Chapter 12 Flashcards
an encapsulation protocol designed to support the transmission of IP traffic over dial-up or point-to-point links
Data Link layer
PPP
Point-to-Point Protocol
this authentication protocol transmits usernames and passwords in cleartext
PAP - Password Authentication Protocol
this authentication protocol uses a challenge-response and periodically reauthenticates the remote system
CHAP - Challenge Handshake Authentication Protocol
an authentication framework that allows customized authentication solutions that can support smartcards, tokens, or biometrics
EAP - Extensible Authentication Protocol
a legacy Cisco proprietary alternative to TKIP for WPA
LEAP - Lightweight Extensible Authentication Protocol
this authentication protocol encapsulates EAP in a TLS tunnel and supports mutual authentication
PEAP - Protected Extensible Authentication Protocol
a means of authenticating mobile devices using SIM cards
EAP-SIM
Subscriber Identity Module
An obsolete Cisco protocol that was designed to replace LEAP
EAP-FAST
Flexible Authentication via Secure Tunneling
this deprecated authentication protocol hases passwords using MD5
EAP-MD5
this authentication protocol uses OTP tokens in MFA for both one-way and mutual authentication
EAP-POTP
this authentication protocol is an IETF standard that is an implementation of the TLS protocol for use in protecting authentication traffic
EAP-TLS
this authentication protocol creates a VPN-like tunnel between endpoints prior to authentication
EAP-TTLS
formal name for IEEE 802.1X standard
Port-Based Network Access Control
what attacks are 802.1X vulnerable to?
MITM and hijacking
the oversight and management of the efficiency and performance of network communications
QoS - Quality of service
5 telephony protocols
POTS - plain old telephone service
PSTN - public switched telephone network
PBX - private branch exchange
mobile/cell services
VOIP - voice over IP
PBX and PSTN vulnerabilities
interception, eavesdropping, tapping
7 VOIP vulnerabilities
MiTM
hijacking
pharming
DoS
vishing
phreaking
fraud and abuse
telephone switching or exchange system deployed in private orgs to enable multistation use of a small number of PSTN lines
PBS - Private Branch Exchange
this security feature adds authentication requirements to all external connections to a PBX
Direct inward system access (DISA)
sus -.-
this type of remote access gives users the ability to remotely connect to and manipulate or interact with a single service
service specific remote access
this type of remote access grants a remote user the ability to fully control another system that is physically distant from them
remote control
this type of remote access is just another name for when a remote client establishes a direct connection to a LAN such as with wireless or VPN
remote note operation
this type of remote access can be used to refer to remote control, remote access, or remote desktop services
screen scraper/scraping
virtual applications
virtual desktops
this type of remote access can be used to refer to an automated tool that interacts with a human interface
screen scraper
4 topics to address in a remote access security management strategy
remote connectivity technology
transmission protection
authentication protection
remote user assistance
the use of various multimedia-supporting communication solutions to enhance distance collaboration
multimedia collaboration
load-balancing scheme where each packet or connection is assigned a destination randomly
random choice
load-balancing scheme where each packet or connection is assigned the next destination in order
round robin
load-balancing scheme where the device with the lowest current load receives the next connection
load monitoring
load-balancing scheme where each packet or connection is assigned a destination based on a subjective preference or known capacity difference
preferencing/weighted
load-balancing scheme where each connection is assigned a destination based on the destination’s relative distance from the load balancer
locality based/geographic
load-balancing scheme where each connection is assigned a destination based on previous connections from the same client
Locality based (affinity)
a form of load balancing that uses all available pathways or systems during normal operations. Optimizes availability during normal conditions.
active-active system
a form of load balancing that keeps some pathways or systems in an unused state during normal operations that are only used for failover. This optimizes availability.
active-passive system
What is an SMTP server called when it does not require senders to authenticate before accepting messages?
an open relay or a relay agent
what is an SMTP server called when it does require authentication?
closed relays or authenticated relays
an email security standard that offers authentication and confidentiality to email through public key encryption, digital envelopes, and digital signatures.
S/MIME
a peer-to-peer public-private key email system that uses a variety of encryption algorithms to encrypt files and email messages.
PGP
a means to asset that valid email is sent by an organization through verification of domain name identity
DKIM - DomainKeys Identified Mail
checking with the domain administrators to ensure that the sender is authorized to send messages through their system
SPF - Sender Policy Framework
a DNS-based email authentication system
DMARC- Domain Message Authentication Reporting and Conformance
attempts to set up an encrypted connection with the target email server; it is an SMTP command
STARTTLS, explicit TLS, opportunistic TLS for SMTP
TLS-encrypted SMTP which assumes the target server supports TLS. If not, the connection is terminated because plaintext is not accepted. Be better losers.
Implicit SMTPS
a form of DoS attack when someone responds with a Reply All to a message that has a significant number of recipients
mail storm
an obsolete encapsulation protocol operating at the Data Link layer on TCP port 1723
PPTP
Point-to-Point Tunneling Protocol
a Cisco tunneling protocol that operates at layer 2 and uses UDP port 1701
L2TP
Layer 2 Tunneling Protocol
a Cisco tunneling protocol that provides encapsulation without encryption
GRE
Generic Routing Encapsulation
a protocol that operates on TCP 22 that can be used as a transport mode VPN
SSH
an open source VPN option based on TLS
OpenVPN
a collection of protocols used for establishing VPN links between hosts or networks
IPsec
Internet Protocol Security
4 primary switch functions
learning, forwarding, dropping, flooding
a table held in switch memory that contains a mapping between MAC addresses and port numbers
CAM table
a switch feature that restricts the number of MAC addresses that will be accepted into the CAM table from each port
MAC limiting
the characteristic of a security control that ensures it is unseen by users
transparency
a form of auditing focused on communications, containing details about the source, destination, timestamp, packets, etc of communications on a network
transmission logging
security controls to prevent eavesdropping
physical access security
encryption
onetime authentication
application allow listing
security control to prevent modification attacks
integrity checking
a dedicated physical pathway is created between the two communicating parties
circuit switching
