Chapter 12- Secure Communications and Network Attacks Flashcards
- List some protocols that provide security services for application specific communications i.e. secure communications protocols: Internet Protocol Security (IPSec)
- Kerberos
- Secure Shell
- Signal Protocol
- Secure Remote Procedure Call (S-RPC)
- Secure Socket Layer (SSL)
- Transport Layer Security (TLS)
- Describe IPSec:
Internet Protocol Security (IPSec) uses public key cryptography to provide encryption, access control, non-repudiation and message authentication all using IP based protocols.
- Describe Kerberos:
Kerberos offers a single sign on solution for users and provides protection for log on credentials.
- What is Secure Remote Procedure Call (S-RPC)?
Secure Remote Procedure Call (S-RPC) is an authentication service and is simply a means to prevent unauthorised execution of code on remote systems.
- What is Secure Socket Layer (SSL)?
Secure Socket Layer (SSL) is an encryption protocol to protect communications between web server and web browser.
• SSL can be used to secure web, email, File Transfer Protocol (FTP) or even Telnet
- What is Transport Layer Security (TLS)?
Transport Layer Security uses stronger authentication and encryption protocols.
- Similarities of TSL and SSL: both secure client server communications across insecure network
- Support one way authentication
- Support 2way authentication using digital certificates
- Implemented at the initial payload of a TCP package, alloing it to encapsulate higher payloads
- Can be implemented at lower levels (e.g. layer 3) i.e. open VPN
- Advantages of TLS:
it can be used to encrypt User Datagram Protocol (UDP) and Session Initiation Protocol (SIP)
- List some authentication protocols:
CHAP, PAP, EAP
- Explain Challenge Handshake Authentication Protocol (CHAP):
Challenge Handhsake Authentication Protocol (CHAP) is on of the protocols uses over Point-to-Point Protocol (PPP)
• Encrypts user names and passwords
• This activity is transparent to the user.
- What is Point-to-Point Protocol?
Point-to-Point Protocol is a data link 2 communication protocol between 2 routers directly without any host or any other networking in between.
- What is Password Authentication Protocol (PAP)?
Password Authentication Protocol (PAP) is a standardised authentication protocol for PPP. PAP offers no encryption.
- What is Extensible Authentication Protocol?
Extensible Authentication Protocol (EAP) is a framework for authentication rather thana protocol. It allows customised authentication security solutions e.g. tokens, biometrics etc.
- PBX means
Private Branch Exchange
- PSTN means
Public Switched Telephone Network (PSTN)
- Vulnerabilities of Public Branch Exchange (PBX) and Public Switched Telephone Network (PSTN) are voice communications are vulnerable to
interception, eavesdropping, tapping etc.
- Phreakers are:
Phreakers are malicious attackers that abuse phone systems. Phreakers may be able to gain unauthorized access to personal voice mailboxes, redirect messages, block access, and redirect inbound and outbound calls.
- What is Instant Messaging (IM)?
Instant Messaging (IM) is a mechanism that allows for real time text based chat between 2 users located anywhere on the internet. E.g. Facebook, Skype, Google hangouts etc.
- Use of Simple Mail Transfer Protocol (SMTP) are:
Simple Mail Transfer Protocol (SMTP) are used to accept messages from clients, transport those messages to servers and deposit them into user’s server based inbox transfer.
• Sender Policy Framework can be used to configure SMTP servers to protect against Spam and email spoofing
- _________ is the most common SMTP server for Unix systems, and ________ is the most common SMTP server for Microsoft systems.:
Sendmail, Exchange
- List some email security solutions:
Secure Multipurpose Internet Mail Extensions (S/MIME).
- Describe Secure Multipurpose Internet Mail extension (S/MIME) messages:
: S/MIME Signed messages: provides integrity, sender authentication and nonrepudiation.
• An enveloped message provides integrity, sender authentication and confidentiality.
- MOSS means
MIME Object Security Services (MOSS)
• *MIME means Multipurpose Internet Mail Extensions
• MOSS used RC4, MD2, MD 5, RSA and DES
- MIME Object Security Services (MOSS) can provide ____,____,____and ____ for email messages.
authentication, confidentiality, integrity, and nonrepudiation
- Explain Simple Multipurpose Internet Mail Extensions S/MIME) messages:
S/MIME Signed messages: provides integrity, sender authentication and nonrepudiation.
• An enveloped message provides integrity, sender authentication and confidentiality.
- What is Privacy Enhanced Mail (PEM)?
Privacy Enhanced Mail is an email encryption mechanism that provides authentication, integrity, confidentiality and non-repudiation.
PEM uses X.509, RSA, DES
- What is Pretty Good Privacy (PGP)
Pretty Good Privacy (PGP) is a public-private key system that uses a variety of encryption algorithms to encrypt files and email messages. It uses RSA, IDEA
- List 2 types of dial up protocols:
Point to Point Protocol (PPP) and Serial Line Internet Protocol (SLIP)
- List 2 Centralised Remote Authentication Services:
Remote Authentication Dial In User Service (RADIUS)
Terminal Access Controller Access Control System (TACACS+)
- What is VPN?
A virtual private network (VPN) is a communication tunnel that provides point-to-point transmission of both authentication and data traffic over an intermediary untrusted network.
- What is tunnelling?
Tunnelling is the network communications process that protects the contents of protocol packets by encapsulating them in packets of another protocol.
- Disadvantages of tunnelling are?
Tunnelling creates larger packets
• Is a point to point communication and is not designed to handle broadcast traffic.
- Point to Point Tunnelling Protocol is supported by?
• Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)
• Challenge Handshake Authentication Protocol (CHAP)
• Password Authentication Protocol (PAP)
• Extensible Authentication Protocol (EAP)
• Shiva Password Authentication Protocol (SPAP)
The initial tunnel negotiation process used by PPTP is not encrypted.
- List some common VPN protocols:
: L2TP, PPP, L2F, IPsec
- What is Point to Point Tunnelling Protocol (PPTP)?
Point to Point Tunnelling Protocol (PPTP) is an encapsulation protocol developed from the dial up Point to Point Protocol. It operates at Data Layer (Layer 2)
- What is L2F?
Layer 2 Forwarding (L2F) is a mutual authentication tunnelling mechanism. It does not offer encryption
- What is Layer 2 Tunnelling Protocol (L2TP):
Layer 2 Tunnelling Protocol is derived from PPTP AND L2F. It lacks built in encryption but relies on IPsec as its security mechanism. It also supports RADIUS and TACACS+
- Describe IPsec Protocol
Is both a standalone VPN and part of the L2TP security mechanism. It has security elements of IPv6 crafted into an add on package for IPv4. It has 2 primary components:
• Authentication Header provides authentication, integrity and non-repudiation
• Encapsulating payload provides for encryption to protect the confidentiality of transmitted data, but it also provides limited authentication. It operates at Network Layer (Layer 3)
• It can be used in transport mode or tunnel mode.
• In transport mode, the IP packet data is encrypted but the header of the packet is not
• In tunnel mode, the entire IP packet is encrypted, and a new header is added to the packet to govern transmission through the tunnel.
- What is Virtual LAN?
A Virtual Local Area Network (VLAN) is a hardware imposed network segmentation created by switches.
• VLANs can also be assigned or created based on device MAC address, mirroring the IP subnetting, around specified protocols, or based on authentication.
• VLANs let you control and restrict broadcast traffic and reduce a network’s vulnerability to sniffers because a switch treats each VLAN as a separate network division
• VLANs operate at layer 2
• VLANs work like subnets, but keep in mind that they are not actual subnets. VLANs are created by switches at layer 2. Subnets are created by IP address and subnet mask assignments at layer 3.
- What is virtualisation?
Virtualisation is the technology that is used to host one or more operating systems within the memory of a single host computer. E.g. VMware, Hyper-V etc
- Advantages of virtualisation:
real time scalability, easier and faster backups, malicious code compromise hardly affect host OS, allows safe testing and experimentation
- What is VM escaping?
VM escaping occurs when software within a guest OS is able to breach isolation protection provided by the hypervisor in order to violate the container of other OSs