Chapter 7 Remote access Flashcards
Wireless network encryption standard.
802.11i
vendor-independent standard for connecting two nodes according to the port
802.1x
login, access privileges, track account usage
AAA
secure encryption, better than TKIP
AES
IPsec; provides IP packet authentication through public keys
AH (authentication header)
Kerberos; a process to initially authenticate a client
AS (authentication service)
one key to encrypt, another to decrypt
asymmetric encryption
rules to authenticate clients
authentication protocols
Kerberos: user’s time stamp is encrypted with a session key
authenticator
organization that maintains and issues certificates, part of public-key infrastructure
CA (certificate authority)
random string of text to another computer to initiate authentication
challenge
PPP authentication process
CHAP (challenge handshake authentication protocol)
3-tenet security standard for protecting data
CIA triad (confidentiality, integrity, availability)
input of 2 different data sets resulting in the same hash value
collision
services shared by many organizations, but are not public
community cloud
a digital document that contains verifiable information about the user and their public key
digital certificate
WinServer 2008 service; automatically authenticates remote users to a Domain and to corporate networks
DirectAccess
forging name server records
DNS spoofing
the authenticator initiates the authentication process
EAP (extensible authentication protocol)
nature of storage and services to be easily scalable on demand
elastic (VPN)
security concerns while data is in transit
endpoint security vulnerability
two nodes connect without help from intermediate devices directing hops for transmissions
end-to-end connectivity
IPsec; a packet’s data authentication through a public key
ESP payload (encapsulating security payload)
Cisco: transmits PPP data frames through VPN-tunnel packets to look like IP packets in Layer 3
GRE (generic routing encapsulation)
data transformed through a particular algorithm - impossible to reverse
hashed data
virtually hosted desktops on a different physical computer.
HVD (hosted virtual desktop)
different data services within a cloud
hybrid cloud
IPsec; negotiates the exchange and authentication of keys
IKE (internet key exchange)
works with IPsec to form a secure connection
ISAKMP (Internet security association and key management protocol)
Kerberos; the server issues keys to clients during initial client authentication
KDC (key distribution center)
a cross-platform private key encryption service; uses key encryption to verify client identity and securely exchange information
Kerberos
combination of public and private keys used to encrypt and decipher data using public key encryption
key pair
a VPN protocol that encapsulates PPP data for use on VPNs
Layer 2 Tunneling protocol
a 128-bit hash protocol
MD5
authentication protocol over PPP that encryps usenames and passwords
MS-CHAP (Microsoft challenge handshake authentication protocol)
requires two or more pieces of info for authentication
MFA (multifactor authentication)
multiple customers share one storage location
multi-tenant
both computers verify each other’s credentials
mutual authentication
open source SSH: protocols for security and encryption
open SSH
open source VPN
open VPN
legacy authentication protocol; very fallible against brute force attacks
PAP (password authentication protocol)
using certificates to assign users to public keys
PKI (public key infrastructure)
a client’s identity is verified before the port for transmission is opened
port authentication
redirecting traffic to a different port
port forwarding
an upgrade to SLIP; a client connects to a server via a serial connection (dial-up/DSL); considered weak for authentication
PPP (point-to-point protocol)
services on a private server within an organization
private cloud
encryption using a key that only the sender and recipient know
private key encryption
a tunneling protocol that encapsulates PPP data frames so they travel masked as an IP transmission
PTP (point-to-point)
services provided over public transmission lines
public cloud
encryption using a public key associated with the user and the client-specific key
public key encryption
a source for public keys
public key server
protocol for providing centralized AAA services
RADIUS service
an access server wherein remote users log in, access data, and are granted provileges
RAS (remote access server)
Microsoft’s RAS and VPN
RRAS (routing and remote access service)
IPsec: a secured channel
secure channel
Kerberos: random two copies of a new key
session key
hash algorithm resistant to collisions
SHA (secure hash algorithm)
one-time sign in to access multiple resources
SSO (single sign on)
tunnels connect multiple sites on a WAN
site-to-site VPN
predecessor to PPP; allows clients to connect to a server via serial connections
SLIP (serial line internet protocol)
software is provided by subscription
subscription model
the same encryption key is used at both ends
symmetric encryption
Kerberos: you don’t need a new ticket to access other resources
TGS (ticket granting service)
predecessor to AES, 802.11i
TKIP (temporal key integrity protocol)
a virtual connection between a client and a remote network
VPN
a gateway on the edge of a LAN that establishes secure connections (routers / RASs)
VPN gateway
A Citrix virtualization software package
Xen
