Chapter 12: Telecommunications, Network, and Internet Security Flashcards
OSI Stack
a. Application
b. Presentation
c. Session
d. Transport
e. Network
f. Data link
g. Physical
Transmission Control Protocol (TCP)
Reliable service that sequences incoming packets
User Datagram Protocol (UDP)
Less reliable, does not do error checking, but is faster and easier to use than TCP
Internet Protocol
IP addresses
Address Resolution Protocol (ARP)
Matches IP to MAC addresses; RARP is the reverse process
Internet Control Message Protocol (ICMP)
Management protocol for a network; ping is an ICMP command
File Transfer Protocol (FTP)
Allows for data transfer between databases, etc
Telnet (Remote Login)
Allows for a user to use a Telnet program to access another computer. Fell out of favor due to por security controls, and now Secure Shell or SSH is used instead
Simple Mail Transfer Protocol (SMTP)
Host to host email protocol that allows for jumping across intermediaries during delivery
ISO Security Services
Authentication: enforcing identification
Access control: restricting access based on things other than identity
Data confidentiality: Protecting both the message and the sender, recipient, and path of the message
Data integrity: Protecting data from unauthorized changes
Nonrepudiation: being able to prove that a particular person did a particular thing
Logging and monitoring: observing behavior on a system both in real time or historically
OSI Implementation of Security Services
Encipherment: conversion away from plain text into ciphertext
Digital signature: Only allowing the sender and recipient to read the message via PPK
Access Control: restricting access based on things other than identity
Data integrity: Protecting data from unauthorized changes
Authentication: enforcing identification
Traffic padding: Running traffic in with other traffic to disguise what is important and what is not
Routing control: making sure the message gets where it is going even with network outages
Notarization: Ensuring that files have not been altered
Local Area Network (LAN)
Designed for geographically concise spaces, like an office building or a campus. A MAN could be as large as a city’s wireless network.
Wide Area Network (WAN)
Larger than a building, usually is a bunch of LANs connected together
Internet
A bunch of networks connected together in which each host decides how it will interact with that wider network.
Intranet
a TCP/IP network with restrictions to enforce certain protections; an example would be a company’s internal documents being hosted on an intranet that everyone in the company can access, but no one from the outside.
Extranet
A section of network that faces out to allow for vendor connections, for example.
Router
Network traffic manager in between LANs. Where NAT occurs when it is being used as a security measure
Packet filtering
Matches incoming packets to rules, and then blocks packets that are not compliant with those rules. Basic filtering requires rules for communications in both directions. Stateful packet inspection allows the device to create more complicated rules and ensure that traffic is complying with them (to allow one way communication, for example0
Firewalls
Intermediates requests more thoroughly, up to at the application level
Application level gateway (Bastion host)
Allows for stricter traffic direction than a router. a proxy service must be installed for applications going through, and that service then intermediates the data. Services are restricted and tightly permissioned to limit the spread of permissions and access through the network. Not transparent to user, and configuring takes know how and time, and processing speed slows down.
Blocks direct exchange o information between systems, but allows for information flow between them assuming permissions are configured to allow that.
Intrusion Detection System (IDS)
Detects both internal and external intruders. Can be configured Restrictively (nothing except the permitted) or Permissively (Everything except the blocked)
Misuse Intrusion
Well defined attacks on known weak points in a system. Results in known behaviors that a sysem can watch for
Anomaly intrusions
These are “pattern breaks” in which a particular attack is not known for causing the behavior, but something is out of the norm and therefore suspicious
IDSs must…
Run continually without human supervision
Must be fault tolerant in cases of crash or power outage
IDSs must…
Run continually without human supervision
Must be fault tolerant in cases of crash or power outage
Must resist and self monitor for subversion
Must impose minimal system overhead
Must observe deviations from normal behavior
Must be tailored to network in question
Must adapt to changes over time
False positive
An IDS has identified something as a threat when it is not
False negative
An IDS has missed warning signs that the system is malfunctioning or under attack
Subversion error
The system has been modified to cover up the signs of intrusion. This could be a flat out modification or else feeding the system bad data over time to corrupt the baseline
Intrusion Prevention System (IPS)
Does the same things an IDS does, but has the ability to take action based on what it sees, such as blocking traffic or resetting connections
Virtual Private Network (VPN)
Allows for establishing a private connection without dedicated hardware as it can travel over the regular Internet.
IPSec
Developed by IETF. Performs both authentication and encryption functions. Works by encapsulating a data packet into another packet and then encrypting that. Operates at the Network layer (3)
Secure communication requires:
Sender authentication to prove it came from who it says it did
Message integrity, to ensure there are not alterations
Message confidentiality to ensure that only the recipient can read it
Authentication header
Used by IPSec. Contains an integrity value check. May contain a message digest or similar. Sequence numbering prevent replay attacks. The header can be applied to the data in its entirety or only selectively. Can be used to help “tunnel” packets and provide directions that only get opened upon a certain point in the journey therefore disguising origin and destination.
Encapsulating Security Protocol (ESP)
Sandwiches data between a new header and tail
Security Association
A secure connection between two hosts in which both agree to follow security protocols for the duration of communication. Uses the following three fields:
IP destination address
Security protocol identifier (AH or ESP)
Security parameter index
SAs contain the keys being used to facilitate the communication and refer back to them for each specific SA
Out of Band Communication
Communications in which a security key or similar is transferred separately from the message to ensure security
Internet Security Association and Key Management Protocol (ISAKMP)
Manages the security association and pairs the SA with a key protocol
Oakley Key Determination Protocol
uses a Diffie Hellman key protocol to allow for a key exchange across an insecure medium. Oakley allows for securing private keys with a shared key.
Security Policy Database
Where the SAs are stored, along with their matching key protocols, to allow for processing and transfer of packet according to the rules within
IPSec Key Management
Uses one of three possible types:
Manual key exchange, where systems are manually updated by a person with the actual key
Simple Key Interchange Protocol (SKIP), using Diffie-Hellman to generate shared keys
ISAKMP/Oakley. This is the one that is actually used under IPSec rules
