Device hardening - Reducing its potential vulnerabilities, disable unnecessary services and ports. Applying security patches and updates, change default passwords, Network access control (NAC) - ensures that only authorized/compliant devices connect to the network. , Port security - limits the number of valid MAC addresses allowed on a switch port., 802.1X - IEEE standard for port-based Network Access Control (PNAC) that provides an authentication mechanism to devices wishing to connect to a LAN or WLAN., Mac filtering - security measure that allows network access only to devices with specific MAC addresses listed in the access control list., Key management - involves the creation, distribution, storage, and maintenance of cryptographic keys used for securing data., Access control list (ACL) - used to filter traffic entering or leaving a network by allowing or denying packets based on IP addresses, protocols, and port numbers., Uniform resource locator (URL) filtering - restricts access to specific websites or web content by comparing URLs against a predefined list of allowed or blocked sites., Content filtering - involves inspecting the data within web pages, emails, or other digital content to block access to inappropriate, harmful, or non-compliant material., Zones - segments of a network that are separated based on level of trust and security. Enhancing security by isolating sensitive areas, Trusted - These are segments of the network that are considered secure and contain resources such as internal servers, workstations, and databases. Access is tightly controlled and monitored to ensure security., Untrusted - These are segments exposed to external networks, such as the internet, where the level of trust is low. Traffic from untrusted zones is subject to rigorous scrutiny and filtering before it can access trusted resources., Screened subnet - is a network segment that acts as a buffer zone between trusted and untrusted networks. It hosts public-facing services like web servers and email servers, providing an additional layer of security. The DMZ ensures that even if an attacker compromises the public services, they cannot directly access the internal network., DMZ (demilitarized zone ) - is a perimeter network that acts as a buffer between an organization's internal, trusted network and an external, untrusted network like the internet,

4.3 Network security features

列印
嵌入

排行榜

視覺風格

選項

切換範本

恢復自動保存: ?