Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

3.0 - Implementation > 3.1 Secure Protocols > Flashcards

3.1 Secure Protocols Flashcards

1
Q

• SRTP
– Secure Real-Time Transport Protocol / Secure RTP
• Adds security features to RTP
– Keep conversations private
• Encryption
– Uses AES to encrypt the voice/video flow
• Authentication, integrity, and replay protection
– HMAC-SHA1 - Hash-based message authentication
code using SHA1

A

Voice and video

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q 
• Classic NTP has no security features
– Exploited as amplifiers in DDoS attacks
– NTP has been around prior to 1985
• NTPsec
– Secure network time protocol
– Began development in June of 2015
• Cleaned up the code base
– Fixed a number of vulnerabilities
A

Time synchronization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

• S/MIME
– Secure/Multipurpose Internet Mail Extensions
– Public key encryption and digital signing
of mail content
– Requires a PKI or similar organization of keys
• Secure POP and Secure IMAP
– Use a STARTTLS extension to encrypt POP3 with
SSL or use IMAP with SSL
• SSL/TLS
– If the mail is browser based, always encrypt with SSL

A

Email

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

• SSL/TLS
– Secure Sockets Layer/Transport Layer Security
• HTTPS
– HTTP over TLS / HTTP over SSL / HTTP Secure
• Uses public key encryption
– Private key on the server
– Symmetric session key is transferred using
asymmetric encryption
– Security and speed

A

Web

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

• Security for OSI Layer 3
– Authentication and encryption for every packet
• Confidentiality and integrity/anti-replay
– Encryption and packet signing
• Very standardized
– Common to use multi-vendor implementations
• Two core IPSec protocols
– Authentication Header (AH)
– Encapsulation Security Payload (ESP)

A

IPSec (Internet Protocol Security)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q 
• FTPS
– FTP over SSL (FTP-SSL)
– File Transfer Protocol Secure
– This is not SFTP
• SFTP
– SSH File Transfer Protocol
– Provides file system functionality
– Resuming interrupted transfers, directory listings,
remote file removal
A

File transfer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

• Protocol for reading and writing directories over
an IP network
– An organized set of records, like a phone directory
• X.500 specification was written by the International
Telecommunications Union (ITU)
– They know directories!
• DAP ran on the OSI protocol stack
– LDAP is lightweight, and uses TCP/IP
• LDAP is the protocol used to query and update
an X.500 directory
– Used in Windows Active Directory,
Apple OpenDirectory, OpenLDAP, etc.

A

LDAP (Lightweight Directory Access Protocol)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

• LDAP (Lightweight Directory Access Protocol)
• LDAPS (LDAP Secure)
– A non-standard implementation of LDAP over SSL
• SASL (Simple Authentication and Security Layer)
– Provides authentication using many different
methods, i.e., Kerberos or client certificate

A

Directory services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q 
• SSH (Secure Shell)
– Encrypted terminal communication
– Replaces Telnet (and FTP)
– Provides secure terminal communication and
file transfer features
A

Remote access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

translates human readable domain names (for example, www.amazon.com) to machine readable IP addresses (for example, 192.0.
- port 53 (TCP/UDP)
• DNS had no security in the original design
– Relatively easy to poison a DNS (domain hijacking, url redirection, cache poisoning)
• DNSSEC
– Domain Name System Security Extensions
- used to get around DNS posioning
- (all DNS zones have certificates)
• Validate DNS responses
– Origin authentication
– Data integrity
• Public key cryptography
– DNS records are signed with a trusted third party
– Signed DNS records are published in DNS

A

Domain name resolution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q 
• SSH - Secure Shell
– Encrypted terminal communication
• SNMPv3 - Simple Network
– Management Protocol version 3
– Confidentiality - Encrypted data
– Integrity - No tampering of data
– Authentication - Verifies the source
• HTTPS
– Browser-based management
– Encrypted communication
A

Routing and switching

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

• Securing DHCP
– DHCP does not include any built-in security
– There is no “secure” version of the DHCP protocol
• Rogue DHCP servers
– In Active Directory, DHCP servers must be authorized
– Some switches can be configured with
“trusted” interfaces
– DHCP distribution is only allowed from
trusted interfaces
– Cisco calls this DHCP Snooping
– DHCP client DoS - Starvation attack
– Use spoofed MAC addresses to exhaust the DHCP pool
– Switches can be configured to limit the number of
MAC addresses per interface
– Disable an interface when multiple MAC addresses
are seen

A

Network address allocation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

• Automated subscriptions
– Anti-virus / Anti-malware signature updates
– IPS updates
– Malicious IP address databases / Firewall updates
• Constant updates
– Each subscription uses a different update method
• Check for encryption and integrity checks
– May require an additional public key configuration
– Set up a trust relationship
– Certificates, IP addresses

A

Subscription services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

3.0 - Implementation (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions