Chapter 11 - Securing TCP/IP Flashcards
What are the five areas of focus in TCP/IP security
Encryption Integrity Nonrepudiation Authentication Authorization
Define ‘ecryption’ in terms of TCP/IP security
To scramble, mix up, or change data
Must be easily descrambled by destination host
Define ‘integrity’ in terms of TCP/IP security
The process that guarantees that the data received is the same as originally sent.
Define ‘nonrepudiation’ in terms of TCP/IP security
process of making sure data came from the person or entity it was supposed to come from
Define ‘authentication’ in terms of TCP/IP security
to verify that whoever is trying to access the data is the person you want access the data
Define ‘authorization’ in terms of TCP/IP security
defines what an authenticated person can do with that data
How does all data start
plain text
clear text
Binary file (photograph)
Define ‘cipher’
a general term for a way to encrypt data
Define ‘unicode’
numbers representing letters and other characters
What is the purpose of a key in cryptography
A key does some math to every value using an algorithm. It enables us to scramble and unscramble data
Define frequency analysis
certain letters of the alphabet are used more than others, this helps to decrypt the code
Define symmetric-key algorithm
the same key is used for encryption and decryption
Major downfall is if someone gets a hold of the key they can encrypt or decrypt with it
Define asymmectric algorithm
uses different keys for encryption and decryption
Why use a block cipher
they can encrypt data in single ‘chunks’ of x length at a time
ex: 128-bit chunks
Works well when data comes in clearly distinct chunks
IP packets are ideal for this encryption method
Define DES
Data Encryption Standard uses a 64-bit block and a 56 bit key.
- Susceptible to brute force
what are 3 examples of ecryption that proceeded DES
3DES
International Data Encryption Algorithm (IDEA)
Blowfish
Define Stream Cipher
It takes a single bit at a time and encrypts it on the fly
+ Popular for long streams of data
ex. RC4
What is RC4
Rivest Cipher 4 \+ Fast \+ Easy to use \+ Free - Legacy
What is AES
Advanced Encryption Standard
- Block Cipher: 128 bit block & 128/192/256 key
+ Fast
+ Encompases many areas (wireless to file encryption)
What is Public Key Cryptography
most popular
Keys are exchanged securely
Public keys are used for encryption and decryption
What kind of encryption is seen at each layer of the OSI model
Layer 1: no encryption Layer 2: Proprietary encryption Layer 3: IPsec Layer 4: no encryption Layer 5/6/7: All the important encryption standards
What is a hash and its use
A cryptographic function that runs a string of binary digits and results in a value of some fixed length
aka checksum or message digest
Define SHA
Secure Hash Algorithm is the primary family of hash functions.
SHA-1 ( No longer safe)
SHA-2…
SHA-256 (most popular)
If MD5 is considered secure why is it still used in SMTP
Use a special form of MD5 called Challenge-Response authentication mechanism message digest 5
What is a digital signature
A hash of the message encrypted by the private key
How are public keys used
matching public keys decrypt digital signature public key, generate their own hash, and compares it to encrypted hash
Define certificate
a standardized type of digital signature that includes the digital signature of a third party, person, or company.
How does one obtain a certificate for a website
Once a website is created you can get a certificate from a authorized signing authority
Define authentication
the process of positively identifying users trying to access data.
Define Network Access Control
Defines a newer series of protection applications that combine the features of what traditionally was done by separate applications.
What is ACL
Access control list. A list of permissions that specifies what an authenticated user may perform on a shared resource
- Mandatory
- Discretionary
- Role Based
What is Mandatory Access Control
every resource is assigned a label that defines its security level
- Oldest
What is Discretionary Access Control
DAC is based on the idea that resource has an owner who may at his or her discretion assign access to that resource
What is Role based access control
RBAC most popular used in file sharing. Defines a users access to a resource based on the roles the user plays in the network
What protocol does dial up use
Serial Line Internet Protocol was totally unsecure and what migrated to PPP
What is PPP
Point to Point Protocol enables two point to point devices to connect authenticate with a user name and password, and negotiate the protocol the devices will use. The starting side is called the initiator and has the list of usernames and passwords
What are the 5 phasesto PPP
- Link Dead: Link control protocol starts connection
- Link Established: communicated with destination LCP
- Authentication
- Network Layer Protocol
- Termination
What are the two methods PPP used for authentication
PAP = Password Authentication Protocol transmits the user name and password over plaintext CHAP = Challenge Handshake Authentication Protocol bases hashes on a shared secret. Repeats process. MS-CHAPv2 is still popular
What is AAA
Authentication, Authorization, Accounting is designed for port authentication. Allows remote users to a particular point of entry.
What are the two standards for AAA
RADIUS
TACACS+
What is RADIUS
Remote Authentication Dial-In Service consists of a RADIUS server that has access to a database of user names and passwords, a number of NACs, and a group of systems that make up the network
- Authentication on port: 1812 (UDP), 1813 (UDP), 1645 (UDP), 1646 (UDP)
What is TACACS +
Terminal access Controller Access Control System Plus was developed by cisco. Uses PAP, CHAP, and MD5 hashes
What is Kerberos
authentication protocol for TCP/IP with many clients connecting to a single authenticating server
Port 88
Uses KDC for authentication process
What is KDC
Key distribution server used by kerberos has two processes Authentication server and ticket granting service.
1.. Hash user name and password to the AS
2. Compare results of hash to its own hash
3. If match, send granting ticket and timestamp
If the KDC goes down no one has access
What is Windows SID
Security token identifier
What is EAP
Extensible Authentication Protocol was developed to create a single standard to allow two devices to authenticate. Wrppaer for PPP. Used in wireless
What are the six types of EAP
EAP-PSK - Personal Shared Key, shared code on both AP and client, Uses AES
TLS - EAP with TLS, requires certificates on both client and server
EAP-TTLS - Single server-side certificate, tunneled TLS
PEAP - Protected Extensible Authentication Protocol
EAP-MS-CHAPv2 - uses password function with encrypted tls tunnel
LEAP = Lightweight extensible authentication protocol used almost exclusively by cisco products
What encryption does 802.1x use
Puts EAP information inside the ethernet frame.
Port based authentication network access control mechanism
What does an SSH server use for a key
RSA key
How does a SSH server use a key
Receives key, creates session ID, encrypts it with PK. Server decrypts and uses ID in all transfers going forward.
- Add usernames and passwords to authenticate
-
What must be generated to use public/private keys
A pair of RSA or digital signature algorithm
What is SSL limited to
HTML, FTP, SMTP, and other older TCP apps
What is IPsec
Internet Protocol Security is an authentication and ecryption protocol suite that works at the internet/network layer and will become primary method when IPV6 comes out.
What two ways does IPsec work in?
Transport mode and Tunnel Mode.
Explain IPsec transport mode:
only actual payload is encrypted; destination , source, other ipheader info is still readable
Explain IPsec tunnel mode
entire IP packet is encrypted and then placed into an IPsec endpoint where it is encapsulated inside another IP packet
What are the main IPsec protocols
Authentication Header
Encapsulating Security Payload
Internet Secuiryt Association and Key management Protocol
Internet Key exchange
What is Authentication Header
AH is for authentication
what is Encapsulating Security Payload
ESP is for implementing authentication and encryption
what is internet Security Association and Key management
For establishing security associations that define things like the protocol used for exchanging keys
Whgat is Internet Key Exchange
also called Kerberized Internet Negotiation of Keys widely used key exchanging protocols
What is Secure Copy Protocol
One of the first protocols used to transfer data securely between two hosts
What is Simple Network Management Protocol
for querying the state of SNMP devices
Define LDAP
Lightweight Directory Access Protocol is the tool that programs use to query aand change a databased.
Port 389
What is NTP used for
Netowrk Time Protocol gives the time.
