Chapter 12: Telecommunications, Network, and Internet Security

Question 1

OSI Stack

Answer 1

a. Application
b. Presentation
c. Session
d. Transport
e. Network
f. Data link
g. Physical

Question 2

Transmission Control Protocol (TCP)

Answer 2

Reliable service that sequences incoming packets

Question 3

User Datagram Protocol (UDP)

Answer 3

Less reliable, does not do error checking, but is faster and easier to use than TCP

Question 4

Internet Protocol

Answer 4

IP addresses

Question 5

Address Resolution Protocol (ARP)

Answer 5

Matches IP to MAC addresses; RARP is the reverse process

Question 6

Internet Control Message Protocol (ICMP)

Answer 6

Management protocol for a network; ping is an ICMP command

Question 7

File Transfer Protocol (FTP)

Answer 7

Allows for data transfer between databases, etc

Question 8

Telnet (Remote Login)

Answer 8

Allows for a user to use a Telnet program to access another computer. Fell out of favor due to por security controls, and now Secure Shell or SSH is used instead

Question 9

Simple Mail Transfer Protocol (SMTP)

Answer 9

Host to host email protocol that allows for jumping across intermediaries during delivery

Question 10

ISO Security Services

Answer 10

Authentication: enforcing identification

Access control: restricting access based on things other than identity

Data confidentiality: Protecting both the message and the sender, recipient, and path of the message

Data integrity: Protecting data from unauthorized changes

Nonrepudiation: being able to prove that a particular person did a particular thing

Logging and monitoring: observing behavior on a system both in real time or historically

Question 11

OSI Implementation of Security Services

Answer 11

Encipherment: conversion away from plain text into ciphertext

Digital signature: Only allowing the sender and recipient to read the message via PPK

Access Control: restricting access based on things other than identity

Data integrity: Protecting data from unauthorized changes

Authentication: enforcing identification

Traffic padding: Running traffic in with other traffic to disguise what is important and what is not

Routing control: making sure the message gets where it is going even with network outages

Notarization: Ensuring that files have not been altered

Question 12

Local Area Network (LAN)

Answer 12

Designed for geographically concise spaces, like an office building or a campus. A MAN could be as large as a city’s wireless network.

Question 13

Wide Area Network (WAN)

Answer 13

Larger than a building, usually is a bunch of LANs connected together

Question 14

Internet

Answer 14

A bunch of networks connected together in which each host decides how it will interact with that wider network.

Question 15

Intranet

Answer 15

a TCP/IP network with restrictions to enforce certain protections; an example would be a company’s internal documents being hosted on an intranet that everyone in the company can access, but no one from the outside.

Question 16

Extranet

Answer 16

A section of network that faces out to allow for vendor connections, for example.

Question 17

Router

Answer 17

Network traffic manager in between LANs. Where NAT occurs when it is being used as a security measure

Question 18

Packet filtering

Answer 18

Matches incoming packets to rules, and then blocks packets that are not compliant with those rules. Basic filtering requires rules for communications in both directions. Stateful packet inspection allows the device to create more complicated rules and ensure that traffic is complying with them (to allow one way communication, for example0

Question 19

Firewalls

Answer 19

Intermediates requests more thoroughly, up to at the application level

Question 20

Application level gateway (Bastion host)

Answer 20

Allows for stricter traffic direction than a router. a proxy service must be installed for applications going through, and that service then intermediates the data. Services are restricted and tightly permissioned to limit the spread of permissions and access through the network. Not transparent to user, and configuring takes know how and time, and processing speed slows down.

Blocks direct exchange o information between systems, but allows for information flow between them assuming permissions are configured to allow that.

Question 21

Intrusion Detection System (IDS)

Answer 21

Detects both internal and external intruders. Can be configured Restrictively (nothing except the permitted) or Permissively (Everything except the blocked)

Question 22

Misuse Intrusion

Answer 22

Well defined attacks on known weak points in a system. Results in known behaviors that a sysem can watch for

Question 23

Anomaly intrusions

Answer 23

These are “pattern breaks” in which a particular attack is not known for causing the behavior, but something is out of the norm and therefore suspicious

Question 24

IDSs must…

Answer 24

Run continually without human supervision

Must be fault tolerant in cases of crash or power outage

Question 25

IDSs must…

Answer 25

Run continually without human supervision

Must be fault tolerant in cases of crash or power outage

Must resist and self monitor for subversion

Must impose minimal system overhead

Must observe deviations from normal behavior

Must be tailored to network in question

Must adapt to changes over time

Question 26

False positive

Answer 26

An IDS has identified something as a threat when it is not

Question 27

False negative

Answer 27

An IDS has missed warning signs that the system is malfunctioning or under attack

Question 28

Subversion error

Answer 28

The system has been modified to cover up the signs of intrusion. This could be a flat out modification or else feeding the system bad data over time to corrupt the baseline

Question 29

Intrusion Prevention System (IPS)

Answer 29

Does the same things an IDS does, but has the ability to take action based on what it sees, such as blocking traffic or resetting connections

Question 30

Virtual Private Network (VPN)

Answer 30

Allows for establishing a private connection without dedicated hardware as it can travel over the regular Internet.

Question 31

IPSec

Answer 31

Developed by IETF. Performs both authentication and encryption functions. Works by encapsulating a data packet into another packet and then encrypting that. Operates at the Network layer (3)

Question 32

Secure communication requires:

Answer 32

Sender authentication to prove it came from who it says it did

Message integrity, to ensure there are not alterations

Message confidentiality to ensure that only the recipient can read it

Question 33

Authentication header

Answer 33

Used by IPSec. Contains an integrity value check. May contain a message digest or similar. Sequence numbering prevent replay attacks. The header can be applied to the data in its entirety or only selectively. Can be used to help “tunnel” packets and provide directions that only get opened upon a certain point in the journey therefore disguising origin and destination.

Question 34

Encapsulating Security Protocol (ESP)

Answer 34

Sandwiches data between a new header and tail

Question 35

Security Association

Answer 35

A secure connection between two hosts in which both agree to follow security protocols for the duration of communication. Uses the following three fields:

IP destination address
Security protocol identifier (AH or ESP)
Security parameter index

SAs contain the keys being used to facilitate the communication and refer back to them for each specific SA

Question 36

Out of Band Communication

Answer 36

Communications in which a security key or similar is transferred separately from the message to ensure security

Question 37

Internet Security Association and Key Management Protocol (ISAKMP)

Answer 37

Manages the security association and pairs the SA with a key protocol

Question 38

Oakley Key Determination Protocol

Answer 38

uses a Diffie Hellman key protocol to allow for a key exchange across an insecure medium. Oakley allows for securing private keys with a shared key.

Question 39

Security Policy Database

Answer 39

Where the SAs are stored, along with their matching key protocols, to allow for processing and transfer of packet according to the rules within

Question 40

IPSec Key Management

Answer 40

Uses one of three possible types:

Manual key exchange, where systems are manually updated by a person with the actual key

Simple Key Interchange Protocol (SKIP), using Diffie-Hellman to generate shared keys

ISAKMP/Oakley. This is the one that is actually used under IPSec rules