based detection
A clearly defined list of permissions that specifies what actions an authenticated user may perform on a shared resource.
Access Control List (ACL):
also known as DMZ; commonly uses two firewalls; one betweenpublic network and DMZ; other resides between the DMZ and the private network
Screened subnet