Chapter 11 - Securing TCP/IP

Question 1

What are the five areas of focus in TCP/IP security

Answer 1

Encryption
Integrity
Nonrepudiation
Authentication
Authorization

Question 2

Define ‘ecryption’ in terms of TCP/IP security

Answer 2

To scramble, mix up, or change data

Must be easily descrambled by destination host

Question 3

Define ‘integrity’ in terms of TCP/IP security

Answer 3

The process that guarantees that the data received is the same as originally sent.

Question 4

Define ‘nonrepudiation’ in terms of TCP/IP security

Answer 4

process of making sure data came from the person or entity it was supposed to come from

Question 5

Define ‘authentication’ in terms of TCP/IP security

Answer 5

to verify that whoever is trying to access the data is the person you want access the data

Question 6

Define ‘authorization’ in terms of TCP/IP security

Answer 6

defines what an authenticated person can do with that data

Question 7

How does all data start

Answer 7

plain text
clear text
Binary file (photograph)

Question 8

Define ‘cipher’

Answer 8

a general term for a way to encrypt data

Question 9

Define ‘unicode’

Answer 9

numbers representing letters and other characters

Question 10

What is the purpose of a key in cryptography

Answer 10

A key does some math to every value using an algorithm. It enables us to scramble and unscramble data

Question 11

Define frequency analysis

Answer 11

certain letters of the alphabet are used more than others, this helps to decrypt the code

Question 12

Define symmetric-key algorithm

Answer 12

the same key is used for encryption and decryption

Major downfall is if someone gets a hold of the key they can encrypt or decrypt with it

Question 13

Define asymmectric algorithm

Answer 13

uses different keys for encryption and decryption

Question 14

Why use a block cipher

Answer 14

they can encrypt data in single ‘chunks’ of x length at a time
ex: 128-bit chunks
Works well when data comes in clearly distinct chunks
IP packets are ideal for this encryption method

Question 15

Define DES

Answer 15

Data Encryption Standard uses a 64-bit block and a 56 bit key.
- Susceptible to brute force

Question 16

what are 3 examples of ecryption that proceeded DES

Answer 16

3DES
International Data Encryption Algorithm (IDEA)
Blowfish

Question 17

Define Stream Cipher

Answer 17

It takes a single bit at a time and encrypts it on the fly
+ Popular for long streams of data
ex. RC4

Question 18

What is RC4

Answer 18

Rivest Cipher 4
\+ Fast
\+ Easy to use
\+ Free
-  Legacy

Question 19

What is AES

Answer 19

Advanced Encryption Standard
- Block Cipher: 128 bit block & 128/192/256 key
+ Fast
+ Encompases many areas (wireless to file encryption)

Question 20

What is Public Key Cryptography

Answer 20

most popular
Keys are exchanged securely
Public keys are used for encryption and decryption

Question 21

What kind of encryption is seen at each layer of the OSI model

Answer 21

Layer 1: no encryption
Layer 2: Proprietary encryption
Layer 3: IPsec 
Layer 4: no encryption
Layer 5/6/7: All the important encryption standards

Question 22

What is a hash and its use

Answer 22

A cryptographic function that runs a string of binary digits and results in a value of some fixed length
aka checksum or message digest

Question 23

Define SHA

Answer 23

Secure Hash Algorithm is the primary family of hash functions.
SHA-1 ( No longer safe)
SHA-2…
SHA-256 (most popular)

Question 24

If MD5 is considered secure why is it still used in SMTP

Answer 24

Use a special form of MD5 called Challenge-Response authentication mechanism message digest 5

Question 25

What is a digital signature

Answer 25

A hash of the message encrypted by the private key

Question 26

How are public keys used

Answer 26

matching public keys decrypt digital signature public key, generate their own hash, and compares it to encrypted hash

Question 27

Define certificate

Answer 27

a standardized type of digital signature that includes the digital signature of a third party, person, or company.

Question 28

How does one obtain a certificate for a website

Answer 28

Once a website is created you can get a certificate from a authorized signing authority

Question 29

Define authentication

Answer 29

the process of positively identifying users trying to access data.

Question 30

Define Network Access Control

Answer 30

Defines a newer series of protection applications that combine the features of what traditionally was done by separate applications.

Question 31

What is ACL

Answer 31

Access control list. A list of permissions that specifies what an authenticated user may perform on a shared resource 1. Mandatory 2. Discretionary 3. Role Based

Question 32

What is Mandatory Access Control

Answer 32

every resource is assigned a label that defines its security level - Oldest

Question 33

What is Discretionary Access Control

Answer 33

DAC is based on the idea that resource has an owner who may at his or her discretion assign access to that resource

Question 34

What is Role based access control

Answer 34

RBAC most popular used in file sharing. Defines a users access to a resource based on the roles the user plays in the network

Question 35

What protocol does dial up use

Answer 35

Serial Line Internet Protocol was totally unsecure and what migrated to PPP

Question 36

What is PPP

Answer 36

Point to Point Protocol enables two point to point devices to connect authenticate with a user name and password, and negotiate the protocol the devices will use. The starting side is called the initiator and has the list of usernames and passwords

Question 37

What are the 5 phasesto PPP

Answer 37

1. Link Dead: Link control protocol starts connection 2. Link Established: communicated with destination LCP 3. Authentication 4. Network Layer Protocol 5. Termination

Question 38

What are the two methods PPP used for authentication

Answer 38

``` PAP = Password Authentication Protocol transmits the user name and password over plaintext CHAP = Challenge Handshake Authentication Protocol bases hashes on a shared secret. Repeats process. MS-CHAPv2 is still popular ```

Question 39

What is AAA

Answer 39

Authentication, Authorization, Accounting is designed for port authentication. Allows remote users to a particular point of entry.

Question 40

What are the two standards for AAA

Answer 40

RADIUS | TACACS+

Question 41

What is RADIUS

Answer 41

Remote Authentication Dial-In Service consists of a RADIUS server that has access to a database of user names and passwords, a number of NACs, and a group of systems that make up the network - Authentication on port: 1812 (UDP), 1813 (UDP), 1645 (UDP), 1646 (UDP)

Question 42

What is TACACS +

Answer 42

Terminal access Controller Access Control System Plus was developed by cisco. Uses PAP, CHAP, and MD5 hashes

Question 43

What is Kerberos

Answer 43

authentication protocol for TCP/IP with many clients connecting to a single authenticating server Port 88 Uses KDC for authentication process

Question 44

What is KDC

Answer 44

Key distribution server used by kerberos has two processes Authentication server and ticket granting service. 1.. Hash user name and password to the AS 2. Compare results of hash to its own hash 3. If match, send granting ticket and timestamp If the KDC goes down no one has access

Question 45

What is Windows SID

Answer 45

Security token identifier

Question 46

What is EAP

Answer 46

Extensible Authentication Protocol was developed to create a single standard to allow two devices to authenticate. Wrppaer for PPP. Used in wireless

Question 47

What are the six types of EAP

Answer 47

EAP-PSK - Personal Shared Key, shared code on both AP and client, Uses AES TLS - EAP with TLS, requires certificates on both client and server EAP-TTLS - Single server-side certificate, tunneled TLS PEAP - Protected Extensible Authentication Protocol EAP-MS-CHAPv2 - uses password function with encrypted tls tunnel LEAP = Lightweight extensible authentication protocol used almost exclusively by cisco products

Question 48

What encryption does 802.1x use

Answer 48

Puts EAP information inside the ethernet frame. | Port based authentication network access control mechanism

Question 49

What does an SSH server use for a key

Answer 49

RSA key

Question 50

How does a SSH server use a key

Answer 50

Receives key, creates session ID, encrypts it with PK. Server decrypts and uses ID in all transfers going forward. - Add usernames and passwords to authenticate -

Question 51

What must be generated to use public/private keys

Answer 51

A pair of RSA or digital signature algorithm

Question 52

What is SSL limited to

Answer 52

HTML, FTP, SMTP, and other older TCP apps

Question 53

What is IPsec

Answer 53

Internet Protocol Security is an authentication and ecryption protocol suite that works at the internet/network layer and will become primary method when IPV6 comes out.

Question 54

What two ways does IPsec work in?

Answer 54

Transport mode and Tunnel Mode.

Question 55

Explain IPsec transport mode:

Answer 55

only actual payload is encrypted; destination , source, other ipheader info is still readable

Question 56

Explain IPsec tunnel mode

Answer 56

entire IP packet is encrypted and then placed into an IPsec endpoint where it is encapsulated inside another IP packet

Question 57

What are the main IPsec protocols

Answer 57

Authentication Header Encapsulating Security Payload Internet Secuiryt Association and Key management Protocol Internet Key exchange

Question 58

What is Authentication Header

Answer 58

AH is for authentication

Question 59

what is Encapsulating Security Payload

Answer 59

ESP is for implementing authentication and encryption

Question 60

what is internet Security Association and Key management

Answer 60

For establishing security associations that define things like the protocol used for exchanging keys

Question 61

Whgat is Internet Key Exchange

Answer 61

also called Kerberized Internet Negotiation of Keys widely used key exchanging protocols

Question 62

What is Secure Copy Protocol

Answer 62

One of the first protocols used to transfer data securely between two hosts

Question 63

What is Simple Network Management Protocol

Answer 63

for querying the state of SNMP devices

Question 64

Define LDAP

Answer 64

Lightweight Directory Access Protocol is the tool that programs use to query aand change a databased. Port 389

Question 65

What is NTP used for

Answer 65

Netowrk Time Protocol gives the time.