Chapter 11 Secure Protocols and Applications Flashcards
What is DNS and why is it important to use DNSSEC?
DNS (Domain Name System) is a protocol that translates domain names into IP addresses. DNSSEC (DNS Security Extensions) is important to ensure the integrity and authenticity of DNS data. It uses digital signatures to prevent DNS spoofing and other attacks.
What are the security risks associated with DNS?
DNS is susceptible to domain hijacking, URL redirection, and cache poisoning attacks. These can lead to unauthorized control of domains, redirecting users to malicious websites, and manipulating cached DNS data.
What is SNMP and why is version 3 recommended for use?
SNMP (Simple Network Management Protocol) is used for network management and monitoring. SNMP version 3 is recommended because it provides encryption and authentication, ensuring secure communication between management systems and network devices.
What protocol replaced Telnet for secure terminal communication?
SSH (Secure Shell) replaced Telnet for secure terminal communication. Telnet had no encryption, while SSH provides secure encrypted communication and runs on TCP Port 22.
What are the secure alternatives to FTP?
The secure alternatives to FTP (File Transfer Protocol) are FTPS (FTP over SSL) and SFTP (SSH File Transfer Protocol). FTPS runs through an SSL tunnel on TCP Port 990, while SFTP runs through SSH on TCP Port 22.
What is SRTP and what is its purpose?
SRTP (Secure Real-Time Transport Protocol) is used for securing voice over IP (VoIP) communications. It provides encryption and authentication to protect the privacy and integrity of voice data. SRTP runs on UDP Port 5004.
Why is plain FTP vulnerable?
Plain FTP (File Transfer Protocol) is vulnerable because when authenticating, the username and password are sent over the network in plain text, making it susceptible to network sniffing attacks. If an attacker captures the network traffic, they can obtain the credentials.
How can you capture and analyze FTP traffic using Wireshark?
In Wireshark, you can capture and analyze FTP traffic by applying a filter for the FTP protocol. Simply enter “FTP” in the filter bar and press enter to display only FTP-related packets. Wireshark provides detailed information about the FTP headers and the transmitted data.
What measures can be taken to protect FTP traffic?
Using secure versions of FTP, Limiting network access to trusted entities to minimize the risk of unauthorized interception. Implementing IPsec (IP Security) on the internal LAN to encrypt the communication between endpoints.Enforcing strong passwords and implementing user authentication mechanisms to prevent unauthorized access to FTP servers.Implementing network monitoring and intrusion detection systems to detect any suspicious activity on the network.
How can you hide the true identity of a web server host?
By using techniques like load balancing, reverse proxy, and network address translation.
What is the recommended protocol for securing web applications?
HTTPS (HTTP over SSL/TLS).
What should be used to enable HTTPS on a web server?
A certificate issued to the server, which is used to configure the HTTPS binding.
What should be the minimum version of TLS used for securing web applications?
TLS 1.2 or higher.
What is LDAPS?
LDAPS (LDAP over SSL/TLS) is a secure version of the Lightweight Directory Access Protocol, which utilizes SSL/TLS for encryption.
Which port does LDAPS typically operate on?
Port 636.