Читаем CISSP Practice полностью

A person responsible for the overall design, implementation, and maintenance of a network. The scope of responsibilities include overseeing network security, installing new applications, distributing software upgrades, monitoring daily activity, enforcing software licensing agreements, developing a storage management program, and providing for routine backups.

Network architecture

The philosophy and organizational concept for enabling communications among data processing equipment at multiple locations. The network architecture specifies the processors and terminals and defines the protocols and software used to accomplish accurate data communications. The set of layers and protocols (including formats and standards) that define a network.

Network-based intrusion detection systems (IDSs)

IDSs which detect attacks by capturing and analyzing network packets. Listening on a network segment or switch, one network-based IDS can monitor the network traffic affecting multiple hosts that are connected to the network segment.

Network-based intrusion prevention system

A program that performs packet sniffing and analyzes network traffic to identify and stop suspicious activity.

Network-based threats

Examples include (1) Web spoofing attack, which allows an impostor to shadow not only a single targeted server, but also every subsequent server accessed, (2) masquerading as a Web server using a man-in-the-middle (MitM) attack, whereby requests and responses are conveyed via the imposter as a watchful intermediary, (3) eavesdropping on messages in transit between a browser and server to glean information at a level of protocol below HTTP, (4) modifying the DNS mechanisms used by a computer to direct it to a false website to divulge sensitive information (i.e., pharming attack), (5) performing denial-of-service (DoS) attacks through available network interfaces, and (6) intercepting messages in transit and modify their contents, substitute other contents, or simply replaying the transmission dialogue later in an attempt to disrupt the synchronization or integrity of the information.

Network behavior analysis system

An intrusion detection and prevention system (IDPS) that examines network traffic to identify and stop threats that generate unusual traffic flows.

Network configuration

A specific set of network resources that form a communications network at any given point in time, the operating characteristics of these network resources, and the physical and logical connections that have been defined between them.

Network congestion

Occurs when an excess traffic is sent through some part of the network, which is more than its capacity to handle.

Network connection

Any logical or physical path from one host to another that makes possible the transmission of information from one host to the other. An example is a TCP connection. Also, when a host transmits an IP datagram employing only the services of its “connection-less” IP interpreter, there is a connection between the source and the destination hosts for this transaction.

Network control protocol (NCP)

Network Control Protocol (NCP) is one of the features of the Point-to-Point Protocol (PPP) used to negotiate network-layer options independent of the network layer protocol used.

Network device

A device that is part of and can send or receive electronic transmissions across a communications network. Network devices include end-system devices such as computers, terminals, or printers; intermediary devices such as bridges and routers that connect different parts of the communications network; and link devices or transmission media.

Network interface card (NIC)

Network interface cards are circuit boards used to transmit and receive commands and messages between a PC and a LAN. A NIC operates in the Data Link Layer of the ISO/OSI Reference model.

Network layer

Portion of an open system interconnection (OSI) system responsible for data transfer across the network, independent of both the media comprising the underlying sub-networks and the topology of those sub-networks.

Network layer security

Protects network communications at the layer that is responsible for routing packets across networks.

Network management

The discipline that describes how to monitor and control the managed network to ensure its operation and integrity and to ensure that communications services are provided in an efficient manner. Network management consists of fault management, configuration management, performance management, security management, and accounting management.

Network management architecture