chapter 4 Flashcards

Question

NFC

Answer 1

Near field communication (NFC) is a group of standards used on mobile devices that allow them to communicate with other mobile devices when they are close to them. For example, you can share pictures, contacts, and other data with friends. One person shares the data, and after placing the smartphones close to each other, the other person selects it to download. Many point-of-sale card readers support NFC technologies with credit cards. Instead of swiping your card or inserting it to read the chip data, you wave your card over the reader. It is often advertised as a contactless payment method. Some smartphone applications support payments with NFC-enabled smartphones. Users wave their smartphones over the reader to make a payment.

Answer 2

The NFC reader uses an antenna to boost its range and intercepts the data transfer between two other devices. For example, imagine Marge is making a purchase at a store, and Bart is behind her with his own NFC reader. If Bart can boost the receiving range of his NFC reader, he can capture Marge’s transaction. The primary indication of an NFC attack is unauthorized charges on a credit card statement.

Answer 3

Radio-frequency identification (RFID) systems include an RFID reader and RFID tags placed on objects. They are used to track and manage inventory, and any type of valuable assets, including objects and animals. Active RFID tags include their own power source, while passive RFID tags include electronics that allow them to collect and use power to transmit data stored on the device.

Answer 4

Because RFID transmits data over the air, an attacker can collect it by listening. A key requirement is to know the RFID system’s frequency and have a receiver tuned to that frequency. The attacker also needs to know the protocols used by the RFID system to interpret the data.

Answer 5

Successful eavesdropping attacks allow the attacker to perform a cloning attack. For example, an attacker can configure a bogus tag to mimic the tag attached to a valuable object. The attacker can then steal the valuable object without the theft being easily detected.

Answer 6

PAN Bluetooth is a short-range wireless system used in personal area networks (PANs) and within networks. A PAN is a network of devices close to a single person. Bluetooth devices include smartphones, headsets, and computer devices. The Bluetooth range was designed initially for about 10 meters (about 30 feet),

Answer 7

Personal area network.Bluetooth is a short-range wireless system used in personal area networks (PANs) and within networks. A PAN is a network of devices close to a single person. Bluetooth devices include smartphones, headsets, and computer devices. The Bluetooth range was designed initially for about 10 meters (about 30 feet),

Answer 8

is the practice of sending unsolicited messages to nearby Bluetooth devices. Bluejacking messages are typically text but can also be images or sounds. Bluejacking is relatively harmless but does cause some confusion when users start receiving messages.

Answer 9

Bluesnarfing refers to the unauthorized access to, or theft of information from, a Bluetooth device. A bluesnarfing attack can access information, such as email, contact lists, calendars, and text messages.xszzsq100

Answer 10

is like bluesnarfing, but it goes a step further. In addition to gaining full access to the phone, the attacker installs a backdoor. The attacker can have the phone call the attacker at any time, allowing the attacker to listen in on conversations within a room. Attackers can also listen in on phone conversations, enable call forwarding, send messages, and more.

Answer 11

In a replay attack, an attacker captures data sent between two entities, modifies it, and then attempts to impersonate one of the parties by replaying the data. However, WPA2 and WPA3 are resistant to replay attacks. The best protection is to eliminate the use of deprecated wireless cryptographic protocols.

Answer 12

is the practice of looking for vulnerable wireless networks. Although war driving is more common in cars, you can just as easily do it by walking around in a large city. Attackers use war driving to discover wireless networks that they can exploit and often use directional antennas to detect wireless networks with weak signals. War flying is similar to war driving, but it uses planes or drones instead of cars.

Answer 13

A virtual private network (VPN) is often used for remote access. Remote access VPNs allow users to access private networks via a public network.

Answer 14

which is a dedicated device used for VPNs. A VPN concentrator includes all the services needed to create a VPN, including strong encryption and authentication techniques, and it supports many clients.

Answer 15

VPN concentrators are dedicated devices used for VPNs. They include all the services needed to create a secure VPN supporting many clients.

Answer 16

A VPN server needs to authenticate clients, and a common method is to use an internal Remote Authentication Dial-in User Service (RADIUS) server.

Answer 17

IPsec supports both Tunnel mode and Transport mode. Tunnel mode encrypts the entire IP packet, including both the payload and the packet headers, and VPNs commonly use Tunnel mode. Packet headers include IP addresses and MAC addresses. A benefit of using Tunnel mode is that the IP addressing used within the internal network is encrypted and not visible to anyone who intercepts the traffic. If attackers do intercept the traffic, they can see the source IP address from the client and the destination address to the VPN server, but the internal IP address information remains hidden. Transport mode only encrypts the payload and is commonly used in private networks, but not with VPNs. If traffic is transmitted and used only within a private network, there isn’t any need to hide the IP addresses by encrypting them. IPsec provides security in two ways:

Answer 18

IPsec includes an Authentication Header (AH) to allow each of the IPsec conversation hosts to authenticate with each other before exchanging data. AH provides authentication and integrity. AH uses IP protocol number 51.

Answer 19

IPsec includes Encapsulating Security Payload (ESP) to encrypt the data and provide confidentiality, authentication, and integrity. ESP uses IP protocol number 50.

Answer 20

Encryption. IPsec includes Encapsulating Security Payload (ESP) to encrypt the data and provide confidentiality, authentication, and integrity. ESP uses IP protocol number 50.

Answer 21

Some tunneling protocols use Transport Layer Security (TLS) to secure the VPN channel. As an example, Secure Socket Tunneling Protocol (SSTP) encrypts VPN traffic using TLS over port 443. Using port 443 provides a lot of flexibility for many administrators and rarely requires opening additional firewall ports.

Answer 22

In a split tunnel, a VPN administrator determines what traffic should use the encrypted tunnel. For example, it’s possible to configure the tunnel to encrypt only the traffic going to private IP addresses used within the private network. If Lisa did an Internet search with the VPN server configured in a split tunnel configuration, her Internet search traffic would not go through the encrypted tunnel. Instead, her search would go directly to Internet sites via her ISP. In a full tunnel, all traffic goes through the encrypted tunnel while the user is connected to the VPN. If Lisa was connected to the VPN and then tried to connect to a public website, the traffic would first go through the encrypted tunnel and then out to the public website from within the private network. If the private network routed Internet traffic through a unified threat management (UTM) device, Lisa’s traffic would go through the organization’s UTM device. The website would send webpages back to the UTM device, and the VPN server would encrypt it and send it back to Lisa via the encrypted tunnel.

Answer 23

IPsec is a secure encryption protocol used with VPNs. Encapsulating Security Payload (ESP) provides confidentiality, integrity, and authentication for VPN traffic. IPsec uses Tunnel mode for VPN traffic and can be identified with protocol ID 50 for ESP. It uses IKE over port 500. A full tunnel encrypts all traffic after a user has connected to a VPN. A split tunnel only encrypts traffic destined for the VPN’s private network.

Answer 24

Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol that is also used for VPNs. The most recent version is L2TPv3. However, none of the L2TP versions provide any encryption, so it is not used by itself for VPN traffic. Instead, data is encrypted with another protocol, such as IPsec, and then passed to L2TP for transport over the VPN.

Answer 25

Some network devices include the ability to configure an HTML5 VPN portal. An HTML5 VPN allows users to connect to the VPN using their web browser, making it rather simple for the users. It uses TLS to encrypt the session, but it can be very resource intensive. In general, organizations use it to give one or two users access to limited resources. As an example, if a consultant managed a Voice over IP (VoIP) private branch exchange (PBX), an organization could use an HTML5 VPN to give this consultant access to the PBX. However, the other employees would use a traditional VPN for remote access.

Answer 26

Network Access Control Allowing remote access to your private network can expose your network to many risks from the clients. If a user logs on to a VPN with a malware-infected computer, this computer can then infect other computers on the internal network. Network access control (NAC) methods provide continuous security monitoring by inspecting computers and preventing them from accessing the network if they don’t pass the inspection. Most administrators have complete control over computers in their network. For example, they can ensure desktop computers have up-to-date antivirus software installed, operating systems have current patches applied, and their firewalls are enabled. However, administrators don’t have complete control of computers that employees use at home or on the road. NAC provides a measure of control for these other computers. It ensures that clients meet predetermined characteristics before accessing a network. NAC systems often use health as a metaphor, indicating that a client meets these predetermined characteristics. Just as doctors can quarantine patients with certain illnesses, NAC can quarantine or isolate unhealthy clients that don’t meet the predefined NAC conditions.

Answer 27

Administrators set predefined conditions for healthy clients, and those that meet these preset conditions can access the network. The NAC system isolates computers that don’t meet the conditions. Common health conditions checked by a NAC are: The client’s firewall is enabled. The client’s operating system is up to date and has all current patches and fixes. The client’s antivirus software is up to date and has all updated signature definitions. NAC systems use authentication agents (sometimes called health agents) to inspect NAC clients. These agents are applications or services that check different computer conditions and document the status in a statement of health. When a client connects to a NAC-controlled network, the agent reports the NAC client’s health status.

Answer 28

Agents on clients can be either permanent or dissolvable. A permanent agent (sometimes called a persistent NAC agent) is installed on the client and stays on the client. NAC uses the agent when the client attempts to log on remotely. A dissolvable agent is downloaded and runs on the client when the client logs on remotely. It collects the information it needs, identifies the client as healthy or not healthy, and reports the status back to the NAC system. Some dissolvable NAC agents remove themselves immediately after they report back to the NAC system. Others remove themselves after the remote session ends. Many NAC vendors refer to dissolvable agents as an agentless capability, An agentless NAC system scans a client remotely without installing code on the client, either permanently or temporarily. This is similar to how vulnerability scanners scan network systems looking for vulnerabilities.

Answer 29

Password Authentication Protocol (PAP) is used with Point-to-Point Protocol (PPP) to authenticate clients. A significant weakness of PAP is that it sends passwords over a network in cleartext, representing a considerable security risk. PPP was primarily used with dial-up connections. Believe it or not, there was a time when the thought of someone wiretapping a phone was rather remote. Because of this, security was an afterthought with PPP. Today, PPP is only used as a last resort due to passwords being passed in cleartext or used with another protocol that provides encryption.

Answer 30

CHAP Challenge Handshake Authentication Protocol (CHAP) also uses PPP and authenticates remote users, but it is more secure than PAP. The goal of CHAP is to allow the client to pass credentials over a public network (such as a phone or the Internet) without allowing attackers to intercept the data and later use it in an attack. The client and server both know a shared secret (like a password) used in the authentication process. However, the client doesn’t send the shared secret over the network in plaintext as PAP does. Instead, the client hashes it after combining it with a nonce (number used once) provided by the server. This handshake process is used when the client initially tries to connect to the server and at different times during the connection.

Answer 31

Remote Authentication Dial-In User Service (RADIUS) is a centralized authentication service. Instead of each individual VPN server needing a separate database to identify who can authenticate, the VPN servers forward the authentication requests to a central RADIUS server. RADIUS can also be used as an 802.1X server with WPA2 or WPA3 Enterprise mode (described earlier in this chapter). RADIUS uses the User Datagram Protocol (UDP), which provides a best-effort delivery mechanism.

Answer 32

Terminal Access Controller Access-Control System Plus (TACACS+) is an alternative to RADIUS, and it provides two essential security benefits over RADIUS. First, it encrypts the entire authentication process, whereas RADIUS encrypts only the password by default. Second, TACACS+ uses multiple challenges and responses between the client and the server. Remember This! RADIUS and TACACS+ provide centralized authentication. RADIUS only encrypts the password by default but can be used with EAP to encrypt entire sessions. TACACS+ encrypts the entire session by default and can be used with Kerberos.

Answer 33

AAA protocols provide authentication, authorization, and accounting. Authentication verifies a user’s identification, and authorization determines if and to what resources a user should have access. Accounting tracks user access with logs. As an example, RADIUS, TACACS+, and Diameter are considered AAA protocols because they provide all three services of authentication, authorization, and accounting. They authenticate users who attempt remote access, determine if and to what resources the user is authorized for remote access by checking a database, and then record the user’s activity. TACACS+ uses multiple challenges and responses during a session. Kerberos is sometimes referred to as an AAA protocol, but it does not provide any accounting services on its own, although it can interface with accounting systems.