100% tevredenheidsgarantie Direct beschikbaar na betaling Zowel online als in PDF Je zit nergens aan vast
logo-home
Summary Endterm (lecture 10-13) | 2024 | Information security (INFOB3INSE) | Informatiekunde €4,96
In winkelwagen

Samenvatting

Summary Endterm (lecture 10-13) | 2024 | Information security (INFOB3INSE) | Informatiekunde

 15 keer bekeken  0 keer verkocht

This summary contains all subjects from lecture 10-13 from Information Security 2024 for Informatiekunde. The summary is made based on my lecture notes and the lecture slides, with additions from the book.It contains the lectures after the midterm, but for the endterm you need to study everything, ...

[Meer zien]

Voorbeeld 2 van de 7  pagina's

  • 24 juni 2024
  • 7
  • 2023/2024
  • Samenvatting
Alle documenten voor dit vak (7)
avatar-seller
danielgeelhoed
Information Security Endterm
Summary Lectures 10-13
Glossary
Lecture 10: Firewalls and tunnels

Additional costs (unintended harms): costs can outweigh the original harm.
Amplification (unintended harms): intervention backfires, causing increase of behavior that
was actually targeted for prevention.
Anomaly-based IDS: ML catching outliers as intruders.
Application-level filters: different customized filters, specifically for application-level protocols.
Bastion host: attack surface is reduced (‘hardened’) by removing all services but the
‘bastion’.
Circuit-level proxy firewall: single point as firewall; outside server connects with this. Internal
hosts are safe, transparent.
Cloud: interconnected machines, shared pool of resources usable by anyone (who pays)
Community cloud: cloud owned by multiple organizations with the same goals / objectives.
Dedicated firewalls: devoted firewall to users’ hosting environment. Custom-built for each
node.
Default deny: if none of the firewall filters apply, connection should always be denied.
Displacement (unintended harms): crime moves to other locations.
Disruption (unintended harms): countermeasure interrupts other (more effective)
countermeasures
Distributed firewall: firewall for enterprise environments, from centrally defined policies
Dual-homed host: firewall with 2 network interfaces, sits between trusted & untrusted
network. Connected to both at the same time.
Economic Denial of Sustainability (EDoS): attacker exploits elasticity by increasing
necessary resources. cloud customer has to pay huge bill (remember for exam!!)
Elasticity (cloud): automated scaling, more resources allocated when needed e.g. when
many clients need access to your cloud-hosted service. different from scalability.
Erasure coding (cloud security): encode data you can use to recover other data if lost.
Federated identity management: single identification service. authentication happens not
with 3rd party service provider but with identity management system
Firewall: gateway to control access. Filter incoming packets and outgoing packets.
Host-based IDS: IDS monitoring events on a single host (app logs, system-specific logs)
Host-to-host (transport mode): end-to-end security from host to host
Host-to-network (tunnel mode): secure connection between remote host & enterprise
gateway.
Hub: central point in network, sends packets from host to all other hosts.
Hybric firewall appliance: combination of firewall / intrusion detection, etc.
Hybrid cloud: combination of public & private cloud, benefits of both.
Infrastructure as a Service (IaaS): cloud service: CPUs, machines. most control, except
hardware.
Insecure norms (unintended harms): implementation encourages insecure behavior
Intrusion: incident that violates security policy.
Intrusion detection: monitoring system events to identify intrusions.

, Intrusion Detection System (IDS): automates intrusion detection. monitors events, and
reports to humans, does not take action by itself!
Intrusion Prevention System: automated real-time responses, may take action itself.
Mitigates known attacks.
Misclassification (unintended harms): erroneous classification by system, classifies
non-malicious content as malicious.
Misuse (unintended harms): intentional misuse by actors to create new harms.
Network-based IDS: IDS that detects intrusions across a wider network, gathers information
from network packets.
Network-based reconnaissance: send probes to addresses to find hosts.
Network-to-network (tunnel mode): secure connection between 2 network gateways
NIC (Network Interface Card) (in a hub): can collect all passing frames.
Nishant: INSE greatest lecturer ever
OAuth: authorized 3rd party apps on users behalf.
OS fingerprinting / Remote OS fingerprinting: find OS of remote machine.
Packet sniffing: passive network monitoring. logs traffic details.
Penetration testing / exploitation toolkits: vulnerability test: exploit live systems, test attacks.
Personal firewall: host-based firewall for end user machine (built-in OS)
Platform as a Service (PaaS): cloud service: handles everything you need to develop &
deploy software.
Private cloud: cloud only accessible to 1 organization.
Public cloud: cloud service owned by large company (e.g Amazon), open to everyone
Reconnaissance tools: vulnerability assessment: explore the system by automated port
scanning.
Replication (cloud security): split data into chunks, copy those, store in different cloud places
SAML (Security Assertion Markup Language): exchange user identity / privileges securely.
Scalable (cloud): manual scaling if you need more resources e.g. if you need additional
processes. different from elasticity!
Security as a Service (SecaaS): cloud provider provides security applications.
Signature-based IDS: IDS that recognizes systems they know (signature = characteristic).
Software as a Service (SaaS): cloud service: you only access the service / software. least
control of all.
SPAN port / port mirror (Switched Port ANalyser): only 2 ports, duplicates traffic from other
ports.
Specification-based IDS: IDS recognizing systems based on predefined allowed behaviors
SSH: secure shell, encrypted tunnel, through which you can send message traffic
Stateful packet filter: firewall filter, track sessions for future processing
Stateless packet filter: firewall filter, in which each packet is considered independent
Switch: sends received information only to specified host (unlike hubs)
TAP (Test Access Port): dedicated device for passive monitoring. minimal 3 ports: 2 for
router & firewall, 1 for 3rd party to monitor traffic.
TNO (Trust No One): lastpass tool, password manager
Tunnel: 1 protocol is encapsulated by another, for confidential and safe data traffic.
VMsprawl: attacker estimated IP addresses, which he can use for attack
VPN (Virtual Private Network): data encryption: create private encrypted tunnel.
Vulnerability scanners: produce comprehensive report of vulnerabilities in a system.
‘Blunt’ cyber controls: reduces malicious behavior, but also impacts legitimate behaviors.

Voordelen van het kopen van samenvattingen bij Stuvia op een rij:

Verzekerd van kwaliteit door reviews

Verzekerd van kwaliteit door reviews

Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!

Snel en makkelijk kopen

Snel en makkelijk kopen

Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.

Focus op de essentie

Focus op de essentie

Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!

Veelgestelde vragen

Wat krijg ik als ik dit document koop?

Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.

Tevredenheidsgarantie: hoe werkt dat?

Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.

Van wie koop ik deze samenvatting?

Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper danielgeelhoed. Stuvia faciliteert de betaling aan de verkoper.

Zit ik meteen vast aan een abonnement?

Nee, je koopt alleen deze samenvatting voor €4,96. Je zit daarna nergens aan vast.

Is Stuvia te vertrouwen?

4,6 sterren op Google & Trustpilot (+1000 reviews)

Afgelopen 30 dagen zijn er 52510 samenvattingen verkocht

Opgericht in 2010, al 14 jaar dé plek om samenvattingen te kopen

Start met verkopen
€4,96
  • (0)
In winkelwagen
Toegevoegd