2.6 Given a scenario, implement secure protocols. Flashcards
What helps reduce spoofing and poisoning attacks by providing a verification process for domain name system responses?
DNS Security Extensions (DNSSEC)
DNS Security Extensions (DNSSEC) helps to mitigate against spoofing and poisoning attacks by providing a validation process for DNS responses.
Secure Shell (SSH) is the principal means of obtaining secure remote access to a UNIX or Linux server. The main uses of SSH are for remote administration and secure file transfer (SFTP).
A File Transfer Protocol (FTP) server is typically configured with several public directories, hosting files, and user accounts.
SSH FTP (SFTP) addresses the privacy and integrity issues of FTP by encrypting the authentication and data transfer between client and server.
The company’s media network infrastructure requires evaluation of threats and vulnerabilities with respect to video conferencing. What real-time services or protocols would most support the company’s security needs? (Select all that apply)
Session Control
Session initiation protocol (SIP)
Session control is used to establish, manage, and disestablish communications sessions. They handle tasks such as user discovery (locating a user on the network), availability advertising (whether a user is prepared to receive calls), negotiating session parameters (such as use of audio/video), and session management and termination.
The Session Initiation Protocol (SIP) is one of the most widely used session control protocols. SIP endpoints are the end-user devices (also known as user agents).
Data transport handles the delivery of the actual video or voice information.
Quality of Service (QoS) provides information about the connection to a QoS system, which, in turn, ensures that voice or video communications are free from problems such as dropped packets, delay, or jitter.
A stratum 1 time server obtains routine updated time to ensure accuracy. Evaluate the Network Time Protocol (NTP) and conclude which device provided the updates.
Atomic Clock
What are most authentication and access control protocols dependent on?
Time synchronization
Most authentication and access control protocols are critically dependent on time synchronization. Many applications on networks are time dependent and time critical, such as authentication and security mechanisms, scheduling applications, or backup software.
Simple Network Management Protocol (SNMP) is a widely used framework for management and monitoring. SNMP consists of a management system and agents.
The Domain Name System (DNS) is a system for resolving host names and domain labels to IP addresses. It uses a distributed database system that contains information on domains and hosts within those domains.
The Dynamic Host Configuration Protocol (DHCP) provides an automatic method for network address allocation.
What is a secure version of file transfer protocol, which facilitates data access and data transfer over a secure shell data stream?
SFTP
Secure File Transfer Protocol (SFTP) is a secure version of File Transfer Protocol (FTP), which facilitates data access and data transfer over a Secure Shell (SSH) data stream. It is part of the SSH Protocol.
Trivial File Transfer Protocol (TFTP) is a connectionless protocol that provides file transfer services.
SSH (Secure Shell) is a remote administration and file-copy program that supports VPNs by using port forwarding, and that runs on TCP port 22.
S/MIME (Secure/Multipurpose Internet Mail Extensions) is an email encryption standard that adds digital signatures and public key cryptography to traditional MIME communications.
A system administrator moves a file from a server to a client using Secure Shell (SSH) over port 22. Compare the protocols for file transfers, to deduce the protocol utilized.
SFTP
SSH FTP (SFTP) addresses the privacy and integrity issues of FTP by encrypting the authentication and data transfer between client and server. It uses the Secure Shell (SSH) over TCP port 22.
Explicit TLS (FTPES) uses the AUTH TLS command to upgrade an insecure connection established over port 21 to a secure one.
Implicit TLS (FTPS) uses port 990. It negotiates an SSL/TLS tunnel before the exchange of any FTP commands. This mode uses the secure port 990 for the control connection.
Trivial File Transfer Protocol (TFTP) is a connectionless protocol (utilizing UDP port69) that provides file transfer services.
An authorititative server for a zone creates a Resource Records Set (RRSet) signed with a zone signing key. Analyze Domain Name System (DNS) traits and functions and conclude what the scenario demonstrates.
DNS Security Extensions
Domain Name System Security Extensions (DNSSEC) helps to mitigate against spoofing and poisoning attacks. The authoritative server for the zone creates a package of resource records, called an RRset, signed with a private key known as the zone signing key.
DNS server cache poisoning is a redirection attack that aims to corrupt the records held by the DNS server itself.
DNS spoofing is an attack that compromises the name resolution process. The attacker may compromise the process of DNS resolution by replacing the valid IP address for a trusted website.
Dynamic Host Configuration Protocol (DHCP) provides an automatic method for network address allocation.
The administrators of a website need to execute the website as an HTTPS. What does the server require, prior to receiving HTTPS status?
Digital certificate signed by a trusted certificate authority
To implement HTTPS, a server is assigned a digital certificate signed by some trusted Certificate Authority (CA). The certificate proves the identity of the server (assuming that the client trusts the Certificate Authority).
The digital certificate by itself will not work, it needs to be signed by a certificate authority. SSL/TLS (Secured Sockets Layer/Transport Layer Security) works as a layer between the application and transport layers of the TCP/IP (Transmission Control Protocol/Internet Protocol) stack.
The server uses the digital certificate and the SSL/TLS protocol to encrypt communications between it and the client.
DMZ (Demilitarized Zone) is a small section of a private network that is located behind one firewall or between two firewalls and made available for public access.
Two project managers are on the phone, discussing plans for a new site. The call changes over to video, as a way for one site manager to show a schematic on a wall. Compare types of communication services and determine which service the project managers utilized.
Unified Communications
The project managers are utilizing Unified Communications (UC). These solutions are messaging applications that combine multiple communications channels and technologies into a single platform. These communications channels can include voice, messaging, interactive whiteboards, data sharing, email and social media.
Voice over Internet Protocol (VoIP) is a type of voice communication. While this could have been utilized for the first portion of the communication, it could not have been utilized without additional tools, to change to video.
Video Teleconferencing (VTC) is utilized for voice and video. The project managers started on a voice-only call, therefore this was not the solution being utilized.
Web conferencing is utilized for live meetings. The call started as voice-only, and this would not be applicable for this scenario.
A system administrator remotely manages a server securely by encrypting the packets over port 49. Analyze remote access protocols and determine which protocol the system administrator employed.
TACACS+
Terminal Access Controller Access-Control System Plus (TACACS+) is more reliable than RADIUS. It uses TCP communications over port 49 and this reliable, connection-oriented delivery makes it easier to detect when a server is down. All of the data in TACACS+ packets is encrypted.
Remote Authentication Dial-in User Service (RADIUS) uses ports 1812 and 1813 by default and is less secure than TACACS+. Only the authentication data is encrypted.
Lightweight Directory Access Protocol runs on port 389 by default. This basic protocol provides no security and all transmissions are in plaintext, making it vulnerable to sniffing and Man-in-the-Middle attacks.
Security Association Markup Language (SAML) was developed to handle user identity assertions and transmit authorizations between the principle and providers.
What provides an automatic method for network address allocation?
DHCP
The Dynamic Host Configuration Protocol (DHCP) provides an automatic method for network address allocation. As well, an IP address and subnet mask can include optional parameters.
The Domain Name System (DNS) is a system for resolving host names and domain labels to IP addresses. It uses a distributed database system that contains information on domains and hosts within those domains.
DNS server cache poisoning (or pollution) is another redirection attack, but instead of trying to subvert the name service used by the client, it aims to corrupt the records held by the DNS server itself.
DNS Security Extensions (DNSSEC) help to mitigate against spoofing and poisoning attacks by providing a validation process for DNS responses.
An administrator needs to complete a Secure File Transfer (SFTP) between UNIX systems. Compare the methods for obtaining secure remote access and determine which method the admin will most likely utilize.
Secure Shell
Secure Shell (SSH) is the principal means of obtaining secure remote access to a UNIX or Linux server. The main uses of SSH are for remote administration and Secure File Transfer (SFTP).
Telnet is terminal emulation software to support a remote connection to another computer. It does not support file transfer directly.
Remote Desktop Protocol (RDP) is Microsoft’s protocol for operating remote connections to a Windows machine.
A Virtual Private Network (VPN) is utilized to connect to a network and the user needs to connect to a single host to complete the file transfer.
An accountant opens a web browser and goes to a bank’s website to pull the latest statement. Compare web protocols and determine the correct protocol to use for this type of web activity?
HTTPS
HyperText Transfer Protocol Secure (HTTPS) is used to encrypt Transmission Control Protocol (TCP) connections. Websites for banking, email or shopping should use HTTPS to encrypt data for protection of the data being submitted.
HyperText Transfer Protocol (HTTP) enables clients, typically web browsers, to request resources from a server. The payload is usually used to serve HyperText Markup Language (HTML) web pages, which are plaintext files with coded tags.
Secure Sockets Layer/Transport Layer Security (SSL/TLS) work as a layer between the application and transport layers of the TCP/IP stack. It is usually used to encrypt TCP connections and the HTTP application.
Uniform Resource Locator (URL) is how the HTTP server submits a request for a resource using an appropriate TCP port (default is 80).
Server B requests a secure record exchange from Server A. Server A returns a package along with a public key that verifies the signature. What does this scenario demonstrate?
DNS Security Extensions
Domain Name System Security Extensions (DNSSEC) helps to mitigate against spoofing and poisoning attacks. The authoritative server for the zone creates a package of resource records, called an RRset, signed with a private key known as the zone signing key.
DNS server cache poisoning is a redirection attack that aims to corrupt the records held by the DNS server itself.
DNS spoofing is an attack that compromises the name resolution process. The attacker may compromise the process of DNS resolution by replacing the valid IP address for a trusted website.
Dynamic Host Configuration Protocol (DHCP) provides an automatic method for network address allocation.
A network administrator researched Secure Sockets Layer/Transport Layer Security (SSL/TLS) versions to determine the best solution for the network. Security is a top priority along with a strong cipher. Recommend the version to implement, which will meet the needs of the company.
TLS 1.2
Transport Layer Security (TLS) 1.2 added support for the strong Secure Hash Algorithm (SHA)-256 cipher along with improvements to the cipher suite negotiation process and protection against known attacks.
Secure Sockets Layer (SSL) 3.0 is less secure than any of the TLS versions and does not support SHA-256 cipher.
TLS 1.1 added the improvement to the cipher suite negotiation process and protection against known attacks but does not support SHA-256 cipher.
SSL 2.0 is deprecated and should only be deployed when subject to risk assessments. This version does not support SHA-256 cipher.
Select the vulnerabilities that can influence routing. (Select more than one)
Route injection
ARP poisoning
Fingerprinting
Fingerprinting is when a port scanner uses a tool such as Nmap that can reveal the presence of a router and which dynamic routing and management protocols it is running.
Route injection means that traffic is misdirected to a monitoring port (sniffing), sent to a blackhole (non-existent address), or continuously looped around the network, causing DoS.
Address resolution protocol (ARP) poisoning or internet control message protocol (ICMP) redirect is tricking hosts on the subnet into routing through the attacker’s machine, rather than the legitimate default gateway. This allows the attacker to eavesdrop on communications and perform replay or man in the middle (MitM) attacks.
Most routers can also be configured to block traffic, acting as a firewall.
A company desires a basic protocol for email. The owner requested that a local system store and manage email for each user. Compare the various mail protocols and recommend the best solution for the company.
Secure Post Office Protocol v3
Secure Post Office Protocol v3 (POP3) is a mailbox protocol designed to allow mail to be stored on a server and downloaded to the recipient’s email client at their convenience.
Secure Internet Message Access Protocol v4 (IMAP4) is primarily designed for dial-up access and the client contacts the server to download its messages, then disconnects. IMAP supports permanent connections to a server and connecting multiple clients to the same mailbox simultaneously. Messages can be stored and organized on the server.
Simple Mail Transfer Protocol (SMTP) specifies how mail is delivered from one system to another.
In Secure Multipurpose Internet Mail Extensions (S/MIME), the user is issued a digital certificate containing a public key that is signed by a CA (Certificate Authority) to establish its validity.