Ch8 Secure Applications and Protocols Flashcards
HTTPS uses ___ for encryption
Transport Layer Security (TLS)
___ was originally developed to encrypt websites, but is now used by many applications and protocols
Transport Layer Security (TLS)
Secure Sockets Layer (SSL) was developed by Netscape in the ‘90’s, but was later usurped by ___
Transport Layer Security (TLS)
TLS uses ___ for authentication
RSA
the OSI seven-layer model contains the following layers:
Physical; Data Link; Network; Transport; Session: Presentation; Application
the TCP network model contains the following 4 layers:
Network Interface; Internet; Transport; Application
the IPv4 address ranges dedicated to private networks include:
- 0.0.0 - 10.255.255.255
- 16.0.0 - 73.31.255.255
- 168.0.0 - 192.168.255.255
a link local IPv6 address will always begin with ___
FE80
___ is a connection-oriented protocol which uses a 3-way handshake and can transport a large number of packets of data
TCP (Transmission Control Protocol)
___ is a transport protocol that can send a large number of packets quickly because there is no confirmation of reciept
UDP (User Datagram Protocol)
___ is a transport protocol that sends one packet at a time, usually for maintenance purposes
ICMP (Internet Control Message protocol)
TCP Ports 20 - 21
FTP/FTPS
TCP Port 22
FTP/SFTP/SSH (secure remote shell)/SCP (secure copy)
TCP Port 23
Telnet remote shell
TCP Port 25
SMTP (mail send)
TCP Port 49
TACACS Plus - secure authentication/authorization
TCP Port 53
DNS - Domain Name System
TCP Port 80
HTTP (unsecured)
TCP Port 110
POP - mail receive
TCP Ports 137-139
Netbios (Microsoft file transfer)
TCP Port 143
IMAP - Internet Message Access Protocol - mail receive
TCP Port 389
LDAP - lightweight directory access protocol
TCP Port 443
HTTPS
TCP Port 445
SMN - Server Message Block - file transfer
TCP Port 3389
RDP - remote desktop
UDP Port 67-68
DHCP - dynamic IP
UDP Port 69
TFTP - Trivial FTP
UDP Port 161-162
SNMP - network control
TCP Port 465
SMTP with SSL encryption
TCP Port 587
SMTP with TLS encryption
TCP Port 993
IMPA with TLS encryption
TCP Port 995
POP with TLS encryption
switching from DNS to DNSSEC will require ___
upgrading the physical server
for protection, servers should generally be placed within the ___ of the network
DMZ
to relieve the burden of encryption/decryption, individual servers can be equipped with an ___, or it can be handled by a dedicated box
SSL Accelerator
a ___ can not only make a network run more efficiently, but also protect against DDoS attacks
Load Balancer
a Load Balancer on a network will often also have a ___ to protect against Distributed Denial of Service attacks
DDoS Mitigator
the ___ model for code development is generally considered too linear and rigid for today’s business environment, and is being replaced by the ___ model
waterfall; agile
in an agile work environment, short meetings called __ are used to expedite production objectives called ___
scrums; sprints
___ analyze the text of code looking for syntax and other common errors
static analyzers
in ___ code is run, and is analyzed for memory leaks and database query problems
dynamic analysis
in testing Code, ___ is where a real-world environment is created in a sandbox and stress applied to the syste
staging
in testing Code, ___ is where the code is reviewed to confirm that it still meets the original the original specs and criteria
Model Verification
