Chapter 12: Telecommunications, Network, and Internet Security Flashcards

1
Q

OSI Stack

A

a. Application
b. Presentation
c. Session
d. Transport
e. Network
f. Data link
g. Physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Transmission Control Protocol (TCP)

A

Reliable service that sequences incoming packets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

User Datagram Protocol (UDP)

A

Less reliable, does not do error checking, but is faster and easier to use than TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Internet Protocol

A

IP addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Address Resolution Protocol (ARP)

A

Matches IP to MAC addresses; RARP is the reverse process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Internet Control Message Protocol (ICMP)

A

Management protocol for a network; ping is an ICMP command

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

File Transfer Protocol (FTP)

A

Allows for data transfer between databases, etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Telnet (Remote Login)

A

Allows for a user to use a Telnet program to access another computer. Fell out of favor due to por security controls, and now Secure Shell or SSH is used instead

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Simple Mail Transfer Protocol (SMTP)

A

Host to host email protocol that allows for jumping across intermediaries during delivery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

ISO Security Services

A

Authentication: enforcing identification

Access control: restricting access based on things other than identity

Data confidentiality: Protecting both the message and the sender, recipient, and path of the message

Data integrity: Protecting data from unauthorized changes

Nonrepudiation: being able to prove that a particular person did a particular thing

Logging and monitoring: observing behavior on a system both in real time or historically

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

OSI Implementation of Security Services

A

Encipherment: conversion away from plain text into ciphertext

Digital signature: Only allowing the sender and recipient to read the message via PPK

Access Control: restricting access based on things other than identity

Data integrity: Protecting data from unauthorized changes

Authentication: enforcing identification

Traffic padding: Running traffic in with other traffic to disguise what is important and what is not

Routing control: making sure the message gets where it is going even with network outages

Notarization: Ensuring that files have not been altered

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Local Area Network (LAN)

A

Designed for geographically concise spaces, like an office building or a campus. A MAN could be as large as a city’s wireless network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Wide Area Network (WAN)

A

Larger than a building, usually is a bunch of LANs connected together

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Internet

A

A bunch of networks connected together in which each host decides how it will interact with that wider network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Intranet

A

a TCP/IP network with restrictions to enforce certain protections; an example would be a company’s internal documents being hosted on an intranet that everyone in the company can access, but no one from the outside.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Extranet

A

A section of network that faces out to allow for vendor connections, for example.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Router

A

Network traffic manager in between LANs. Where NAT occurs when it is being used as a security measure

18
Q

Packet filtering

A

Matches incoming packets to rules, and then blocks packets that are not compliant with those rules. Basic filtering requires rules for communications in both directions. Stateful packet inspection allows the device to create more complicated rules and ensure that traffic is complying with them (to allow one way communication, for example0

19
Q

Firewalls

A

Intermediates requests more thoroughly, up to at the application level

20
Q

Application level gateway (Bastion host)

A

Allows for stricter traffic direction than a router. a proxy service must be installed for applications going through, and that service then intermediates the data. Services are restricted and tightly permissioned to limit the spread of permissions and access through the network. Not transparent to user, and configuring takes know how and time, and processing speed slows down.

Blocks direct exchange o information between systems, but allows for information flow between them assuming permissions are configured to allow that.

21
Q

Intrusion Detection System (IDS)

A

Detects both internal and external intruders. Can be configured Restrictively (nothing except the permitted) or Permissively (Everything except the blocked)

22
Q

Misuse Intrusion

A

Well defined attacks on known weak points in a system. Results in known behaviors that a sysem can watch for

23
Q

Anomaly intrusions

A

These are “pattern breaks” in which a particular attack is not known for causing the behavior, but something is out of the norm and therefore suspicious

24
Q

IDSs must…

A

Run continually without human supervision

Must be fault tolerant in cases of crash or power outage

25
Q

IDSs must…

A

Run continually without human supervision

Must be fault tolerant in cases of crash or power outage

Must resist and self monitor for subversion

Must impose minimal system overhead

Must observe deviations from normal behavior

Must be tailored to network in question

Must adapt to changes over time

26
Q

False positive

A

An IDS has identified something as a threat when it is not

27
Q

False negative

A

An IDS has missed warning signs that the system is malfunctioning or under attack

28
Q

Subversion error

A

The system has been modified to cover up the signs of intrusion. This could be a flat out modification or else feeding the system bad data over time to corrupt the baseline

29
Q

Intrusion Prevention System (IPS)

A

Does the same things an IDS does, but has the ability to take action based on what it sees, such as blocking traffic or resetting connections

30
Q

Virtual Private Network (VPN)

A

Allows for establishing a private connection without dedicated hardware as it can travel over the regular Internet.

31
Q

IPSec

A

Developed by IETF. Performs both authentication and encryption functions. Works by encapsulating a data packet into another packet and then encrypting that. Operates at the Network layer (3)

32
Q

Secure communication requires:

A

Sender authentication to prove it came from who it says it did

Message integrity, to ensure there are not alterations

Message confidentiality to ensure that only the recipient can read it

33
Q

Authentication header

A

Used by IPSec. Contains an integrity value check. May contain a message digest or similar. Sequence numbering prevent replay attacks. The header can be applied to the data in its entirety or only selectively. Can be used to help “tunnel” packets and provide directions that only get opened upon a certain point in the journey therefore disguising origin and destination.

34
Q

Encapsulating Security Protocol (ESP)

A

Sandwiches data between a new header and tail

35
Q

Security Association

A

A secure connection between two hosts in which both agree to follow security protocols for the duration of communication. Uses the following three fields:

IP destination address
Security protocol identifier (AH or ESP)
Security parameter index

SAs contain the keys being used to facilitate the communication and refer back to them for each specific SA

36
Q

Out of Band Communication

A

Communications in which a security key or similar is transferred separately from the message to ensure security

37
Q

Internet Security Association and Key Management Protocol (ISAKMP)

A

Manages the security association and pairs the SA with a key protocol

38
Q

Oakley Key Determination Protocol

A

uses a Diffie Hellman key protocol to allow for a key exchange across an insecure medium. Oakley allows for securing private keys with a shared key.

39
Q

Security Policy Database

A

Where the SAs are stored, along with their matching key protocols, to allow for processing and transfer of packet according to the rules within

40
Q

IPSec Key Management

A

Uses one of three possible types:

Manual key exchange, where systems are manually updated by a person with the actual key

Simple Key Interchange Protocol (SKIP), using Diffie-Hellman to generate shared keys

ISAKMP/Oakley. This is the one that is actually used under IPSec rules