3.1 - 3.2 Flashcards
Secure real tine protocol
Take non encrypted convos and add encryption to it it uses AES to encrypt audio and video
Hmac-sha1 hashing
Time synchronization
Ntpsec from ntp has cleaned up vulnerabilities
S/mime
Public private key encryption for emails and includes digital signatures
Pipulat to use pop3 with start tls and ssl
With imap can use secure imap
Briwsers should always use ssl
Ssl/tls
Secure sockets layer replaced by transport layer security via http
Ipsec tunnel
Security for osi layer
Encryption and packet signing
First authentication header, then encapsulation payload for encryption
Ftps and sftp
Ftps uses uses ssl
Sftp - ssh file transfer protocal, more management capabilities, listing interruptions, manipulate file system
Ldap
Lightweight directly access protocol
Standard for having a directory on network, used tcp/ip
Ldap secure - uses ssl for secure communication
Sasl is used by ldap and is a simple authentication and security layer
Ssh and dns
Secure shell replaces old telnet
Domain name system originally had no security to be redirected by hackers. Dns sec extension is added to validate info given to ensure it came from the place requested without changes in transit
Routing and switches
Snmpv3 protocol uses queuing and confidentiality of data simple network management protocol v3
Https not http
Dhcp
Automatically assigns ip to netwrok and device
Hackers can manipulate so controls are added in active directory, assigns devices with permissions
Untrusted interfaces get blocked
Defense in deptg
Multifaceted defense
End point detection and response
Attacks usually from signatures but edr uses what the file is doing and other methods rather than block signature it blocks action
Data loss prevention
Preventing data transfer from being seen, in the clear or encrypted form
Maybe a firewall cloud or clients system
Ngfw
Next gen firewalls identifies apps regardless of hiding ip address can block at network level, includes decrypt and encrypt capability
Host base firewalls
Firewalls also running on end points supported By host based firewall
Another is host bast intrusion detection system or host based intrusion prevention system
Can be integrated in host basted detection system
Boot integrity
Attackers want to get into an os to stay there and come back on, with a rootkit at kernal level.
Trusted platform module
For cryptographic functions in the os such as a number generator and memory to store keys and is password protected with anti bruteforce
Uefi bios has secure boot
Protections for software bios and can see fake bios and can check boot loaders at boot level and uses trusted certs to match a digital signature
Trusted boot
Boot drivers and start up and uses elam before any apps start up to match signatures to check drivers
Measured boot
For a network of computers to check for malwarez stores Hash and firmware
An attestation server will ensure nothing has been modified
Database security
Tokenization where data isn’t really stored in it cause its replaced with a token its not hashing or encrypting
As a hash, save as a message digest, and different inputs have different values. One way trip. Can add salt to avoid rainbow tables
Input validation
For secure coding data needs to be documented to see all data inout and ensure nothings is out of scope, for normalization, like a zip-code not allowing for letters .
Hackers use fuzzers to see if they can bug it out dynamic analysis to see if crash or buffer overflow or other vulnerability
Secure cookies
Temporary info like session management info should be protected as secure cookies using https
Http secure headers
Allows or disallows certain actions when apps in use like restricting info thats not https or allowing some types of data to be loaded into the page
