Chapter 12 - Network Security Flashcards
Advanced Encryption Standard (AES)
Released in 2001, AES is typically considered the preferred symmetric encryption algorithm. AES is available in 128-bit key, 192-bit key, and 256-bit key versions.
Asymmetric encryption
With asymmetric encryption, the sender and receiver of a packet use different keys.
Authentication Header (AH)
An IPsec protocol that provides authentication and integrity services. However, it does not provide encryption services.
Buffer overflow
This attack occurs when an attacker leverages a vulnerability in an application, causing data to be written to a memory area (that is, a buffer) that’s being used by a different application.
Challenge-Response Authentication Mechanism Message Digest 5 (CRAM-MD5)
A common variant of HMAC frequently used in e-mail systems. Like CHAP, CRAM-MD5 only performs one-way authentication (the server authenticates the client).
Denial of service (DoS)
A DoS attack floods a system with an excessive amount of traffic or requests, which consumes the system’s processing resources and prevents the system from responding to many legitimate requests.
Distributed denial of service (DDoS)
These attacks can increase the amount of traffic flooded to a target system. Specifically, an attacker compromises multiple systems, and those compromised systems, called zombies, can be instructed by the attacker to simultaneously launch a DDoS attack against a target system.
Encapsulating Security Payload (ESP)
An IPsec protocol that provides authentication, integrity, and encryption services.
FTP bounce
Use FTP PORT command to open a connection on FTP server to attack.
Generic Routing Encapsulation (GRE)
A tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocol packet types inside IP tunnels. This creates a virtual point-to-point link to various brands of routers at remote points over an Internet Protocol (IP) internetwork.
GNU privacy guard (GPG)
A free variant of pretty good privacy (PGP), which is an asymmetric encryption algorithm.
Internet Key Exchange (IKE)
A protocol used to set up an IPsec session.
Internet Security Association and Key Management Protocol (ISAKMP)
Negotiates parameters for an IPsec session.
IP Security (IPsec)
A type of VPN that provides confidentiality, integrity, and authentication.
Kerberos
A client-server authentication protocol that supports mutual authentication between a client and a server. Kerberos uses the concept of a trusted third party (a key distribution center) that hands out tickets to be used instead of a username and password combination.
Pretty good privacy (PGP)
PGP is a widely deployed asymmetric encryption algorithm and is often used to encrypt e-mail traffic.
Public key infrastructure (PKI)
A PKI system uses digital certificates and a certificate authority to allow secure communication across a public network.
Remote Authentication Dial-In User Service (RADIUS)
A UDP-based protocol used to communicate with a AAA server. Unlike TACACS+, RADIUS does not encrypt an entire authentication packet, but only the password. However, RADIUS offers more robust accounting features than TACACS+. Also, RADIUS is a standards-based protocol, whereas TACACS+ is a Cisco proprietary protocol.
RSA
A popular and widely deployed asymmetric encryption algorithm.
Single sign-on (SSO)
Allows a user to authenticate once to gain access to multiple systems, without requiring the user to independently authenticate with each system.
Stateful firewall
Inspects traffic leaving the inside network as it goes out to the Internet. Then, when returning traffic from the same session (as identified by source and destination IP addresses and port numbers) attempts to enter the inside network, the stateful firewall permits that traffic. The process of inspecting traffic to identify unique sessions is called stateful inspection.
Symmetric encryption
With symmetric encryption, both the sender and the receiver of a packet use the same key (a shared key) for encryption and decryption.
Unified threat management (UTM)
A firewall or gateway that attempts to bundle multiple security functions into a single physical or logical device.
Virtual private network (VPN)
Some VPNs can support secure communication between two sites over an untrusted network (for example, the Internet).
