3.1 - Secure Protocols Flashcards

1
Q

SRTP

A
  • Secure Real- Time Transport Protocol
  • Goal is to take RTP and add encryption (think of voice or video calls)
  • Keep conversations private
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

AES

A
  • Advance Encryption Standard
  • Encryption method used for SRTP (Secure Real-Time Transport Protocol)
  • symmetrical
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

HMAC-SHA1

A
  • Hash-based message authentication code using SHA1 (hashing protocol)
  • With SRTP, it’s not just the communication that needs to be secure, but also authentication, integrity, and reply protection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

NTP

A
  • Network Time Protocol
  • Classic NTP has no security features
  • Exploited as amplifiers in DDoS attack
  • NTP was around before 1985, example of a legacy protocol (never originally designed with security features)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

NTPSec

A
  • Secure Network Time Protocol
  • Added many security features and cleaned up old code
  • Development began in 2015
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

S/MIME

A
  • Secure/Multipurpose Internet Mail Extensions
  • A way to keep email secure
  • Public key encryption on digital signing of mail content
  • Requires a PKI (public key infrastructure) or similar organization of keys
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

POP3

A
  • Secure POP
  • Use a STARTTLS extension to encrypt POP3 with SSL
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Secure IMAP

A
  • Uses IMAP with SSL to make it more secure
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

SSL/TLS

A
  • Secure Socket Layer/ Transport Layer Security
  • SSL is the older version, TLS is the updated version
  • If your mail is browswer based, always encrypt with SSL
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

HTTPS

A
  • If you’re sending secure communication over SSL/TLS then you’re using HTTPS (stands for Http over TLS or SSL)
  • HTTP over TLS / HTTP over SSL / HTTP Secure
  • most common for of HTTPS will use public key encryption, private key on the server, symmetric session key is transferred using asymmetric encryption, security and speed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

IPSec

A
  • Internet Protocol Security
  • an encrypted tunnel allows you to send information over the layer 3 internet but encrypt it
  • Security for OSI Layer 3
  • Authentication and encryption for every packet
  • includes encryption and packet signing for anti-replay features
  • Very standardized (can use different manufactures equipment), makes it easy to use, multi-vendor implementations
  • 2 core protocols: AH (Authentication Header) and ESP (Encapsulation Security Payload)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

AH

A
  • Authentication Header
  • provides integrity
  • One of two IPSec protocols (Other is ESP - Encapsulation Security Payload)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

ESP

A
  • Encapsulation Security Payload
  • provides the encryption
  • one of two IPSec protocols (other is AH - Authentication Header)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

FTPS

A
  • File Transfer Protocol Secure
  • Secure way to transfer files
  • FTP over SSL = FTP-SSL (uses SSL to encrypt the file that’s being sent via the FTP client)
  • One of the most common (the other is SFTP) - but they use completely different mechanisms to communicate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

SFTP

A
  • SSH File Transfer Protocol
  • This uses SSH to securely transport (not SSL like FTPS)
  • Provides file system functionality
  • Includes additional management capabilities: Resuming interrupted transfers, directory listings, remote file removal
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

LDAP

A
  • Lightweight Directory Access Protocol
  • Lightweight, uses TCP / IP
  • An organized set of records, like a phone directory
  • Standard for LDAP written in X500 specification by the ITU (International Telecommunications Union)
  • Ex: Microsoft Active Directory, Apple Open Directory, OpenLDAP, etc
  • Originally DAP ran out of the OSI protocol stack, this was updated to TCP / IP and created LDAP
17
Q

ITU

A
  • International Telecommunications Union
  • Wrote the X.500 which governs LDAP (Lightweight Directory Access Protocol)
18
Q

LDAPS

A
  • LDAP (Lightweight Directory Access Protocol Secure)
  • A non-standard implementation of LDAP over SSL
19
Q

SASL

A
  • Simple Authentication and Security Layer
  • Provides authentication using many different methods, ie Kerberos or client certificate
  • framework that many different application protocols to communicate securely.
  • LDAP uses this Kerberos, client certificates etc.
  • More common form of security than LDAPS
20
Q

SSH

A
  • Secure Shell
  • encrypted terminal communication
  • Replaces Telnet (and FTP). (Telnet provided terminal screen but no encryption)
  • Provides secure terminal communication screen and transfer features
  • Encryption screen that encrypts communication b/n the client and server
  • Very common to use SSH almost exclusively when doing any sort of terminal communication
21
Q

SSH

A
  • Secure Shell
  • encrypted terminal communication
  • Replaces Telnet (and FTP). (Telnet provided terminal screen but no encryption)
  • Provides secure terminal communication screen and transfer features
  • Encryption screen that encrypts communication b/n the client and server
  • Very common to use SSH almost exclusively when doing any sort of terminal communication
22
Q

DNSSEC

A
  • Domain Name System Security Extensions
  • Provides a way to validate information coming from a DNS server
  • Provides Origin Authentication and Data Integrity
23
Q

DNSSEC

A
  • Domain Name System Security Extensions
  • Provides a way to validate information coming from a DNS server
  • Provides Origin Authentication and Data Integrity
  • This is accomplished through Public Key Cryptography
24
Q

Public Key Cryptography

A
  • DNS records are signed with a trusted third party
  • Signed DNS records are published in DNS
25
Q

SNMPv3

A
  • Simple Network Management Protocol version 3
  • If you’re querying switches/ routers for information, want to use v3
  • Confidentiality (encrypted data)
  • Integrity (No tampering of data)
  • Authentication (Verifies the source)
  • Prior to version 3, no encryption
26
Q

HTTPS

A
  • Browswer-based management
  • Encrypted communication
  • (HTTP is insecure)
27
Q

DHCP

A
  • Dynamic Host Control Protocol
  • Used to automatically assign IP addresses to the devices on our network
  • Does not include any built in security in original specification
  • There is no “secure” version of the DHCP protocol
  • in order to enhance security, we’ve added additional protocols outside of the DHCP protocol (Ex: In Active Directory, DHCP servers must be authorized - avoids rogue DHCP servers. Ex: some switches can be configured with “trusted” interfaces, only trusted sites will pass through switches. It can block untrusted sites. aka DHCP Snooping in Cisco switches)
28
Q

DHCP Snooping

A
  • In Cisco switches, adding an additional layer of security to DHCP using trusted switches.
  • Security feature that acts like a firewall between untrusted hosts and trusted DHCP servers
  • If an untrusted site attempts to communicate through a switch that has been configured with “trusted” interfaces, it will be blocked.
29
Q

DHCP client DoS - Starvation attack

A
  • Uses spoofed MAC addresses to exhaust the DHCP protocol
  • Uses all the IP address in DHCP pool, which “starves” other devices
  • To combat: switches can be configured to limit the number of MAC addresses that can be seen by any one particular interface. If you see a large number of MAC address suddenly appear from one interface (where you’d only expect to see one MAC address from one device) you can automatically disable it.
30
Q

Automated Subscriptions

A
  • Ex: Anti-virus/ anti-/malware
  • IPS updates
  • Malicious IP address databases / Firewall updates
  • Challenge to managing updates, each device uses different protocols and methods to run automated updates
  • To combat: check for encryption and integrity checks
  • may require additional public key configuration (se up a trust relationship) - certificates, IP addresses and only allow devices to receive updates from trusted/ known servers