5-1
Chapter 5
Network Defenses
Additional Resources
- IP Addressing and Subnetting for New Users
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml
- Virtual LAN
http://en.wikipedia.org/wiki/VLAN
- Demilitarized zone
http://en.wikipedia.org/wiki/Demilitarized_zone_(computing)
- How Firewalls Work
http://www.howstuffworks.com/firewall.htm
- The Honeynet Project
http://www.honeynet.org/
- Snort – The de facto standard for intrusion detection/prevention
http://www.snort.org/
Key Terms
Ø cache A temporary storage area.
Ø classful addressing IP addresses that are split between the network and host portions set on the boundaries between the bytes.
Ø convergence Unifying voice and data traffic over a single Internet Protocol (IP) network.
Ø core switches Switches that reside at the top of the hierarchy and carry traffic between switches.
Ø demilitarized zone (DMZ) A separate network that sits outside the secure network perimeter, often used to provide “outside services” such as Web service and e-mail.
Ø honeypot A server intended to trap or trick attackers.
Ø host intrusion prevention systems (HIPS) Intrusion prevention systems that are installed on local systems.
Ø integrated network security hardware A hardware device that integrates multipurpose security appliances with a traditional network device such as a switch or router.
Ø Internet content filters A technology to monitor Internet traffic and block access to preselected Web sites and files.
Ø intrusion prevention system (IPS) A system that finds malicious traffic and deals with it immediately.
Ø IP telephony Adding digital voice clients and new voice applications onto the IP network.
Ø multiplexed Services such as voice, video, and data combined and transported under a universal format.
Ø network access control (NAC) A technology that examines the current state of a system and corrects any deficiencies before it is allowed to connect to the network.
Ø network address translation (NAT) A technology that hides the IP addresses of network devices from attackers.
Ø network intrusion detection system (NIDS) A system to monitor and possibly prevent attempts to attack a local system.
Ø network intrusion prevention systems (NIPS) Intrusion prevention systems that work to protect the entire network and all devices that are connected to it.
Ø out-of-band Using a separate data stream.
Ø port address translation (PAT) A variation of network address translation (NAT) that assigns a different TCP port number to each packet.
Ø private addresses IP addresses that are not assigned to any specific user or organization but can be used by any user on the private internal network.
Ø production honeypot A honeypot that is used mainly by organizations to capture limited information regarding attacks on that organization’s honeypot.
Ø proxy server A computer system (or an application program) that intercepts internal user requests and then processes that request on behalf of the user.
Ø research honeypot A honeypot that is more complex and used primarily by research, military, and government organizations.
Ø reverse proxy A device that routes incoming requests to the correct server.
Ø rule base The rules that establishes what action the firewall should take when it receives a packet.
Ø stateful packet filtering A firewall technology that keeps a record of the state of a connection between an internal computer and an external server and then makes decisions based on the connection as well as the rule base.
Ø stateless packet filtering A firewall technology that looks at the incoming packet and permits or denies it based strictly on the rule base.
Ø subnet addressing An IP addressing technique in which an IP address can be split anywhere within its 32 bits.
Ø subnetting An IP addressing technique in which an IP address can be split anywhere within its 32 bits.
Ø system call An instruction that interrupts the program being executed and requests a service from the operating system.
Ø virtual LAN (VLAN) Segmenting a network by separating devices into logical groups.
Ø Voice over IP (VoIP) A technology that places voice traffic onto an IP network.
Ø workgroup switches Switches that are connected directly to the devices on the network.