CH27 Security Protocols Flashcards
What is S/MIME ?
S/MIME = Secure / Multipurpose Internet Mail Extensions
It is a standard that provides cryptographic security for electronic messaging.
S/MIME is going to use separate session keys for each email message that’s being sent or received.
We can use digital IDs within Outlook or digital signatures within many different programs to give our emails authentication, integrity, and non-repudiation through S/MIME.
S/MIME can encrypt emails and their contents including malware.
What is SSL and TLS ?
Secure Socket Layer (SSL) and Transport Layer Security (TLS) – Cryptographic protocols that provide secure Internet communications for web browsing, instant messaging, email, VoIP, and many other services.
What is Downgrade attack?
Attacker can attack TLS through Downgrade attack.
Downgrade Attack – a protocol is tricked into using a lower quality version of itself instead of a higher quality version. To stop this, configure your web server to not support downgraded version of TLS.
For the exam: understand the concept of downgrade.
What is Break and Inspect ?
Accept the message as a middleman at the proxy, decrypt the message, observe the content, and then encrypt it and send it out to the target destination through TLS. (ex Dropbox)
What is SSH?
SSH = Secure Shell (SSH)
SSH is a protocol that can create a secure channel between two computers or network devices to enable one device to control the other device.
SSH is going to require two things : a SSH daemon to run on a server and SSH client on the client.
SSH port 22
SSH 2.0 uses Diffie-Hellman key exchange and MACs
What is VPN ?
VPN = Virtual Private Networks
a secure connection between two or more computers or device that are not on the same private network.
What is PPTP ?
PPTP = Point-to-Point Tunneling Protocol
a protocol that encapsulates PPP packets and ultimately sends data as encrypted traffic.
PPTP port 1723
PPTP can use CHAP-based authentication, making it vulnerable to attacks
What is L2TP ?
L2TP = Layer 2 Tunneling Protocol
A connection between two or more computers or device that are not on the same private network.
L2TP is not secure on its own and it provides no encryption and no confidentiality by itself.
L2TP is usually paired with IPSec to provide security.
L2TP uses port 1701
What is IPSec?
a TCP/IP protocol that authenticates and encrypts IP packets and effectively securing communications between computers and devices using this protocol.
IPSec provides confidentiality (encryption), integrity (hashing), and authentication (key exchange)
IPSec is the most secure protocol that works with VPNs.
What is IKE?
IKE = Internet Key Exchange
method used by IPSec to create a secure tunnel by encrypting the connection between authenticated peers. This can occur in 3 ways :
a. Main mode – there are three separate exchanges that are going to occur.
b. Aggressive mode – the key exchange is going to happen more quickly, but it still achieves basically the same result as Mian mode but it only uses three packets.
c. Quick mode – only the negotiated parameters of the IPSec session are going to be handled.
What is SA ?
SA = Security Association
For the exam : know Security Association (SA) – Establishment of secure connections and shared security information using certificates or cryptographic keys.
What is AH ?
AH = Authentication Header
Protocol used in IPSec that provides integrity and authentication
What is ESP ?
ESP = Encapsulating Security Payload
Provides integrity, confidentiality, and authenticity of packets by encapsulating and encrypting them.
What are the 2 possible modes that IPSec can operate on ?
IPSec can be operated in one of two modes :
- Transport mode – Host to host transport mode only uses encryption of the payload of an IP packet but not its header. Transport mode is used for transmission between hots on a private network.
- Tunnel mode - a network tunnel is created which encrypts the entire IP packet (payload and header)
Tunnel mode is commonly used for transmission between networks.
