Security+ Flashcards: Network Security, Firewalls, VPN, Wireless, Segmentation

A traditional firewall filters traffic based on IP addresses, ports, and protocols using access control lists and stateful packet inspection. A next-generation firewall, or NGFW, adds deep packet inspection that examines the content of traffic at the application layer, integrated intrusion prevention that blocks known attack signatures, application awareness that can identify and control applications regardless of port, TLS inspection that decrypts and inspects encrypted traffic, and threat intelligence feeds that update detection capabilities.

Wi-Fi Protected Access 2, or WPA2, uses AES encryption with either a pre-shared key for personal networks or 802.1X authentication for enterprise networks. WPA3 improves security in several ways: it replaces the pre-shared key exchange with Simultaneous Authentication of Equals, or SAE, which resists offline dictionary attacks; it provides forward secrecy so captured traffic cannot be decrypted later even if the password is compromised; it offers stronger encryption with 192-bit security for enterprise mode; and it includes Wi-Fi Enhanced Open for encrypted connections on public networks

IEEE 802.1X is a port-based network access control standard that authenticates devices before granting them network access. It involves three components: the supplicant, which is the device requesting access; the authenticator, which is the switch or wireless access point that controls the port; and the authentication server, typically a RADIUS server, that verifies credentials. When a device connects, the authenticator blocks all traffic except authentication messages until the RADIUS server validates the credentials. Upon successful authentication, the port is opened for normal traffic.

A demilitarized zone, or DMZ, is a network segment that sits between the external untrusted network and the internal trusted network, separated by firewalls on both sides. Systems that need to be accessible from the internet but also communicate with internal resources are placed in the DMZ. Typical DMZ systems include web servers, email gateways, DNS servers, reverse proxies, and VPN concentrators. The outer firewall allows specific internet traffic to reach DMZ services, while the inner firewall restricts DMZ systems from freely accessing the internal network.

Network access control, or NAC, evaluates devices attempting to connect to the network and enforces security policies before granting access. NAC typically checks whether the device has current antivirus definitions, operating system patches, an active firewall, disk encryption enabled, and compliant configuration settings. Devices that pass the health check receive full network access. Devices that fail are placed in a quarantine network with limited access to remediation resources where they can update to compliance.

A honeypot is a decoy system deliberately configured to appear as a vulnerable target to attract attackers and study their methods. It contains no legitimate production data and any interaction with it is suspicious by definition. Honeypots serve two purposes: detection, by generating alerts when attackers interact with them, and intelligence, by capturing attacker tools, techniques, and procedures for analysis. A honeynet is a network of interconnected honeypots simulating a production environment.

A forward proxy server sits between internal users and the internet, forwarding user requests to external servers. It provides content filtering, caching, anonymity, and access control for outbound traffic. A reverse proxy sits between external users and internal servers, forwarding internet requests to the appropriate backend server. It provides load balancing, SSL termination, caching, and protection of backend servers by hiding their identity and IP addresses. Forward proxies protect clients, reverse proxies protect servers. ---