Rule-based management
The use of operational rules or restrictions to govern the security of an organization's infrastructure. A security policy used to determine how employees can access the Internet and other network resources is an example of rule-based management.
Firewall rules
Used to control traffic flowing through a firewall device.
Inbound rules : Define the action to be performed by the firewall on the data that enters the system from another system.
Outbound rules : Define the action to be performed by the firewall on the data that flows out of the system.
VLAN management
Can be complex. Most organizations will keep track of VLAN configuration using diagrams and documentation.
Secure router configuration
Ensuring that all routers on the network are properly secured to protect your network from attacks and can also prevent routing loops.
Access control lists
Networking ACLs : On routers and switches, rules that are applied to port numbers or IP addresses to control both inbound and outbound traffic
Filesystem ACLs : A table that contains entries that specify individual user or group rights to specific system objects such as programs, processes or files.
Port security
Disable unnecessary services.
Close ports that are by default open or have limited functionality.
Regularly applying the appropriate patches.
Hiding responses from ports that indicate their status and allow access to pre-configured connections only.
802.1x
IEEE standard used to provide a port-based authentication mechanism for wireless communications. It uses the Extensible Authentication Protocol (EAP) to provide user authentication against a directory service.
Flood guards
Used to protect resources from flooding attacks, such as Distributed Denial of Service (DDoS) attacks.
Detectors are placed throughout the network and will react and apply the appropriate mitigation techniques when an attack occurs.
Loop protection
Occurs when one or more pathways exist between the endpoints in a network and packets get forwarded over and over again.
Loop protection is done by applying proper router configuration and manufacturer recommended configurations.
Implicit deny
Principle of denying all traffic unless it is specifically allowed.
Network separation
Splitting your network into two or more logically separated networks in order to separate critical network functions from non-critical network functions. It can also prevent intruders from getting to other systems, and helps enforce access control efforts.
Log analysis
Logs must be regularly monitored and analyzed to detect any unauthorized intrusion attempts, and to assess any data leaks and insider threats.
Unified threat management
A system that centralized various security techniques like firewall, anti-malware, network intrusion prevention, URL filtering, content inspection, malware inspection, etc., into a single appliance.
They usually include a single manangement interface.
A downsides to UTM is can become a single point of failure that could affect an entire network.
WPA2
In addition to TKIP, WPA2 adds Advanced Encryption Standard (AES) encryption for even greater security and to replace TKIP. It provides 128-bit encryption
EAP
A framework that allows clients and servers to authenticate with each other using one of a variety of plug-ins.
It can be used with a wide range of current authentication methods, and is extensible for use with future authentication methods.
PEAP
Open standard implementation of EAP, developed by a coalition made up of Cisco System, Microsoft, and RSA Security
LEAP
Cisco System's proprietary implementation of EAP. Uses MS-CHAP, which is not considered secure
MAC filtering
The technique of allowing or denying devices with certain MAC addresses to connect to a network. A whitelist is used to specify which MAC addresses are granted access.
A blacklist is used to specify which MAC addresses are explicitly blocked.
Disable SSID broadcast
Antenna placement
The radio frequency range of each access point should not extend beyond the physical boundaries of the organization's facilities
Power level controls
Used to reduce your wireless LAN transmitter power. Also helps to minimize power consumption within the wireless network
Captive portals
A technique that requires a client attempting to connect to the Internet to authenticate through a web page.
Commonly used by free and / or public Wi-Fi hotspots in order to get the user to agree to an acceptable use policy before they begin using the service
The use of operational rules or restrictions to govern the security of an organization's infrastructure. A security policy used to determine how employees can access the Internet and other network resources is an example of rule-based management.
Firewall rules
Used to control traffic flowing through a firewall device.
Inbound rules : Define the action to be performed by the firewall on the data that enters the system from another system.
Outbound rules : Define the action to be performed by the firewall on the data that flows out of the system.
VLAN management
Can be complex. Most organizations will keep track of VLAN configuration using diagrams and documentation.
Secure router configuration
Ensuring that all routers on the network are properly secured to protect your network from attacks and can also prevent routing loops.
Access control lists
Networking ACLs : On routers and switches, rules that are applied to port numbers or IP addresses to control both inbound and outbound traffic
Filesystem ACLs : A table that contains entries that specify individual user or group rights to specific system objects such as programs, processes or files.
Port security
Disable unnecessary services.
Close ports that are by default open or have limited functionality.
Regularly applying the appropriate patches.
Hiding responses from ports that indicate their status and allow access to pre-configured connections only.
802.1x
IEEE standard used to provide a port-based authentication mechanism for wireless communications. It uses the Extensible Authentication Protocol (EAP) to provide user authentication against a directory service.
Flood guards
Used to protect resources from flooding attacks, such as Distributed Denial of Service (DDoS) attacks.
Detectors are placed throughout the network and will react and apply the appropriate mitigation techniques when an attack occurs.
Loop protection
Occurs when one or more pathways exist between the endpoints in a network and packets get forwarded over and over again.
Loop protection is done by applying proper router configuration and manufacturer recommended configurations.
Implicit deny
Principle of denying all traffic unless it is specifically allowed.
Network separation
Splitting your network into two or more logically separated networks in order to separate critical network functions from non-critical network functions. It can also prevent intruders from getting to other systems, and helps enforce access control efforts.
Log analysis
Logs must be regularly monitored and analyzed to detect any unauthorized intrusion attempts, and to assess any data leaks and insider threats.
Unified threat management
A system that centralized various security techniques like firewall, anti-malware, network intrusion prevention, URL filtering, content inspection, malware inspection, etc., into a single appliance.
They usually include a single manangement interface.
A downsides to UTM is can become a single point of failure that could affect an entire network.
WPA2
In addition to TKIP, WPA2 adds Advanced Encryption Standard (AES) encryption for even greater security and to replace TKIP. It provides 128-bit encryption
EAP
A framework that allows clients and servers to authenticate with each other using one of a variety of plug-ins.
It can be used with a wide range of current authentication methods, and is extensible for use with future authentication methods.
PEAP
Open standard implementation of EAP, developed by a coalition made up of Cisco System, Microsoft, and RSA Security
LEAP
Cisco System's proprietary implementation of EAP. Uses MS-CHAP, which is not considered secure
MAC filtering
The technique of allowing or denying devices with certain MAC addresses to connect to a network. A whitelist is used to specify which MAC addresses are granted access.
A blacklist is used to specify which MAC addresses are explicitly blocked.
Disable SSID broadcast
Antenna placement
The radio frequency range of each access point should not extend beyond the physical boundaries of the organization's facilities
Power level controls
Used to reduce your wireless LAN transmitter power. Also helps to minimize power consumption within the wireless network
Captive portals
A technique that requires a client attempting to connect to the Internet to authenticate through a web page.
Commonly used by free and / or public Wi-Fi hotspots in order to get the user to agree to an acceptable use policy before they begin using the service
No comments:
Post a Comment