Chapter 13 Flashcards
The first line of defense is something called_________ which broadly refers to ways to let people securely access your resources. p432
security filtering
Typically reside on routers to determine which devices are allowed to access them based on the requesting device’s Internet Protocol (IP) address. p432
Access Control Lists (ACL)
When configuring ACLs between the Internet and your private network to mitigate security problems, it’s a good idea to include these four conditions: p433
Deny any addresses from your internal networks.
Deny any local host addresses (127.0.0.0/8).
Deny any reserved private addresses.
Deny any addresses in the IP multicast address range (224.0.0.0/4)
The first is a concept which basically means encapsulating one protocol within another to ensure that a transmission is secure is called. p434
tunneling
The lion’s share of us use IP, known as a_________ which can be encapsulated within a _________like Internet Protocol Security (IPSec); if you took a look at these packets individually, you would see that they’re encrypted. p434
payload protocol
delivery protocol
What is a Virtual Private Network (VPN). p435
reason we use a VPN is so that our host will traverse an insecure network (Internet) and become local to the remote network.
What are the three types of VPNs p436
Remote access VPNs
Site-to-site VPNs
Extranet VPNs
This security protocol was developed by Netscape to work with its browser. p436
Secure Sockets Layer (SSL)
SSL was merged with other Transport layer security protocols to form a new protocol called p436
Transport Layer Security (TLS)
What is SSL VPN p437
is really the process of using SSL to create a Virtual Private Network (VPN). A VPN is a secured connection between two systems that would otherwise have to connect to each other through a non-secured network.
What is L2TP p437
Layer 2 Tunneling Protocol (L2TP), which was created by the Internet Engineering Task Force (IETF). It comes in handy for supporting non-TCP/ IP protocols in VPNs over the Internet.
What is Point to Point Tunneling Protocol (PPTP) p437-38
PPTP is a VPN protocol that runs over port 1723 and allows encryption to be done at the Application (data) level.
PPTP acts by combining an unsecured Point to Point Protocol (PPP) session with a secured session using the what? p438
Generic Routing Encapsulation (GRE) protocol
GRE tunnels have the following characteristics. p439
Uses a protocol-type field in the GRE header so any layer 3 protocol can be used through the tunnel
Stateless and has no flow control
Offers no security
Creates additional overhead for tunneled packets at least 24 bytes
What is IPSec p439
IP Security (IPSec) was designed by the IETF for providing authentication and encryption over the Internet. It works at the Network layer of the OSI model (Layer 3) and secures all applications that operate in the layers above it.
What are the two major protocols working in IPSec. p439
Authentication Header (AH) Encapsulating Security Payload (ESP)
The AH protocol within IPSec is compatible with networks running Network Address Translation (NAT). T/F p439
False
This protocol real value is it’s ability to provide a framework for safely transferring key and authentication data independent of the key generation technique encryption algorithm and authentication mechanism. p440
(ISAKMP) Internet Security Association and Key Management Protocol
Contains information required to execute security services such as header authentication and payload encapsulation. p440
(SA) Security Association
Encryption works by running the data through a special encryption formula called what?p441
Key
IBM came up with a most widely used standard called what? p442
Data Encryption Standard (DES)
This standard encrypts three times and it allows us to use one,two or three separate keys. p442
Triple Data Encryption Standard (3DES or TDES)
Three-key TDES has a key length of 168 bits (56 times 3) but due to a complex type of attack known as? p442
meet-in-the-middle
NIST stands for what? p442
National Institute of Standards and Technology (NIST)
Instead of going after the cipher directly they attempt to gather the information they want from the physical implementation of a security system. p443
Side channel attack
If the original sender doesn’t have a public key the message can still be sent with a digital certificate that’s often called a what? p443
Digital ID
Three scientists from MIT formed a commercial company in 1977 to develop asymmetric keys and nailed several US patent. what was the name of there encryption software. p444
Rivest Shamir and Adleman (RSA)
This is not a protocol but refers to the combination of hardware and software required to make a remote-access connection. p445
Remote Access Service (RAS)
Allows users to connect to a computer running Microsoft’s Remote Desktop Services but a remote computer must have the right kind of client software installed. p446
Remote desktop protocol (RDP)
After establishing a connection the user sees a ________that’s basically a preconfigured window that looks like window. p446
Terminal window
What is SSH? p447
Secure Shell is a network protocol that is designed as an alternative to command-based utilities such as Telnet that transmit requests and responses in clear text.
What is ICA? p447
Is a protocol designed by Citrix System to provide communication between servers and clients.
What is PPP (PTP)? p446
Is a Layer 2 protocol that provides authentication encryption and compression services to clients logging in remotely.
What is PPPoE? p446
Is an extension of PPP. Its purpose is to encapsulate PPP frames within Ethernet frames.
Service providers offering customers high-speed access using ________ or cable modems needed a way to offer the authentication and encryption services of PPP. p446
Asymmetric Digital Subscriber Line (ADSL)
