Chapter 4: Secure Communications and Network Attacks

Question 1

What are secure communication protocols?

Answer 1

Protocols that provide security services for application-specific communications channels.

Question 2

List example secure communication protocols.

Answer 2

SKIP, swIPe, S-RPC, SSL, TLS, SET

Question 3

What is SKIP?

Answer 3

Simple Key management for Internet Protocol. Designed to integrate with IPSec. Functions at layer 3. Can encrypt any subprotocol of TCP/IP. Replaced by IKE in 1998.

Question 4

What is swIPe?

Answer 4

Software IP Encryption. Layer 3 protocol for IP. Provides authentication, integrity, and confidentiality using an encapsulation protocol.

Question 5

What is S-RPC?

Answer 5

Secure Remote Procedure Call. An authentication service used to prevent unauthorized execution of code on remote systems.

Question 6

What is SSL?

Answer 6

Secure Sockets Layer. Developed by Netscape to protect communications between web server and client. Session oriented. Deployed using 40 or 128 bit keys. Superceded by TLS.

Question 7

What is TLS?

Answer 7

Transport Layer Security. Similar to SSL, but stronger.

Question 8

What are the features of SSL and TLS?

Answer 8

Permits secure communications over an insecure network
Supports one way authentication
Supports two way authentication using digital certificates
Often implemented as the initial payload of a TCP pacakge, allowing it to encapsulate all higher level protocols.
Can be implemented at lower levels (3) to operate as a VPN. This is called OpenVPN.

Question 9

What is SET?

Answer 9

Secure Electronic Transaction. Based on RSA and DES. Security protocol for transmission of transaction data over the internet. Not widely accepted. SSL/TLS sessions are preferred for secure e-commerce.

Question 10

What is CHAP?

Answer 10

An authentication protocol. Challenge Handshake Authentication Protocol. Encrypts username/passwords in a dialog that can’t be replayed. Periodically reauthenticates transparently to the user.

Question 11

What is a VPN?

Answer 11

A virtual private network. A communications tunnel that provides point-to-point transmission of both authentication and data traffic over an intermediary untrusted network.

Question 12

What problems exist with tunneling?

Answer 12

It’s generally inefficient because the tunnelling protocol has its own error detection, handling, acknowledgement, and session management.

It can create larger or additional packets on the network that use additional network bandwidth.

It is point-to-point and doesn’t handle broadcast traffic.

Tunnelling makes it difficult to impossible to monitor network traffic.

Question 13

List 4 VPN protocols

Answer 13

PPTP, L2F, L2TP, IPSec.

Question 14

What is a VLAN used for?

Answer 14

Hardware imposed network segmentation. Used to logically segment a network without changing its physical topology

Question 15

What are the traffic management functions of a VLAN?

Answer 15

Control and restrict broadcast traffic / block broadcasts between subnets and VLANs

Isolate traffic between entwork segments

Reduce a network’s vulnerability to sniffers

Protect against broadcast storms

Question 16

What forms of remote access are typical for telecommuting?

Answer 16

Using a modem to dial up directly to a remote access server
Connecting to a network over the internet through a VPN.
Connecting to a terminal server through a thin-client connection

Question 17

List the security considerations in granting remote access capabilities.

Answer 17

1) Remote access users should be stringently authenticated before being granted access
2) Only users who specifically need remote access for their assigned work tasks should be granted permission to use it
3) All remote communications should be protected from interception and eavesdropping, generally through encryption

Question 18

What are the security concerns if secure communications channels are not established for remote access?

Answer 18

1) Anyone with a remote connection can atempt to breach the security of the organization, bypassing physical security controls
2) Telecommuters might use insecure or less secure systems to connect
3) Remote systems might be exposed to malicious code and might bring malware into the internal LAN
4) Remote systems might be less physically secure and be used by unauthorized entities
5) Remote systems might be more difficult to troubleshoot
6) Remote systems might be harder to upgrade or patch due to infrequent/slow connections

Question 19

What is VoiP?

Answer 19

Voice over internet protocol.

Question 20

What are the problems of VoiP?

Answer 20

1) Caller ID is easy to falsify
2) Call manager/VoiP systems have their own vulnerabilities
3) Man-in-the-middle attacks can be performed
4) Deploying VoiP on the same network as traditional clients can make 802.1X attacks possible, as well as VLAN and VoIP hopping.

Question 21

What should the organization policy be with regard to modems?

Answer 21

No unauthorized modems can be allowed on any system connected to the private network.

Question 22

What is RADIUS?

Answer 22

Remote Authentication Dial In User Service,, used to centralize authentication of rmote dial-up connections.

Question 23

What is TACACS?

Answer 23

An alternative to RADIUS. Integrates authentication and identification processes. Get more from p165.

Question 24

What is NAT?

Answer 24

Network address translation.

Question 25

What are the benefits of NAT?

Answer 25

1) Connect an entire network using only one or a few public IPs
2) Can use private IPs on the internal network
3) Hides the IP addressing scheme and network topology from the Internet
4) Restricts connections so that only traffic stemming from internally originating connections are allowed back into the network, automatically repelling most attacks.

Question 26

Describe Automatic Private IP Addressing

Answer 26

A method of assigning an IP address when DHCP fails. Primarily a Windows feature. Uses the Class B 169.254.X.X. Allows systems to communicate across the same broadcast domain, but not with any systems that have correctly configured IPs.

Question 27

What is Circuit Switching?

Answer 27

A dedicated physical pathway is created between two communicating parties. Originally used for telephone calls.

Question 28

What is Packet Switching?

Answer 28

Data is broken up into packets which are individually addressed and sent across intermediate networks.

Question 29

Describe a DS-0 line

Answer 29

A dedicated line with a speed of 64 Kbps to 1.544 Mbps. A partial T1.

Question 30

Describe a DS-1 line.

Answer 30

A dedicated line with a speed of 1.544 Mbps. A T1.

Question 31

Describe a DS-3 line.

Answer 31

A dedicated line with a speed of 44.736 Mbps. A T3.

Question 32

Describe a European digital transmission format 1 line.

Answer 32

Aka E1. 2.108 Mbps.

Question 33

Describe a European digital transmission format 3 line.

Answer 33

AKA E3. 34.368 Mbps.

Question 34

Describe cable modem or cable router speeds.

Answer 34

Typically 10Mbps+

Question 35

What is Committed Information Rate (CIR)?

Answer 35

A concept in frame relay connections, this is the guaranteed minimum bandwidth a service provider grants to their customers.

Question 36

Describe the types of technology that “virtual desktop” can refer to

Answer 36

1) A remote access tool that grants the user access to a distant computer by remote viewing/control of the KVM.
2) An extension of the virtual application concept encapsulating multiple applications into a virtual desktop
3) An extended or expanded desktop larger than the display being used

Question 37

What are the characteristics of security controls?

Answer 37

Transparency - ensuring that the control is unseen by users

Retransmission controls - determine whether all or part of a message is retransmitted if lost

Question 38

What is an open relay?

Answer 38

An open relay is a mail relay agent that doesn’t authenticate users before accepting and relaying mail. Open relays are prime targets for spammers.

Question 39

Add more on email security?

Answer 39

p181

Question 40

What are the objectives of email security?

Answer 40

1. Provide for non-repudiation
2. Restrict access to messages to their intended recipients (privacy)
3. Maintain the integrity of messages
4. Authenticate and verify the source of messages
5. Verify the delivery of messages
6. Classify sensitive content within or attached to messages

Question 41

Why is interception and eavesdropping on email messages easy?

Answer 41

By default, they aren’t encrypted.

Question 42

What is the number one transmission vector for malicious code?

Answer 42

Email.

Question 43

What is mail bombing?

Answer 43

A DOS effected by sending lots of email to a user or site.

Question 44

List the email security solutions

Answer 44

S/MIME
MIME Object Security Services (MOSS)
Privacy Enhanced Mail (PEM)
Pretty Good Privacy (PGP)

Question 45

More on email security solutions?

Answer 45

p184

Question 46

Guidelines for social engineering protection?

Answer 46

1. Err on the side of caution whenever voice comms seem odd, out of place, or unexpected
2. Always request proof of identity
3. Require callback authorizations on all voice-only requests for network alterations or activities
4. Classify information (usernames, passwords, IP addresses, etc) and clearly indicate which can be discussed or confirmed using voice.
5. In priv info is requested over the phone by someone who should know it can’t be given over the phone, ask why it’s needed and reverify identity, then report it to the security administrator
6. Never give out or change passwords via voice only comms
7. When disposing of office docs, use secure disposal or destruction.

Question 47

Key points for PBX design

Answer 47

p 188

Question 48

What is a black box?

Answer 48

A phreaking device used to manipulate line voltages to steal long distance services.

Question 49

What is a red box?

Answer 49

A phreaking device used to simulate tones of coins being deposited into a pay phone. Usually just a tape recorder.

Question 50

What is a blue box?

Answer 50

A phreaking device that simulates a 2600 Hz tone to interact with telephone network trunk systems. Whistle, tape recorder, digital tone generator.

Question 51

What is a white box?

Answer 51

A phreaking device used to control the phone system. Dual tone multifrequency generator (keypad). Telephone repair personnel have these.

Question 52

What are the two basic types of Denial of Service attack?

Answer 52

1. Attacks exploiting a vulnerability in hardware or software.
2. Attacks that flood the communication pipeline.

Question 53

List countermeasures and safeguards against DoS attacks:

Answer 53

1. Firewall, router, IDS that block attacks
2. Disable echo reply on external systems
3. Disable broadcast features on border systems
4. Blocking spoofed packets from entering or leaving the network
5. Keeping all systems patched with the most current security updates from the vendor

Question 54

Describe impersonation or masquerading.

Answer 54

The act of pretending to be someone or something you are not to gain unauthorized access to a system.

Question 55

How is impersionation different than spoofing?

Answer 55

Spoofing puts forth a false identity without any authentication.

Question 56

What is a reply attack?

Answer 56

A replay attack captures network traffic and replays it to gain access to a system. Unlikely to work.

Question 57

What is ARP?

Answer 57

Address Resolution Protocol. Maps an IP to a MAC address. Layer 3. Sends a broadcast request with the IP and asks for an assocaited MAC. Can be attacked by spoofing.

Question 58

How can you defend against ARP spoofing?

Answer 58

Static arp tables, monitor ARP caches, use an IDS.

Question 59

What is DNS poisoning or spoofing?

Answer 59

Altering the domain name to IP mappings in a DNS system to redirect traffic to a rogue system.

Question 60

How does DNS spoofing work?

Answer 60

it’s a race condition. You send a false reply when a system queries. If you get there first, you win.

Question 61

How do you block DNS spoofing?

Answer 61

The only real solution is DNSSEC.

Question 62

What is hyperlink spoofing?

Answer 62

Similar to DNS spoofing, redirects traffic to a rogue system.

Question 63

Which VPN protocols have native authentication protection?

Answer 63

PPTP, L2F, L2TP, IPSec

Question 64

Which VPN protocols have native data encryption?

Answer 64

IPSec. L2TP doesn’t, but can use IPSec. PP2P and L2F don’t.

Question 65

What VPN protocols does PPTP support?

Answer 65

IP only

Question 66

What VPN protocols does L2F support?

Answer 66

IP only

Question 67

What VPN protocols does IPSec support?

Answer 67

Any

Question 68

What VPN protocols does L2TP support

Answer 68

IP only

Question 69

Which VPN protocols support dial-up links?

Answer 69

PPTP, L2F, L2TP. IPSec doesn’t.

Question 70

What VPN protocol doesn’t support dial-up links?

Answer 70

IPSec

Question 71

How many simultaneous connections does PPTP support?

Answer 71

Point-to-point only.

Question 72

How many simultaneous connections does L2F support?

Answer 72

Point-to-point only.

Question 73

How many simultaneous connections does L2TF support?

Answer 73

Point-to-point

Question 74

How many simultaneous connections does IPSec support?

Answer 74

Multiple.