Chapter 13 - Supplement - Sheet1

Question 1

ACL

Answer 1

Access Control List. Reside on routers to determine which packets are allowed to route through based on requesting device’s source or destination IP address

Question 2

VPN

Answer 2

Virtual Private Network. Makes a local host part of a remote network by using an ecrypted connection over a WLAN link

Question 3

3 catagories of VPNs

Answer 3

Remote-access VPNS, site-to-site VPNs, Extranet VPNs

Question 4

Remote Access VPNs

Answer 4

Allow remote users to scecurly access corporate network wherever and wheenever they need to.

Question 5

Site to Site VPNs

Answer 5

AKA intranet VPNs. Allow a company to connect its remote sites to the corporate backbone securely over a public medium like the Internet.

Question 6

Extranet VPNs

Answer 6

Allow an org’s suppliers, partners, and customers to be connected to hte corporate network in a limited way for business-to-business

Question 7

SSL

Answer 7

Secure Sockets Layer. Protocol developed by netscape to encrypt data transmissions

Question 8

SSL VPN

Answer 8

A method used to establish a secure VPN connection

Question 9

PPTP

Answer 9

Method for establishing VPNs. Point-topoint tunneling protocol. Developed by Microsoft, Lucent Technologies, 3COM. Not found much anymore.

Question 10

IPSec

Answer 10

IP Security. Standard protocol for VPNs today.

Question 11

TWo protocols within IPSec

Answer 11

AH, ESP. Authentication header and Enxapsulating Security Payload

Question 12

Two modes of IPSec

Answer 12

Transport Mode, Tunneling Mode

Question 13

ISAKMP

Answer 13

Internet Security Association and Key Management Protocol. Framework for safely transferring key and authentication data

Question 14

Symmetrical Key Encryption

Answer 14

Sender and receiver have the same key and use it to encrypt and decrypt all meessages.

Question 15

DES

Answer 15

Data Encryption Standard. Uses symmetrical encryption keys. No longer secure.

Question 16

3DES

Answer 16

Triple Data Encryption Standard. Improvement on DES. Max encryption of just 168 bits of security (or 112 bits security, relatively speaking)

Question 17

AES

Answer 17

Advanced Encryption Standard. Official encryption standard i nthe US since 2002. Key lengths at 128, 192, or 256 bits.

Question 18

Public Key Encryption

Answer 18

Uses the Diffie-Hellman algorithm, which uses a public key to encrypt data and a private key to decrypt it. Sender gets receipient’s public key and encrypts data using it. Receiver decrypts using its private key.

Question 19

Two types of encryption

Answer 19

Public Key Encryption, Symmetrical Key Encryption

Question 20

Two examples of Public Key Encryption

Answer 20

RSA (Rivest, Shamir, and Aldeman) – The company formed by the MIT professors who created it. And PGP (Pretty Good Privacy)

Question 21

Six examples of methods to create remote-access connections

Answer 21

RAS, RDP, PPP, PPoE, ICA, SSH

Question 22

RAS

Answer 22

Remote Access Services. Refers to the combination of hardware and software required to make a remote-access connection. Used by Microsoft

Question 23

RDP

Answer 23

Remote Desktop Protocol. Used by Windows users, though other OSes can use it so long as they have an RDP client.

Question 24

PPP

Answer 24

Point-to-point Protocol. Layer 2 protocol that provides authentication, encryption, and compression services to clients logging in remotely. ISPs use this to authenticate clients accessing via modem

Question 25

PPPoE

Answer 25

Point-to-point protocol over ethernet. Extension of PPP. Encapsulates PPP frames within Ethernet frames.

Question 26

ICA

Answer 26

Independent Computing Architecture. Protocol used bb Citrix Systems to provided communication between servers and clients. Primarily used for Citrix’s WinFrame, which allows users to run Windows Applications on a WinFrame server from any OS.

Question 27

SSH

Answer 27

SecureShell. Secure alternative to Telnet.

Question 28

3 Ways a user can be identified via Single Sign On

Answer 28

Something they know (password), something they are (retinas, fingerprint, facial recognition), something they possess (Smart card)

Question 29

Common user authentication methods

Answer 29

PKI, Kerberos, AAA, NAC, CHAP, MS-CHAP, EAP

Question 30

PKI

Answer 30

Public Key Infrstructure. Method of user authentication. What we used on the web with a certificate authority (CA) and public / private keys to confirm someone’s identity

Question 31

Kerberos

Answer 31

Method of user authentication. Open source security system. Issues users tickets as they log in, which are used to access resources. Tickets expire but are renewed by the server. Dependent on all PCs in the system to have sync’d clocks.

Question 32

AAA

Answer 32

Authentication Authorization and Accounting. Conceptual models for managing network security through one cenral location. Also AAAA, which adds auditing

Question 33

Common implementations of AAA

Answer 33

RADIUS, TACACS+

Question 34

RADIUS and TACACS+

Answer 34

Implementations of AAA. Remote Authentication Dial In user Service. Terminal Access Controllers Access-Control System Plus. Authe nticatio nand accounting service used for verifying users over various types of network connections. ISPs use RADIUS server to store usernames and passwords of their clients. Handles authentication on behalf of wireless APs, RAS servers, or LAN switches.

Question 35

Differences between RADIUS and TACACS+

Answer 35

RADIUS combines user authentication and authorization into one profile. TACACS+ separates the two. TACACS+ utilizes TCP but RADIUS uses UDP (connectionless). TACACS is considered more stable and more secure.

Question 36

NAC

Answer 36

Network Access Control. Authentication method. Secures network hosts before they’re allowed to access the network.

Question 37

CHAP

Answer 37

Authentication Method. Challenge Handshake Authentication Protocol. Secure authentication protocol – Username and password never cross the wire. Both client/server are configurecd with a shared securet. Server challenges client with a random data to encrypt via one-way hash to prove it’s credentials.

Question 38

MS-CHAP

Answer 38

Microsoft Challenge handshake Authentication Protocol. Just like CHAP, but Microsoft encryptes the shared secret locally, while CHAP stores it locally in cleartext.

Question 39

EAP

Answer 39

Extensible Authentication Protocol. Authentication method. Extension of PPP. Provices additional authentication methods for remote-access clients, like smart cards, certificates, biometric schemes, voice recognition, etc.

Question 40

What two types of addresses can access control lists filter?

Answer 40

IP Addresses, MAC addresses

Question 41

Which encryption protocol works with both IPv4 and IPv6?

Answer 41

IPSec

Question 42

Which encryption protocol or standard allows you to create a private network on an
intranet?

Answer 42

SSL VPN

Question 43

Which user-authentication method uses a public key and private key pair?

Answer 43

PKI

Question 44

In an authentication system that uses private and public keys, who should have access
to the private key?

Answer 44

Only the owner of the key

Question 45

Which authentication method relies on tickets to grant access to resources?

Answer 45

Kerberos

Question 46

In computer security, what does AAA stand for?

Answer 46

Authentication, Authorization, and Accounting

Question 47

Which network access security method is commonly used in wireless networks?

Answer 47

802.1x

Question 48

Which user-authentication method is available only in an all-Windows environment?

Answer 48

MS-CHAP

Question 49

Which user-authentication method utilizes the TCP protocol?

Answer 49

TACACS+