Chapter 11: Securing TCP/IP Flashcards

1
Q

Plaintext/Cleartext

A

Data that is in an easily read or viewed format

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Symmetric-Key Algorithm

A

Any encryption method that uses the same key for both encryption and decryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Assymetric-Key Algorithm

A

Any encryption method that uses different keys for encryption and decryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Block Cipher

A
  • An encryption algorithm in which data is encrypted in “chunks” of a certain length at a time.
  • Popular in wired networks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Stream Cipher

A

An encryption method that encrypts a single bit at a time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Rivest Cipher 4 (RC4)

A

Was the dominant stream cipher for a time, but now is not.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Advanced Encryption Standard (AES)

A

A block cipher that uses a 128-bit block size and 128, 192, or 256 bit key size.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the most popular form of email encryption?

A

Public-Key Cryptography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Rivest Shamir Adleman (RSA)

A

An improved asymmetric cryptography algorithm that enables secure digital signatures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

IPsec

A

The Network layer encryption protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Integrity

A

The process that guarantees that the data received is the same as originally sent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Secure Hash Algorithm (SHA)

A

The primary family of cryptographic hash functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Two unsafe algorithms

A

SHA-1 and Message-Digest Algorithm version 5 (MD5)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Nonrepudiation

A

The receiver of info has a very high confidence that the sender of a piece of info truly is who the receiver thinks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Digital Signature

A

An encrypted hash of a private encryption key that verifies a sender’s identity to those who receive encrypted data or messages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Certificate

A

A standardized type of digital signature that includes the digital signature of a third party (like GoDaddy) that guarantees that who is passing out this certificate truly is who they say they are.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Public-Key Infrastructure (PKI)

A

The system for creating and distributing digital certificates using sites like GoDaddy, VeriSign, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Authentication

A

The process of positively identifying users trying to access data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Authorization

A

Defines what an authenticated user can do with data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Network Access Control (NAC)

A

Control over information, people, access, machines, and everything in between

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Access Control List (ACL)

A

A clearly defined list of permissions that specifies what an authenticated user may perform on a shared resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Mandatory Access Control (MAC)

A

Authorization method in which every resource is assigned a label that defines its security level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Discretionary Access Control (DAC)

A

Authorization method based on the idea that there is an owner of a resource who may at his or her discretion assign access to that resource.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Role-Based Access Control (RBAC)

A

Authorization method that defines a user’s access to a resource based on the roles the user plays in the network environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Point-to-Point Protocol (PPP)

A

Enables two point-to-point devices to connect, authenticate, and negotiate the network protocol the two devices will use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

The 5 Distinct Phases to a PPP Connection

A

1) Link Dead: No link yet.
2) Link Establishment: Link Control Protocol (LCP) communicates with the LCP on the other side of the PPP link.
3) Authentication: Username/Password
4) Network layer protocol: LCP uses a protocol called Network Control Protocol (NCP) to make proper connections
5) Termination

27
Q

In a point-to-point connection, the side asking for the connection is the _______ and the other side is the ________.

A

Initiator, Authenticator

28
Q

Password Authentication Protocol (PAP)

A

The oldest and most basic form of authentication.

Sends the passwords in cleartext!!

29
Q

Challenge Handshake Authentication Protocol (CHAP)

A

A remote access authentication protocol that has the serving system challenge the remote client, which must provide an encrypted password.

30
Q

MSCHAP

A

The most common authentication method for dial up.

31
Q

Authentication, Authorization, and Accounting (AAA)

A

A security philosophy based upon the three words it is named with, ya know?

32
Q

Remote Authentication Dial-In User Service (RADIUS)

A
  • An AAA standard created to support ISP’s with hundreds or thousands of modems in hundreds of computers to connect to a single central database.
  • Either UDP 1812/1813 or UDP 1645/1646
33
Q

3 Devices of RADIUS

A

1) Radius Server that has access to usernames/passwords
2) Network Access Servers (NAS) that control the modems
3) A group of systems that dial into the network.

34
Q

What is the Microsoft RADIUS server?

A

Internet Authentication Service (IAS)

35
Q

What is the Linux RADIUS server?

A

FreeRADIUS

36
Q

Terminal Access Controller Access Control System Plus (TACACS+)

A
  • A protocol developed by Cisco to support AAA in a network with many routers and switches.
  • TCP port 49
  • Similar to RADIUS, but separates authorization, authentication and accounting.
37
Q

Kerberos

A

An authentication standard designed to allow different operating systems and applications to authenticate each other.

38
Q

Key Distribution Center (KDC)

A

System for granting authentication in Kerberos.

39
Q

Two processes of KDC

A

1) Authentication Server (AS)

2) Ticket Granting Service (TGS)

40
Q

In Windows, the security token is called a __________.

A

Security Identifier (SID)

41
Q

EAP-PSK

A
  • Most popular form of authentication in wireless networks.

- Uses a shared secret code (password or whatever) stored on the WAP and the clients

42
Q

EAP-TLS

A
  • A protocol that defines the use of a RADIUS server as well as mutual authentication, requiring certificates on both the server and every client.
  • Only used on wireless networks
43
Q

EAP-TTLS

A

A protocol similar to EAP-TTLS, but only uses a single server-side certificate.

44
Q

LEAP

A

Proprietary EAP used almost exclusively by Cisco wireless products.

45
Q

802.1X

A
  • A port-authentication network access control mechanism for networks.
  • Uses EAP
46
Q

Tunnel

A
  • An encrypted link between two programs on two separate computers
  • SSH creates encrypted tunnels
47
Q

SSL vs. TLS

A

SSL is limited to a few applications, whereas TLS is not limited (for the most part)

48
Q

IPsec

A

An authentication and encryption protocol suite that works at the Internet/Network layer

49
Q

Transport Mode of IPsec

A

Only the actual payload of the IP packet is encrypted, and the IP header info is readable.

50
Q

Payload

A

The primary data that is sent from a source network device to a destination network device.

51
Q

Tunnel Mode of IPsec

A

Entire IP packet is encrypted and encapsulated into another packet.

52
Q

Authentication Header (AH)

A

IPsec protocol for authentication

53
Q

Encapsulating Security Payload (ESP)

A

IPsec protocol involved in authentication and encryption

54
Q

Internet Security Association and Key Management Protocol (ISAKMP)

A

IPsec protocol used for establishing security associations that define things like the protocol used for exchanging keys.

55
Q

Two widely used key exchanging protocols

A

Internet Key Exchange (IKE) and Kerberized Internet Negotiation of Keys (KINK)

56
Q

Secure Copy Protocol (SCP)

A

One of the first protocols used to transfer data securely between two hosts.

57
Q

Secure FTP (SFTP)

A

Designed as a replacement for FTP after SCP was discovered to suck.

58
Q

OpenSSH

A

A series of secure programs developed to fix SSH’s limitation of only being able to handle one session per tunnel.

59
Q

Simple Network Management Protocol (SNMP)

A
  • A set of standards for communication with network devices in order to manage them.
  • UDP port 161
60
Q

Management Information Base (MIB)

A

SNMP’s version of a server

61
Q

Cacti

A

An SNMP tool that enables you to query an SNMP-capable device for info.

62
Q

Lightweight Directory Access Protocol (LDAP)

A
  • Tool that programs use to query and change a database

- TCP port 389

63
Q

Network Time Protocol (NTP)

A
  • Gives the current time

- UDP port 123