Use Case
typically describes an organizational goal and admins enable specific protocols to meet organizational goals
Secure Real-Time Transport Protocol (SRTP)
provides encryption, message authentication, and integrity for Real-time Transport Protocol (RTP)
File Transfer Protocol (FTP)
commonly used to transfer files over networks, but FTP does not encrypt the transmission
FTPS, SFTP, SSH, SSL, TLS
encryption protocols encrypt data-in-transit to protect its confidentiality
SMTP
sends email using TCP port 25
POP3
receives email using port TCP 110
IMAP4
uses TCP port 143
HTTP
uses port 80 for web traffic
HTTPS
encrypts HTTP traffic in transit and uses port 443
Directory Services Solutions
implement Kerberos as the authentication protocol; also use LDAP over TCP port 389 and LDAPS over TCP port 636
Remote Desktop Protocol (RDP)
connect to remote systems using TCP port 3389; admin commonly connect to remote systems using SSH instead of Telnet because SSH encrypts connection
Network Time Protocol (NTP)
provides time synchronization services
Domain Name System (DNS)
provides domain name resolution, DNS zones include A records for IPv4 addresses and AAAA records for IPv6 addresses; uses TCP port 53 for zone transfers and UDP port 53 for DNS client queries
Zone Data
updated w/ zone transfers and secure zone transfers help prevent unauthorized access to zone data
Domain Name System Security Extensions (DNSSEC)
provides validation for DNS responses and helps prevent DNS poisoning attacks
nslookup and dig
command-line tools used to query DNS; both support the axfr switch, allowing them to download all zone data from a DNS server, unless the DNS server blocks the attempt
Switches
used for network connectivity and they map MAC addresses to physical ports
Port Security
limits access to switch ports; includes limiting number of MAC addresses per port and disabling unused ports; can manually map each port to a specific MAC address/group of addresses
Aggregation Switch
connects multiple switches together in a network
Routers
connect networks and direct traffic based on the destination IP address; routers and firewalls use rules within ACLs to allow/block traffic; provide logical separation and segmentation using ACLs to control traffic; use rules within ACLs as an antispoofin
Implicit Deny
indicates that unless something is explicitly allowed, it is denied; last rule in ACL
Host-based Firewalls (Application-based)
filter traffic in and out of individual hosts; some Linux systems use iptables/xtables for firewall capabilities
Network-based Firewall
filter traffic in and out of a network; placed on the border of the network, such as b/w the Internet and internal network
Stateless Firewall
controls traffic b/w networks using rules within an ACL; ACL can block traffic based on ports, IP addresses, subnets, and some protocols
Stateful Firewall
filter traffic based on state of packet within a session
Web Application Firewall (WAF)
protects a web server against web application attacks; typically placed in the DMZ and will alert admin of suspicious events
DMZ
provides layer of security for servers accessible form the internet
Intranet
internal network; used to communicate and share content w/ each other
Extranet
part of a network that can be accessed by authorized entities from outside of the network
Network Address Translation (NAT)
translates public IP addresses to private; private back to public, and hides IP addresses on the internal network from users on the Internet
Airgap
physical isolation, indicating a system/network is completely isolated from another system/network
Forward Proxy Server
accept traffic from Internet and forward it to one or more internal web servers
Reverse Proxy Server
placed in DMZ and web servers can be in the internal network
Unified Threat Management (UTM)
security appliance includes multiple layers of protection, such as URL filters, content inspection, malware inspection, and a DDoS mitigator; typically raise alerts and send them to admin to interpret
Mail Gateways
logically placed b/w an email server and the Internet; examine and analyze all traffic and can block unsolicited email w/ a spam filter; many include DLP and encryption capabilities
Loop Protection
protects against switching loop problems; such as when a user connects two switch ports together w/ a cable; STP protect against switching loops
Flood Guards
prevent MAC flood attacks on switches
VLANs
logically separate computers or logically group computers regardless of their physical location; created w/ layer 3 switches
Border Firewalls
block all traffic coming from private IP addresses
SNMPv3
used to monitor and configure network devices and uses notification messages known as traps; uses strong authentication mechanisms and is preferred over earlier versions
SNMP
uses UDP ports 161/162
Transparent Proxy
Accept and forward request without modifying them.
Nontransparent Proxy
Can modify and filter request, such as filtering traffic based on destination URLs.
Spanning Tree Protocol (STP)
A protocol that enables switches to detect and repair bridge loops automatically.