Chapter 6 & 7: Secure Network Configuration and Authentication Flashcards
Which protocols use PKI (4)
SSH
TLS
S/MIME
HTTP-Digest
Which protocol is used by many directory service systems from multiple vendors and manages distributed information services across a network. In this context, a “directory” is a database that stores information about network users, systems, services, and so on.
Lightweight Directory Access Protocol (LDAP)
What is Active Directory on Windows based on (2)
LDAP and Kerberos
What is a session-layer API for network applications that is use for file and printer sharing as well as computer identification on local network segments
Netbios
What protocol is used to remotely manage and monitor devices like routers and switches?
Simple Network Management Protocol (SNMP)
What is an open set of standards based on the Remote Frame Buffer Protocol. Uses TCP port 4900+N where N is the display number.
VNC
What is a simplified version of FTP designed for very lightweight applications, such as devices booting from the network. Uses UDP port 69.
Trivial File Transfer Protocol (TFTP)
What is an improved version of WPA-Personal used by WPA3 which is still based on a shared password distributed to each authorized user, but the password is not used in key generation or exposed to the network in hashed form.
Simultaneous Authentication of Equals (SAE)
Which VPN technology encapsulates almost any L3 protocol in a virtual point-to-point link and is used for tunneling.
Generic Routing Encapsulation (GRE)
Which VPN technology encapsulates PPP packets over GRE to provide VPN tunneling features, but relies on vendor implementation to provide encryption and authentication. Uses TCP port 1723 and GRE port 47
Point-to-point Tunneling Protocol (PPTP)
Which VPN technology is an IETF standard based on elements of PPTP and Cisco’s similar protocol. Uses RADIUS or TACACS+ authentication and IPSec encryption. Requires UDP port 500 and 1701.
L2TP/IPSec
Which VPN technology It
provides similar functionality to L2TP/IPsec while offering higher performance and better firewall traversal.
IKEv2/IPSec
Which encryption technology is often associated with VPNs, but can provide end-to-end level 3 security on any IP network. It is comprised on three protocols to provide authentication and integrity. They’re all based on the idea of security associations (SAs)
IPSec
Which IPSec component negotiates and authenticates SAs between two hosts and exchanges encryption keys to set up a secure channel.
Internet Key Exchange (IKE)
Which IPSec component provides data integrity and source authentication through cryptographic hashes of the packet contents and source identity.
Authentication Header (AH)
Which IPSec component encrypts the packet payload along with integrity and authentication information
Encapsulating Security Payload (ESP)
During IKE negotiations, host, or pee, identities are established through what? (2)
preshared keys or X.509 certificates
IPSec operates in what two modes?
Tunnel mode and Transport mode
What is the purpose of a site survey
To determine existing wifi coverage areas and identify problems
What are onboarding and offboarding procedures applied to?
devices added or removed from the network
What is the term where one party has explicit trust relationship with two other parties, that can form an implied trust relationship between those two
Transitive trust
What is the system that allows a authentication system to be shared across multiple systems or networks even if they’re not directly associated with each other. This makes SSO easier to implement.
Federated Identity Management
What is the term for where users can authorize one service to access resources belonging to another service within the same federation
Access delegation
Which PPP authentication protocol is the oldest and most widely supported standards. It uses a two-way handshake where the client presents user/pass and the server accept/rejects. This is only a one-way authentication and the exchange happens in plaintext.
Password Authentication Protocol (PAP)