Information Security Endterm
Summary Lectures 10-13
Glossary
Lecture 10: Firewalls and tunnels
Additional costs (unintended harms): costs can outweigh the original harm.
Amplification (unintended harms): intervention backfires, causing increase of behavior that
was actually targeted for prevention.
Anomaly-based IDS: ML catching outliers as intruders.
Application-level filters: different customized filters, specifically for application-level protocols.
Bastion host: attack surface is reduced (‘hardened’) by removing all services but the
‘bastion’.
Circuit-level proxy firewall: single point as firewall; outside server connects with this. Internal
hosts are safe, transparent.
Cloud: interconnected machines, shared pool of resources usable by anyone (who pays)
Community cloud: cloud owned by multiple organizations with the same goals / objectives.
Dedicated firewalls: devoted firewall to users’ hosting environment. Custom-built for each
node.
Default deny: if none of the firewall filters apply, connection should always be denied.
Displacement (unintended harms): crime moves to other locations.
Disruption (unintended harms): countermeasure interrupts other (more effective)
countermeasures
Distributed firewall: firewall for enterprise environments, from centrally defined policies
Dual-homed host: firewall with 2 network interfaces, sits between trusted & untrusted
network. Connected to both at the same time.
Economic Denial of Sustainability (EDoS): attacker exploits elasticity by increasing
necessary resources. cloud customer has to pay huge bill (remember for exam!!)
Elasticity (cloud): automated scaling, more resources allocated when needed e.g. when
many clients need access to your cloud-hosted service. different from scalability.
Erasure coding (cloud security): encode data you can use to recover other data if lost.
Federated identity management: single identification service. authentication happens not
with 3rd party service provider but with identity management system
Firewall: gateway to control access. Filter incoming packets and outgoing packets.
Host-based IDS: IDS monitoring events on a single host (app logs, system-specific logs)
Host-to-host (transport mode): end-to-end security from host to host
Host-to-network (tunnel mode): secure connection between remote host & enterprise
gateway.
Hub: central point in network, sends packets from host to all other hosts.
Hybric firewall appliance: combination of firewall / intrusion detection, etc.
Hybrid cloud: combination of public & private cloud, benefits of both.
Infrastructure as a Service (IaaS): cloud service: CPUs, machines. most control, except
hardware.
Insecure norms (unintended harms): implementation encourages insecure behavior
Intrusion: incident that violates security policy.
Intrusion detection: monitoring system events to identify intrusions.
, Intrusion Detection System (IDS): automates intrusion detection. monitors events, and
reports to humans, does not take action by itself!
Intrusion Prevention System: automated real-time responses, may take action itself.
Mitigates known attacks.
Misclassification (unintended harms): erroneous classification by system, classifies
non-malicious content as malicious.
Misuse (unintended harms): intentional misuse by actors to create new harms.
Network-based IDS: IDS that detects intrusions across a wider network, gathers information
from network packets.
Network-based reconnaissance: send probes to addresses to find hosts.
Network-to-network (tunnel mode): secure connection between 2 network gateways
NIC (Network Interface Card) (in a hub): can collect all passing frames.
Nishant: INSE greatest lecturer ever
OAuth: authorized 3rd party apps on users behalf.
OS fingerprinting / Remote OS fingerprinting: find OS of remote machine.
Packet sniffing: passive network monitoring. logs traffic details.
Penetration testing / exploitation toolkits: vulnerability test: exploit live systems, test attacks.
Personal firewall: host-based firewall for end user machine (built-in OS)
Platform as a Service (PaaS): cloud service: handles everything you need to develop &
deploy software.
Private cloud: cloud only accessible to 1 organization.
Public cloud: cloud service owned by large company (e.g Amazon), open to everyone
Reconnaissance tools: vulnerability assessment: explore the system by automated port
scanning.
Replication (cloud security): split data into chunks, copy those, store in different cloud places
SAML (Security Assertion Markup Language): exchange user identity / privileges securely.
Scalable (cloud): manual scaling if you need more resources e.g. if you need additional
processes. different from elasticity!
Security as a Service (SecaaS): cloud provider provides security applications.
Signature-based IDS: IDS that recognizes systems they know (signature = characteristic).
Software as a Service (SaaS): cloud service: you only access the service / software. least
control of all.
SPAN port / port mirror (Switched Port ANalyser): only 2 ports, duplicates traffic from other
ports.
Specification-based IDS: IDS recognizing systems based on predefined allowed behaviors
SSH: secure shell, encrypted tunnel, through which you can send message traffic
Stateful packet filter: firewall filter, track sessions for future processing
Stateless packet filter: firewall filter, in which each packet is considered independent
Switch: sends received information only to specified host (unlike hubs)
TAP (Test Access Port): dedicated device for passive monitoring. minimal 3 ports: 2 for
router & firewall, 1 for 3rd party to monitor traffic.
TNO (Trust No One): lastpass tool, password manager
Tunnel: 1 protocol is encapsulated by another, for confidential and safe data traffic.
VMsprawl: attacker estimated IP addresses, which he can use for attack
VPN (Virtual Private Network): data encryption: create private encrypted tunnel.
Vulnerability scanners: produce comprehensive report of vulnerabilities in a system.
‘Blunt’ cyber controls: reduces malicious behavior, but also impacts legitimate behaviors.