12 - Secure Communications and Network Attacks Flashcards

1
Q

What are some Secure Communication Protocols?

A
  • IPsec: Used mainly in VPNs, provides encryption, access control, nonrepudiation, and message authentication.
  • Kerberos: Offers SSO
  • SSH: End-to-end encryption. Encrypts protocol.
  • Signal Protocol: Provides end-to-end encryption for voice communications, videoconferencing, and text message services.
  • Secure Remote Procedure Call (S-RPC): Authentication service that prevents unauthorized execution of code on remote systems.
  • Secure Sockets Layer (SSL): Encryption protocol that protects the communications between a web server and web browser. Superseded by TLS.
  • Transport Security Layer (TLS): Stronger encryption than SSL.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are some Authentication Protocols?

A
  • Challenge Handshake Authentication Protocol (CHAP): Uses challenge-response dialogue that can’t be replayed. reauthenticates during the session to verify identity.
  • Password Authentication Protocol (PAP): Transmits creds in cleartext.
  • Extensible Authentication Protocol (EAP): Framework for authentication that allows for customized solutions.
    • Protected Extensible Authentication Protocol (PEAP): Encapsulates EAP in a TLS tunnel.
    • Lightweight Extensible Authentication Protocol (LEAP): Used WEP, supported frequent reauthentication and changing of WEP keys.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is VoIP?

A

Encapsulates audio into IP packets to support telephone calls over TCP/IP network connections.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are Phreakers? and what tools can they use?

A

Attackers who abuse the phone system like a hacker.

  • Black Boxes: Custom-built circuit boards that manipulate line voltages to steal long-distance services.
  • Red Boxes: Tape recorders that simulate tones of coins being deposited into a payphone.
  • Blue Boxes: Device that is used to simulate 2600 Hz tones to interact directly with the telephone backbone system.
  • White Boxes: a keypad device that is used to control the phone system.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Social Engineering?

A

Where an attacker gains trust in order to get valuable data or access.

Social engineering exploits human characteristics such as basic trust, a desire to help, a propensity to show off, being distracted, following orders, fearing reprimands, or “following orders”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Multimedia Collaboration and what are some components of it?

A

Multimedia Collaboration is the use of various multimedia-supporting communication solutions to enhance distance collaboration and allows workers to work simultaneously.

  • Remote Meeting: Any tool that allows for interaction between remote parties.
  • Instant Meeting (IM): A mechanism that allows for real-time text-based chat between two users located anywhere on the internet. Some tools offer file transfer, multimedia, and other features. Some forms use peer-to-peer protocols others use a centralized server. Some also specialize in private, encrypted chats for enterprises (Slack, Teams).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are some components for securing email?

A

Email is composed of servers that uses SMTP to communicate and clients that grab emails from their inboxes using POP3 or IMAP.

  • Secure Multipurpose Internet Mail Extensions (S/MIME): Uses public-key encryption and digital signatures for authentication and confidentiality.
  • MIME Object Security Services (MOSS): Uses MD2, MD5, RSA, and DES for encryption.
  • Privacy Enhanced Email (PEM): Uses RSA, DES, and X.509 for authentication, integrity, confidentiality, and nonrepudiation.
  • DomainKeys Identified Mail (DKIM): Confirms mail is valid based on the domain that sent it.
  • Pretty Good Privacy (PGP): Uses a public-private key system to encrypt messages and files. Uses a variety of algorithms with a lot of grassroots support.
  • Opportunistic TLS for SMTP Gateways (RFC 3207): Uses encrypted connections for mail servers.
  • Sender Policy Framework (SPF): Confirms if a sender is authorized to send from that SMTP server.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is an Open Relay?

A

An Open Relay is an email server that has not been properly configured to authenticate senders and just relays all emails.

These servers are prime targets for spammers and DoS attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are some common Remote Access Techniques?

A
  • Service Specific: Gives users ability to remotely connect to just one service, such as email
  • Remote Control: Allows users full control over a distant system.
  • Screen Scraping/Scraping: Screen is scraped on a target machine and shown to a remote operator.
  • Remote Node Operation: Remote user connects to remote access server and provides user network services.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are some components to consider when planning your Remote Access Security?

A
  • Remote Connectivity Technology
  • Transmission Protection
  • Authentication Protection
  • Remote User Assistance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are some secure Dial-Up Protocols?

A
  • Point-to-Point (PPP): Full-duplex that transmits TCP/IP packets over various non-LAN connections. Can also support any LAN protocol. Provides authentication via CHAP and PAP.
  • Serial Line Internet Protocol (SLIP): Developed to support TCP/IP comms over asynchronous serial connections. Rarely used anymore.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are some Centralized Remote Authentication Services?

A
  • Remote Authentication Dial-In User Service (RADIUS): Remote access server passes dial-up user logon creds to the RADIUS server for authentication. Uses ports 1812 and 2083.
  • Terminal Access Controller Access-Control System (TACACS+): Has 3 versions and uses port 49:
    • TACACS: Integrates authentication and authorization processes.
    • XTACACS: Keeps authentication, authorization, and accounting processes separate.
    • TACACS+: Adds 2FA.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a Virtual Private Network?

A

A Virtual Private Network is a communication tunnel that provides point-to-point transmission of both authentication and data traffic over an intermediary untrusted network.

VPNs connect 2 endpoints over an insecure intermediary. Once connected, a client endpoint can access the host endpoint as if they were on the same network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Tunneling?

A

The process of encapsulating unaccepted/unauthorized protocols within authorized protocols for secure transmission across untrusted networks.

Downsides: Can create more overhead needed, more bandwidth, and can cloak malicious activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are some protocols VPNs use?

A
  • Point-to-Point Protocol: Creates a tunnel between 2 systems and encapsulates PPP packets. Offers authentication using protocols such as CHAP, PAP, and EAP. The initial tunnel negotiation process is not encrypted so the risk of interception is there.
  • Layer 2 Forwarding/Tunneling Protocol: Developed by Cisco, Forwarding did not support encryption so Tunneling was deployed (it uses IPSec for its security mechanism.)
  • IP Security Protocol: Mostly widely used VPN protocol. Can only be used on IP networks and provides for authentication and encryption.
    • Authentication Header (AH): Provides authentication, integrity, and nonrepudiation.
    • Encapsulating Security Payload (ESP): Provides encryption for protecting the confidentiality of transmitted data.
    • Tunnel Mode: Entire IP packet is encrypted and a new header is added for governing the transmission through the tunnel.
    • Transport Mode: IP body is encrypted but the header is not.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a VLAN?

A

A Virtual Local Area Network is a network segmented network imposed by switches. This is done logically without altering the physical topology.

VLANs are used to control traffic for security or performance reasons. Segmented VLANs are protected from broadcasts from other networks and traffic can be filtered.

17
Q

What is Virtualization

A

Technology that allows one or more OS’s within the memory of a single host computer. The OS’s being hosted are guest OS’s.

Provides scalability, recovery, and security for the host OS.

18
Q

What is VM Escaping?

A

When software within a guest OS is able to breach the isolation protection provided by the hypervisor in order to violate the container of other guest OS’s or to infiltrate a host OS.

Ex. VENOM

19
Q

What is a Virtual Application?

A

A software product that is deployed in such a way that it is fooled into believing it is interacting with a full host OS. It has been packaged/encapsulated in such a way to make it portable and it doesn’t have to be fully installed on a host OS.

20
Q

What is Network Virtualization?

A

The combination of hardware and software networking components into a single integrated entity.

Software-Defined Networks (SDN) is a network design that is directly programmable from a central location, vendor-neutral, and open standards-based. Allows mix and match of hardware and allows the configuration to be controlled through a centralized management interface.

Virtual SAN allows multiple Storage devices into a consolidated storage container.

21
Q

What is Network Address Translation?

A

Network Address Translation (NAT) is a mechanism for converting the internal IP addresses found in packet headers into public IP addresses for transmission over the internet.

  • Can connect the entire network to the internet using a single/few leased public IP addresses.
  • You can use Private IP addresses in a private network and still connect to the public internet.
  • Hides the IP addressing scheme and network topography from the internet.
  • Only traffic stemming from internal connections are allowed back into the network, everything else is automatically repelled (Stateful NAT).
22
Q

What are the blocks of IP addresses considered private on the public internet but are frequently used on private NAT’d networks?

A
  • 10.0.0.0 - 10.255.255.255 (a full Class A range)
  • 172.16.0.0 - 172.31.255.255 (16 Class B ranges)
  • 192.168.0.0 - 192.168.255.255 (class C ranges)
23
Q

What are the different modes of NAT?

A
  • Static: When an internal client’s IP address is assigned a permanent mapping to a specific external public IP address.
  • Dynamic: Grants multiple internal clients access to a few leased public IP addresses.
24
Q

What is APIPA?

A

Automatic Private IP Addressing (APIPA) assigns an IP address to a system in the event a DHCP assignment failure. IP range is 169.254.0.1 - 169.254.255.254 as well as the subnet mask of 255.255.0.0.

This could indicate an issue with the DHCP server or a malicious attack.

25
Q

What are some different Switching Technologies?

A
  • Circuit Switching: The same physical or electrical path is used throughout the communication and is used only for that one communication.
  • Packet Switching: The message is broken up in to fixed-length segments and sent across intermediary networks to the destination. Each segment has a header with dest/source info that is used by intermediary routers.
  • Virtual Switching: Logical pathway or circuit created over a packet-switched network between 2 specific endpoints.
    • Permanent (PVC): A dedicated leased line and waiting for the customer to send data.
    • Switched (SVC): Uses the best paths currently available before it can be used and then disassembles after the transmission is complete.
26
Q

What are the primary categories of WAN links?

A
  • Dedicated Line: One that is leased and continually reserved by a specific customer.
  • Nondedicated Line: Requires connection to be established before data transmission can occur.
27
Q

What is ISDN?

A

Integrated Services Digital Network (ISDN) is a fully digital telephone network that supports voice and high-speed data communications.

  • Basic Rate Interface (BRI): Offers connection with two B channels (data) and one D channel (voice).
  • Primary Rate Interface (PRI): Multiple B channels (2-23) and one D channel.
28
Q

What is a CSU/DSU?

A

A Channel Service Unit/Data Service Unit is a border connection device that converts a LAN’s signals into the format a WAN uses and vice versa.

It acts as translator, a store-and-forward device, and a link conditioner.

29
Q

What are some different WAN Connection Technologies?

A
  • X.25 WAN Connections: Uses Permanent Virtual Circuits (PVC) to establish point-to-point connections between two systems or networks.
  • Frame Relay Connections: Supports multiple PVCs over a single service connection. The PVCs are invisible to each other.
  • ATM (Asynchronous Transfer Mode): A cell switching technology that fragments packets into 53-byte cells which makes it very efficient.
  • SMDS (Switched Multimegabit Data Service): Used to connect mutliple LANs to form a Metro Area Network (MAN). Supports bursty high-speed traffic and bandwidth on demand. Fragments data into small transmission cells.
  • Synchronous Digital Hierarchy and Synchronous Optical Network: High-Speed fiber optic networking. Often used as the backbone of telco networks.
30
Q

What are some WAN Specialized Protocols?

A
  • Sychronous Data Link Control (SDLC): Used on permanent physical connections of dedicated leased lines to provide connectivity for mainframes. Layer 2 of OSI and uses polling
  • High-Level Data Link Control (HDLC): Designed specifically for serial synchronous connections. Layer 2 of OSI and uses polling and error detection.
  • High-Speed Serial Interface (HSSI): A DTE/DCE (a device that connects to a WAN switch and acts as an interface) that defines how multiplexors and routers connect to high-speed network carrier services such as ATM or Frame Relay. Layer 1.
31
Q

What is Point-to-Point Protocol?

A

An encapsulation protocol that supports transmission of IP traffic over dial-up links. Generally serial in nature.

32
Q

What are some characteristics that are important to evaluate when selecting network security controls?

A
  • Transparency: Ensures that it is unseen by others so it is more likely to be circumvented.
  • Verify Integrity: A hash function is run on a packet or message and added to the end of a transmission (message digest). The recipent and sender need to run the same hash function and must have the same hash sum to confirm the message hasn’t been tampered with.
  • Transmission Mechanisms:
    • Transmission Logging: Auditing communications such as recording the particulars of a packet (source, dest, etc.). Aids in identifying issues.
    • Error Correction: If it is determined an error or corruption occurred, a request for a new transmission is made.
33
Q

What is a Security Boundary?

A

The line of intersection between any two areas that have different requirements or needs.

It’s important to identify these boundaries so the proper security controls can be deployed to control the flow of information.

34
Q

What are some common network attacks to prevent?

A
  • DoS/DDoS: A denial-of-service attack is where resources are consumed to the point of preventing legitimate activity. There are 2 types:
    • Attacks exploiting the vulnerability of software/hardware.
    • Attacks that flood the victim’s communication pipeline.
    • Attacks involving zombies are known as DDoS. Numerous zombies are known as botnets.
  • Eavesdropping: Listening to traffic for the purpose of duplicating it.
  • Impersonation/Masquerading: The act of pretending to be something or someone you are not in order to gain unauthorized access.
  • Replay Attacks: A type of impersonation that involves using captured traffic via eavesdropping in order to attempt to re-establish a communication session by replaying captured traffic against a system.
  • Modification Attacks: Captured packets are altered and then played against a system.
  • ARP Spoofing: Providing false MAC addresses for requested IP-addressed systems to redirect traffic.
  • DNS Poisoning/Spoofing/Hijacking:
    • Poisoning: Occurs when an attacker alters the domain-name-to-IP-address mappings in a DNS system to redirect traffic.
    • Spoofing: When an attacker sends false replies to a requesting system beating the reply from a valid DNS server.
  • Hyperlink Spoofing: Redirects traffic generally through the modification of a hyperlink URL given to a user.