Chapter 12 Flashcards
This is an encryption tool
used to protect sessionless datagram protocols.
Transport Layer Security (TLS)
Simple Key Management for Internet Protocol (SKIP)
Secure Sockets Layer (SSL)
Secure Remote Procedure Call (S-RPC)
Simple Key Management for Internet Protocol (SKIP)
This is an authentication service and is
simply a means to prevent unauthorized execution of code on remote systems.
Transport Layer Security (TLS)
Simple Key Management for Internet Protocol (SKIP)
Secure Sockets Layer (SSL)
Secure Remote Procedure Call (S-RPC)
Secure Remote Procedure Call (S-RPC)
is an encryption protocol developed by Netscape to
protect the communications between a web server and a web browser.
Transport Layer Security (TLS)
Simple Key Management for Internet Protocol (SKIP)
Secure Sockets Layer (SSL)
Secure Remote Procedure Call (S-RPC)
Secure Sockets Layer (SSL)
______ functions in the same general manner as SSL, but it uses stronger authentication and encryption protocols.
Transport Layer Security (TLS)
Simple Key Management for Internet Protocol (SKIP)
Secure Sockets Layer (SSL)
Secure Remote Procedure Call (S-RPC)
Transport Layer Security (TLS)
_______ encrypts usernames and passwords.
It performs authentication using a challenge-response dialogue that cannot be replayed.
Lightweight Extensible Authentication Protocol (LEAP).
Protected Extensible Authentication Protocol (PEAP)
Password Authentication Protocol (PAP)
Challenge Handshake Authentication Protocol (CHAP)
Extensible Authentication Protocol (EAP)
Challenge Handshake Authentication Protocol (CHAP)
________ a standardized authentication protocol for PPPand transmits usernames and passwords in the clear. It offers no form of encryption;
Lightweight Extensible Authentication Protocol (LEAP).
Protected Extensible Authentication Protocol (PEAP)
Password Authentication Protocol (PAP)
Challenge Handshake Authentication Protocol (CHAP)
Extensible Authentication Protocol (EAP)
Password Authentication Protocol (PAP)
This is a framework for authentication
instead of an actual protocol.
Lightweight Extensible Authentication Protocol (LEAP).
Protected Extensible Authentication Protocol (PEAP)
Password Authentication Protocol (PAP)
Challenge Handshake Authentication Protocol (CHAP)
Extensible Authentication Protocol (EAP)
Extensible Authentication Protocol (EAP)
_____ encapsulates EAP in a TLS tunnel and is used for securing communications over 802.11 wireless connections.
Lightweight Extensible Authentication Protocol (LEAP).
Protected Extensible Authentication Protocol (PEAP)
Password Authentication Protocol (PAP)
Challenge Handshake Authentication Protocol (CHAP)
Extensible Authentication Protocol (EAP)
Protected Extensible Authentication Protocol (PEAP)
______ was Cisco’s initial response to insecure WEP.
Lightweight Extensible Authentication Protocol (LEAP).
Protected Extensible Authentication Protocol (PEAP)
Password Authentication Protocol (PAP)
Challenge Handshake Authentication Protocol (CHAP)
Extensible Authentication Protocol (EAP)
Lightweight Extensible Authentication Protocol (LEAP).
______ abuse phone systems in much the same way that attackers abuse computer networks.
phreakers
______ is designed to help manage external access and external control of a PBX by assigning access codes to users.
Direct Inward System Access (DISA)
____________ are used to manipulate line voltages to steal long-distance services. They
are often just custom-built circuit boards with a battery and wire clips.
Black boxes
___________ are used to simulate tones of coins being deposited into a pay phone. They
are usually just small tape recorders.
Red boxes
____________ are used to simulate 2600 Hz tones to interact directly with telephone network trunk systems (that is, backbones). This could be a whistle, a tape recorder, or a digital tone generator.
Blue boxes
____________ are used to control the phone system. A white box is a dual-tone
multifrequency (DTMF) generator (that is, a keypad). It can be a custom-built device
or one of the pieces of equipment that most telephone repair personnel use.
White boxes
___________ is an email security standard that offers authentication and confidentiality to email through public key encryption and digital signatures.
Authentication is provided through X.509 digital certificates. Privacy is provided through
the use of Public Key Cryptography Standard (PKCS) encryption.
Secure Multipurpose Internet Mail Extensions (S/MIME)
MIME Object Security Services (MOSS)
DomainKeys Identified Mail (DKIM)
Pretty Good Privacy (PGP)
Secure Multipurpose Internet Mail Extensions (S/MIME)
__________ can provide
authentication, confidentiality, integrity, and nonrepudiation for email messages and
employs Message Digest 2 (MD2) and MD5 algorithms; Rivest, Shamir, and Adelman
(RSA) public key; and Data Encryption Standard (DES) to provide authentication and
encryption services.
MIME Object Security Services (MOSS)
________ is a means to assert that valid mail is
sent by an organization through verification of domain name identity.
DomainKeys Identified Mail (DKIM)
___________ is a public-private key system
that uses a variety of encryption algorithms to encrypt files and email messages.
Pretty Good Privacy (PGP)
The two primary examples of dialup
protocols _________.
Point-to-Point Protocol (PPP), Serial Line Internet Protocol (SLIP)
_______ is a replacement for SLIP and can support any LAN protocol, not just TCP/IP.
Point-to-Point Protocol (PPP)
____________ is a full-duplex protocol used for transmitting TCP/IP packets over various non-LAN connections, such as modems, ISDN, VPNs, Frame
Relay, and so on.
Point-to-Point Protocol (PPP)
___________ is an older technology developed to
support TCP/IP communications over asynchronous serial connections, such as serial
cables or modem dial-up.
Serial Line Internet Protocol (SLIP)
Centralized remote authentication services are ______ & ________
RADIUS and TACACS+
______ used to centralize
the authentication of remote dial-up connections.
Remote Authentication Dial-In User Service (RADIUS)
______ keeps the authentication, authorization, and
accounting processes separate.
XTACACS
XTACACS used UDP port _____
49
TACACS+ uses Transmission Control Protocol (TCP) port ______
49
__________ is the network communications process that protects the contents of protocol packets by
encapsulating them in packets of another protocol.
Tunneling
The initial tunnel negotiation process used by PPTP is ( not or is not) encrypted.
not
______ creates a point-to-point tunnel between two
systems and encapsulates PPP packets.
Point-to-Point Tunneling Protocol (PPTP)
Does L2F does offer encryption.
No
The most commonly used VPN protocol is _________
IP Security (IPSec)
IPSec has two primary components, or functions:
Authentication Header (AH) AH provides authentication, integrity, and nonrepudiation.
Encapsulating Security Payload (ESP) ESP provides encryption to protect the confidentiality of transmitted data, but it can also perform limited authentication
Encapsulating Security Payload (ESP) and can be used in what modes ?
transport mode and tunnel mode
______ mode, the IP packet data is encrypted but the header of the packet is not.
Transport mode
______ mode, the entire IP packet is encrypted and a new header is added to the packet to govern transmission through the tunnel.
Tunnel mode
___________ occurs when the message or
communication is broken up into small segments (usually fixed-length packets,
depending on the protocols and technologies employed) and sent across the intermediary
networks to the destination.
Packet switching
Within packet-switching systems are two types of virtual circuits:
Permanent virtual circuits (PVCs)
Switched virtual circuits (SVCs)
A _______ is like a dedicated leased line; the logical circuit always exists and is waiting for the
customer to send data. A PVC is a predefined virtual circuit that is always available.
Permanent virtual circuits (PVCs)
A _____ is more like a dial-up connection because a virtual circuit has to be created using the best paths currently available before it can be used and then
disassembled after the transmission is complete.
Switched virtual circuits (SVCs)
________ offers consumers a connection with multiple 64 Kbps B channels (2 to 23 of them) and a single 64 Kbps D channel. Thus can
be deployed with as little as 192 Kbps and up to 1.544 Mbps.
Primary Rate Interface (PRI)
_______ uses permanent virtual circuits to establish specific point-to-point connections between two
systems or networks.
X.25
____ is a layer 2 connection mechanism
that uses packet-switching technology to establish virtual circuits between communication
endpoints.
Frame Relay
Frame Relay’s cost is primarily based on _____ .
the amount of data transferred
What is committed information rate (CIR)?
The CIR is the guaranteed minimum bandwidth a service provider grants to its customers.
Frame Relay operates the ___ layer 2 of the OSI model as a connection-oriented packet-switching transmission
technology.
the Data Link layer
______ is a cell-switching WAN communication technology that fragments communications into fixed-length 53-byte cells.
Asynchronous transfer mode (ATM)
A _________ is the line of intersection between any two areas, subnets, or environments
that have different security requirements or needs.
security boundary
■Disable echo replies on external systems.
■ Disable broadcast features on border systems.
■ Block spoofed packets from entering or leaving your network.
■ Keep all systems patched with the most current security updates from vendors.
All prevent what ?
DDOS
_______ an entity puts forth a false
identity but without any proof.
Spoofing
_____________ is the act of pretending to be someone or something you are not to gain unauthorized access to a system. This usually implies that authentication credentials have been stolen
credentials have been stolen.
Impersonation, or masquerading
______ is simply listening to communication traffic for the purpose of duplicating it.
eavesdropping
__________ attempt to reestablish a communication
session by replaying captured traffic against a system.
Replay attacks
___________ occurs when an attacker sends false replies to a requesting system, beating
the real reply from the valid DNS server.
DNS spoofing
__________ occurs when an attacker alters the domain-name-to-IP-address mappings in a DNS system
to redirect traffic to a rogue system or to simply perform a denial-of-service against a system.
DNS poisoning
Understand the difference between packet switching and circuit switching.
In circuit switching, a dedicated physical pathway is created between the two communicating parties.
Packet switching occurs when the message or communication is broken up into small segments
and sent across the intermediary networks to the destination. Within packet-switching
systems are two types of communication paths, or virtual circuits: permanent virtual
circuits (PVCs) and switched virtual circuits (SVCs)
Understand the difference between permanent virtual
circuits (PVCs) and switched virtual circuits (SVCs)
A PVC is a predefined virtual circuit that is always available. The virtual circuit may be closed down when not in use, but it can be instantly reopened
whenever needed. An SVC is more like a dial-up connection because a virtual circuit has to
be created using the best paths currently available before it can be used and then disassembled
after the transmission is complete. In
Understand the differences between PPP and SLIP.
The Point-to-Point Protocol (PPP) is
an encapsulation protocol designed to support the transmission of IP traffic over dial-up or point-to-point links.
SLIP offered no authentication, supported only half-duplex communications, had no errordetection capabilities, and required manual link establishment and teardown.
Protocols that provide security services for application-specific communication channels are called ___ _____ ______ .
secure communication protocols
Five Secure Communications Protocols are
Simple Key Management for Internet Protocol (SKIP) Software IP Encryption (swIPe) Secure Remote Procedure Call (S-RPC) Secure Sockets Layer (SSL) Transport Layer Security (TLS) Secure Electronic Transaction (SET)
an email encryption mechanism that provides authentication, integrity, confidentiality, and nonrepudiation that uses RSA, DES, and X.509.
Privacy Enhanced Mail (PEM)
Which version of TACAS keeps the authentication, authorization, and accounting processes separate.
TACACS
TACACS+
XTACACS
XTACACS
Which version of TACAS adds two-factor
authentication.
TACACS
TACACS+
XTACACS
TACACS+
a specific internal client’s IP address is assigned
a permanent mapping to a specific external public IP address.
Static NAT
Dynamic NAT
Static NAT
Used to grant multiple internal clients access to a
few leased public IP addresses.
Static NAT
Dynamic NAT
Dynamic NAT
NAT is not directly compatible with IPSec because it modifies packet headers, true or False.
True
