Chapter 13

Question 1

The first line of defense is something called_________ which broadly refers to ways to let people securely access your resources. p432

Answer 1

security filtering

Question 2

Typically reside on routers to determine which devices are allowed to access them based on the requesting device’s Internet Protocol (IP) address. p432

Answer 2

Access Control Lists (ACL)

Question 3

When configuring ACLs between the Internet and your private network to mitigate security problems, it’s a good idea to include these four conditions: p433

Answer 3

Deny any addresses from your internal networks.
Deny any local host addresses (127.0.0.0/8).
Deny any reserved private addresses.
Deny any addresses in the IP multicast address range (224.0.0.0/4)

Question 4

The first is a concept which basically means encapsulating one protocol within another to ensure that a transmission is secure is called. p434

Answer 4

tunneling

Question 5

The lion’s share of us use IP, known as a_________ which can be encapsulated within a _________like Internet Protocol Security (IPSec); if you took a look at these packets individually, you would see that they’re encrypted. p434

Answer 5

payload protocol

delivery protocol

Question 6

What is a Virtual Private Network (VPN). p435

Answer 6

reason we use a VPN is so that our host will traverse an insecure network (Internet) and become local to the remote network.

Question 7

What are the three types of VPNs p436

Answer 7

Remote access VPNs
Site-to-site VPNs
Extranet VPNs

Question 8

This security protocol was developed by Netscape to work with its browser. p436

Answer 8

Secure Sockets Layer (SSL)

Question 9

SSL was merged with other Transport layer security protocols to form a new protocol called p436

Answer 9

Transport Layer Security (TLS)

Question 10

What is SSL VPN p437

Answer 10

is really the process of using SSL to create a Virtual Private Network (VPN). A VPN is a secured connection between two systems that would otherwise have to connect to each other through a non-secured network.

Question 11

What is L2TP p437

Answer 11

Layer 2 Tunneling Protocol (L2TP), which was created by the Internet Engineering Task Force (IETF). It comes in handy for supporting non-TCP/ IP protocols in VPNs over the Internet.

Question 12

What is Point to Point Tunneling Protocol (PPTP) p437-38

Answer 12

PPTP is a VPN protocol that runs over port 1723 and allows encryption to be done at the Application (data) level.

Question 13

PPTP acts by combining an unsecured Point to Point Protocol (PPP) session with a secured session using the what? p438

Answer 13

Generic Routing Encapsulation (GRE) protocol

Question 14

GRE tunnels have the following characteristics. p439

Answer 14

Uses a protocol-type field in the GRE header so any layer 3 protocol can be used through the tunnel
Stateless and has no flow control
Offers no security
Creates additional overhead for tunneled packets at least 24 bytes

Question 15

What is IPSec p439

Answer 15

IP Security (IPSec) was designed by the IETF for providing authentication and encryption over the Internet. It works at the Network layer of the OSI model (Layer 3) and secures all applications that operate in the layers above it.

Question 16

What are the two major protocols working in IPSec. p439

Answer 16

Authentication Header (AH)
Encapsulating Security Payload (ESP)

Question 17

The AH protocol within IPSec is compatible with networks running Network Address Translation (NAT). T/F p439

Answer 17

False

Question 18

This protocol real value is it’s ability to provide a framework for safely transferring key and authentication data independent of the key generation technique encryption algorithm and authentication mechanism. p440

Answer 18

(ISAKMP) Internet Security Association and Key Management Protocol

Question 19

Contains information required to execute security services such as header authentication and payload encapsulation. p440

Answer 19

(SA) Security Association

Question 20

Encryption works by running the data through a special encryption formula called what?p441

Answer 20

Key

Question 21

IBM came up with a most widely used standard called what? p442

Answer 21

Data Encryption Standard (DES)

Question 22

This standard encrypts three times and it allows us to use one,two or three separate keys. p442

Answer 22

Triple Data Encryption Standard (3DES or TDES)

Question 23

Three-key TDES has a key length of 168 bits (56 times 3) but due to a complex type of attack known as? p442

Answer 23

meet-in-the-middle

Question 24

NIST stands for what? p442

Answer 24

National Institute of Standards and Technology (NIST)

Question 25

Instead of going after the cipher directly they attempt to gather the information they want from the physical implementation of a security system. p443

Answer 25

Side channel attack

Question 26

If the original sender doesn’t have a public key the message can still be sent with a digital certificate that’s often called a what? p443

Answer 26

Digital ID

Question 27

Three scientists from MIT formed a commercial company in 1977 to develop asymmetric keys and nailed several US patent. what was the name of there encryption software. p444

Answer 27

Rivest Shamir and Adleman (RSA)

Question 28

This is not a protocol but refers to the combination of hardware and software required to make a remote-access connection. p445

Answer 28

Remote Access Service (RAS)

Question 29

Allows users to connect to a computer running Microsoft’s Remote Desktop Services but a remote computer must have the right kind of client software installed. p446

Answer 29

Remote desktop protocol (RDP)

Question 30

After establishing a connection the user sees a ________that’s basically a preconfigured window that looks like window. p446

Answer 30

Terminal window

Question 31

What is SSH? p447

Answer 31

Secure Shell is a network protocol that is designed as an alternative to command-based utilities such as Telnet that transmit requests and responses in clear text.

Question 32

What is ICA? p447

Answer 32

Is a protocol designed by Citrix System to provide communication between servers and clients.

Question 33

What is PPP (PTP)? p446

Answer 33

Is a Layer 2 protocol that provides authentication encryption and compression services to clients logging in remotely.

Question 34

What is PPPoE? p446

Answer 34

Is an extension of PPP. Its purpose is to encapsulate PPP frames within Ethernet frames.

Question 35

Service providers offering customers high-speed access using ________ or cable modems needed a way to offer the authentication and encryption services of PPP. p446

Answer 35

Asymmetric Digital Subscriber Line (ADSL)