Chapter 15: Secure Communications Channels Flashcards
PSTN
public switched telephone network
public switched telephone network
uses circuit switching instead of packet routing to connect calls
SS7
Signaling System 7
Signaling System 7 protocol
used for establishing and terminating calls in the PSTN
main components of a PSTN network
signal switching points (SSPs) terminate subscriber loops, signal transfer points (STPs) which interconnect SSPs and other STPs to route calls through the network, and service control points (SCPs) to control advanced features
SSP
signal switching points
STPs
signal transfer points
SCPs
service control points
DSL
digital subscriber line
digital subscriber line
high-speed communications technology which simultaneously transmits analog voice and digital data between a home or business and a PSTN service provider’s central office
ADSL
Asymmetric DSL
Asymmetric DSL
can only support distances of a mile from the central office without signal boosters; data rates of up to 24 Mbps downstream and 1.4 Mbps upstream
VDSL
Very high-data-rate DSL
Very high-data-rate DSL
higher-speed version of ADSL (up to 300 Mbps upstream and 100 Mbps upstream)
G.fast
DSL running over fiber-optic cable from the central office to a distribution point near the home and uses legacy copper wires for the last few hundred feet to the home or office; can deliver data rates of up to 1 Gbps
ISDN
Integrated Services Digital Network
Integrated Services Digital Network
obsolescent pure digital technology using legacy phone lines for both voice and data
BRI
Basic Rate Interface
BRI ISDN
supports a single user with two channels each with data throughput of 64 Kbps
PRI
Primary Rate Interface
PRI ISDN
23 usable channels, 64 Kbps each, equivalent to a T1 leased line
Cable modems
high-speed access to the Internet through existing cable coaxial and fiber lines; the shared nature of these media result in inconsistent throughputs
IP
Internet Protocol
IP telephony
describes carrying telephone traffic over IP networks
Voice over IP aka
IP telephony
Jitter
irregularity in arrival times of consecutive packets; problematic for interactive voice and video communications
H.323 recommendation
standard for audio and video calls over packet-based networks
SIP
Session Initiation Protocol
Session Initiation Protocol
application layer protocol used for call setup and teardown in IP telephony, video and multimedia conferencing, instant messaging, and online gaming
RTP
Real-time Transport Protocol
Real-time Transport Protocol
session layer protocol which carries data in media stream format (audio and video); used in VoIP, telephony, video conferencing, and other multimedia streaming technologies
RTCP
RTP Control Protocol
RTP Control Protocol
used with RTP and also a session layer protocol; provides out-of-band statistics and control information for feedback on QoS levels of individual streaming multimedia sessions
multimedia collaboration
remotely and simultaneously sharing any combination of voice, video, messages, telemetry, and files in an interactive session
Telepresence
application of technologies to allow people to be virtually present somewhere other than where they physically are
UC
Unified communications
unified communications
integration of real-time and non-real-time communications technologies in one platform
always-on VPN
system configuration which automatically connects the device to the VPN with no user interaction
VPN kill switch
system configuration which automatically cuts off Internet access unless a VPN session is established
VPN split tunnel
configuration which routes certain traffic through VPN while allowing other traffic to access the Internet directly
PAP
Password Authentication Protocol
Password Authentication Protocol
obsolete and insecure authentication protocol which sends user credentials in plaintext and should not be allowed
CHAP
Challenge Handshake Authentication Protocol
Challenge Handshake Authentication Protocol
challenge/response mechanism using password as an encryption key to authenticate the user instead of having the user send a password over the wire
EAP
Extensible Authentication Protocol
Extensible Authentication Protocol
framework which enables many types of authentication techniques to be used when establishing network connections
Desktop virtualization technologies
remote desktops and virtual desktops; allow users to remotely interact with computers as if they were physically using them
Two common remote desktops
Microsoft’s Remote Desktop Protocol (RDP; open-source Virtual Network Computing (VNC) system
VDI
Virtual desktop infrastructure
virtual desktop infrastructure
tech which hosts multiple virtual desktops centrally and makes them available to authorized users
SSH
Secure Shell
Secure Shell
secure tunneling mechanism which provides terminal-like access to remote computers
network socket
endpoint for a data communications channel, defined by five parameters: source address, source port, destination address, destination port, and protocol (TCP or UDP)
Remote procedure calls
a program in your network can execute a function or procedure on some other host
Type of networks where SS7 protocol is used
PSTN; Public switched telephone network to set up, control, and disconnect calls
SIP
Session Initiated Protocol
Session Initiated Protocol
application layer protocol used in online gaming communications, instant messaging, multimedia conferencing
consumer-grade products
lack security controls and management features to properly secure multimedia collaboration platforms
unified communication rely on …
a central hub which integrates, coordinates, and synchronizes various technologies; ensure the hub is adequately protected against physical and logical threats
best authentication protocol for VPN connections
EAP (Extensible Authentication Protocol) is more secure than both PAP (insecure) and CHAP. SIP does not provide authentication mechanisms
VPN configurations to enable
Split tunneling for staff using printers on their home networks; some traffic will go to the local network or to the Internet directly
Best protection for confidentiality of sensitive research data
VDI (Virtual desktop infrastructure); sensitive data remains in protected network while users work with it over a virtual desktop; prevents data from being stored on the remote user’s computer
Secure remote procedure calls (RPC) with …
Tunnel RPC through Transport Layer Security (TLS); RPC lacks security controls and TLS will authenticate hosts and encrypt RPC traffic
Advantages of virtual desktops
helpful in regulated environments for data retention, configuration management, and incident response through persistent and nonpersistent sessions
Disadvantage of virtual desktop
VDI relies on VMs in a data center; there is not a computer which a user could physically log in