12 - Secure Communications and Network Attacks Flashcards
What are some Secure Communication Protocols?
- IPsec: Used mainly in VPNs, provides encryption, access control, nonrepudiation, and message authentication.
- Kerberos: Offers SSO
- SSH: End-to-end encryption. Encrypts protocol.
- Signal Protocol: Provides end-to-end encryption for voice communications, videoconferencing, and text message services.
- Secure Remote Procedure Call (S-RPC): Authentication service that prevents unauthorized execution of code on remote systems.
- Secure Sockets Layer (SSL): Encryption protocol that protects the communications between a web server and web browser. Superseded by TLS.
- Transport Security Layer (TLS): Stronger encryption than SSL.
What are some Authentication Protocols?
- Challenge Handshake Authentication Protocol (CHAP): Uses challenge-response dialogue that can’t be replayed. reauthenticates during the session to verify identity.
- Password Authentication Protocol (PAP): Transmits creds in cleartext.
-
Extensible Authentication Protocol (EAP): Framework for authentication that allows for customized solutions.
- Protected Extensible Authentication Protocol (PEAP): Encapsulates EAP in a TLS tunnel.
- Lightweight Extensible Authentication Protocol (LEAP): Used WEP, supported frequent reauthentication and changing of WEP keys.
What is VoIP?
Encapsulates audio into IP packets to support telephone calls over TCP/IP network connections.
What are Phreakers? and what tools can they use?
Attackers who abuse the phone system like a hacker.
- Black Boxes: Custom-built circuit boards that manipulate line voltages to steal long-distance services.
- Red Boxes: Tape recorders that simulate tones of coins being deposited into a payphone.
- Blue Boxes: Device that is used to simulate 2600 Hz tones to interact directly with the telephone backbone system.
- White Boxes: a keypad device that is used to control the phone system.
What is Social Engineering?
Where an attacker gains trust in order to get valuable data or access.
Social engineering exploits human characteristics such as basic trust, a desire to help, a propensity to show off, being distracted, following orders, fearing reprimands, or “following orders”.
What is Multimedia Collaboration and what are some components of it?
Multimedia Collaboration is the use of various multimedia-supporting communication solutions to enhance distance collaboration and allows workers to work simultaneously.
- Remote Meeting: Any tool that allows for interaction between remote parties.
- Instant Meeting (IM): A mechanism that allows for real-time text-based chat between two users located anywhere on the internet. Some tools offer file transfer, multimedia, and other features. Some forms use peer-to-peer protocols others use a centralized server. Some also specialize in private, encrypted chats for enterprises (Slack, Teams).
What are some components for securing email?
Email is composed of servers that uses SMTP to communicate and clients that grab emails from their inboxes using POP3 or IMAP.
- Secure Multipurpose Internet Mail Extensions (S/MIME): Uses public-key encryption and digital signatures for authentication and confidentiality.
- MIME Object Security Services (MOSS): Uses MD2, MD5, RSA, and DES for encryption.
- Privacy Enhanced Email (PEM): Uses RSA, DES, and X.509 for authentication, integrity, confidentiality, and nonrepudiation.
- DomainKeys Identified Mail (DKIM): Confirms mail is valid based on the domain that sent it.
- Pretty Good Privacy (PGP): Uses a public-private key system to encrypt messages and files. Uses a variety of algorithms with a lot of grassroots support.
- Opportunistic TLS for SMTP Gateways (RFC 3207): Uses encrypted connections for mail servers.
- Sender Policy Framework (SPF): Confirms if a sender is authorized to send from that SMTP server.
What is an Open Relay?
An Open Relay is an email server that has not been properly configured to authenticate senders and just relays all emails.
These servers are prime targets for spammers and DoS attacks.
What are some common Remote Access Techniques?
- Service Specific: Gives users ability to remotely connect to just one service, such as email
- Remote Control: Allows users full control over a distant system.
- Screen Scraping/Scraping: Screen is scraped on a target machine and shown to a remote operator.
- Remote Node Operation: Remote user connects to remote access server and provides user network services.
What are some components to consider when planning your Remote Access Security?
- Remote Connectivity Technology
- Transmission Protection
- Authentication Protection
- Remote User Assistance
What are some secure Dial-Up Protocols?
- Point-to-Point (PPP): Full-duplex that transmits TCP/IP packets over various non-LAN connections. Can also support any LAN protocol. Provides authentication via CHAP and PAP.
- Serial Line Internet Protocol (SLIP): Developed to support TCP/IP comms over asynchronous serial connections. Rarely used anymore.
What are some Centralized Remote Authentication Services?
- Remote Authentication Dial-In User Service (RADIUS): Remote access server passes dial-up user logon creds to the RADIUS server for authentication. Uses ports 1812 and 2083.
-
Terminal Access Controller Access-Control System (TACACS+): Has 3 versions and uses port 49:
- TACACS: Integrates authentication and authorization processes.
- XTACACS: Keeps authentication, authorization, and accounting processes separate.
- TACACS+: Adds 2FA.
What is a Virtual Private Network?
A Virtual Private Network is a communication tunnel that provides point-to-point transmission of both authentication and data traffic over an intermediary untrusted network.
VPNs connect 2 endpoints over an insecure intermediary. Once connected, a client endpoint can access the host endpoint as if they were on the same network.
What is Tunneling?
The process of encapsulating unaccepted/unauthorized protocols within authorized protocols for secure transmission across untrusted networks.
Downsides: Can create more overhead needed, more bandwidth, and can cloak malicious activity
What are some protocols VPNs use?
- Point-to-Point Protocol: Creates a tunnel between 2 systems and encapsulates PPP packets. Offers authentication using protocols such as CHAP, PAP, and EAP. The initial tunnel negotiation process is not encrypted so the risk of interception is there.
- Layer 2 Forwarding/Tunneling Protocol: Developed by Cisco, Forwarding did not support encryption so Tunneling was deployed (it uses IPSec for its security mechanism.)
-
IP Security Protocol: Mostly widely used VPN protocol. Can only be used on IP networks and provides for authentication and encryption.
- Authentication Header (AH): Provides authentication, integrity, and nonrepudiation.
- Encapsulating Security Payload (ESP): Provides encryption for protecting the confidentiality of transmitted data.
- Tunnel Mode: Entire IP packet is encrypted and a new header is added for governing the transmission through the tunnel.
- Transport Mode: IP body is encrypted but the header is not.