CH27 Security Protocols Flashcards

1
Q

What is S/MIME ?

A

S/MIME = Secure / Multipurpose Internet Mail Extensions

It is a standard that provides cryptographic security for electronic messaging.

S/MIME is going to use separate session keys for each email message that’s being sent or received.
We can use digital IDs within Outlook or digital signatures within many different programs to give our emails authentication, integrity, and non-repudiation through S/MIME.
S/MIME can encrypt emails and their contents including malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is SSL and TLS ?

A

Secure Socket Layer (SSL) and Transport Layer Security (TLS) – Cryptographic protocols that provide secure Internet communications for web browsing, instant messaging, email, VoIP, and many other services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Downgrade attack?

A

Attacker can attack TLS through Downgrade attack.

Downgrade Attack – a protocol is tricked into using a lower quality version of itself instead of a higher quality version. To stop this, configure your web server to not support downgraded version of TLS.

For the exam: understand the concept of downgrade.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Break and Inspect ?

A

Accept the message as a middleman at the proxy, decrypt the message, observe the content, and then encrypt it and send it out to the target destination through TLS. (ex Dropbox)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is SSH?

A

SSH = Secure Shell (SSH)

SSH is a protocol that can create a secure channel between two computers or network devices to enable one device to control the other device.

SSH is going to require two things : a SSH daemon to run on a server and SSH client on the client.

SSH port 22

SSH 2.0 uses Diffie-Hellman key exchange and MACs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is VPN ?

A

VPN = Virtual Private Networks

a secure connection between two or more computers or device that are not on the same private network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is PPTP ?

A

PPTP = Point-to-Point Tunneling Protocol

a protocol that encapsulates PPP packets and ultimately sends data as encrypted traffic.

PPTP port 1723

PPTP can use CHAP-based authentication, making it vulnerable to attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is L2TP ?

A

L2TP = Layer 2 Tunneling Protocol

A connection between two or more computers or device that are not on the same private network.

L2TP is not secure on its own and it provides no encryption and no confidentiality by itself.

L2TP is usually paired with IPSec to provide security.

L2TP uses port 1701

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is IPSec?

A

a TCP/IP protocol that authenticates and encrypts IP packets and effectively securing communications between computers and devices using this protocol.

IPSec provides confidentiality (encryption), integrity (hashing), and authentication (key exchange)

IPSec is the most secure protocol that works with VPNs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is IKE?

A

IKE = Internet Key Exchange

method used by IPSec to create a secure tunnel by encrypting the connection between authenticated peers. This can occur in 3 ways :
a. Main mode – there are three separate exchanges that are going to occur.
b. Aggressive mode – the key exchange is going to happen more quickly, but it still achieves basically the same result as Mian mode but it only uses three packets.
c. Quick mode – only the negotiated parameters of the IPSec session are going to be handled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is SA ?

A

SA = Security Association

For the exam : know Security Association (SA) – Establishment of secure connections and shared security information using certificates or cryptographic keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is AH ?

A

AH = Authentication Header

Protocol used in IPSec that provides integrity and authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is ESP ?

A

ESP = Encapsulating Security Payload

Provides integrity, confidentiality, and authenticity of packets by encapsulating and encrypting them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the 2 possible modes that IPSec can operate on ?

A

IPSec can be operated in one of two modes :

  1. Transport mode – Host to host transport mode only uses encryption of the payload of an IP packet but not its header. Transport mode is used for transmission between hots on a private network.
  2. Tunnel mode - a network tunnel is created which encrypts the entire IP packet (payload and header)
    Tunnel mode is commonly used for transmission between networks.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly