| A | B |
|---|
| VLan, subnetting | isolate sensitive traffic |
| Convergence | integration of voice and data |
| DMZ | separate network outside perimiter |
| NAT( Network Address Translation) | hides IP address of internal devices |
| NAC(Network Access Control) | prevents insecure networks from connecting |
| packet filter/firewall | prevents malicious data from entering |
| Stateful | won't allow packet not requested |
| Rule base | sets up actions to be taken on packets |
| proxy server | substitutes its IP for clients |
| honey pot | decoy to mislead hackers |
| reverse proxy | routes packets to correct server |
| NIDS( Network Intrusion Detection Sys.) | monitors network for attacks and alerts or protects |
| NIPS(Network Intrusion Prevention Sys.) | takes advanced steps if attack detected |
| Content filter | blocks restricted sites |
| Integrated Network Security Hardware | lets devices like routers and switches work with security appliances |
| classful addressing | IP split on boundaries between bytes |
| Cache | temporary storage area |
| core switch | carry traffic between switches |
| IP telephony | voice applications over IP |
| multiplex | voice, video, data transported under universal format |
| out-of-band | using separate data stream |
| PAT(Port address translatiion) | assigns a different TCP port to each packet |
| Private address | used by internal network client |
| Production honeypot | captures limited info regarding attacks on honeypot |
| research honeypot | used by networks needing high security,ie- military |
| stateless packet filtering | denies packets only based on rules |
| subnetting | dividing IP at any point in 32 bits |
| system call | interruts program, requests service from OS |
| VoIP | voice traffic on IP network |
| workgroup switches | connected directly to device on network |
