CISSP Domain 4 Flashcards
Communication and Network Security
OSI and TCP/IP Models Protocol types and security issues LAN, WAN, MAN, Intranet, and extranet technologies Cable types and data transmission types Network devices and services Communications security management Telecommunications devices and technologies Wireless technologies Network Encryption Threats and attacks Software defined routing Content distribution networks Multilayer protocols Convergent network technologies
Telecommunications
the electromagnetic transmission of data among systems
OSI Reference Model
ISO standard 7498 provides important guidelines used by vendors, engineers, developers, and others.
Encapsulation
Message moves down one stack and up another through the OSI model
Application Layer 7
works closest to the user and provides file transmissions, message exchanges, terminal sessions, and much more.
Does not include applications
passes instructions and data
Application Layer protocols
SMTP HRRP DNS IRC LDP
Presentation Layer 6
puts information in a format
common means of representing data in a structure
Presentation layer works as a
Translator.
Not concerned with the meaning of data,
but syntax and format
Presentation Layer formats
TIFF
GIF
JPEG
Compression
Presentation Layer handles
data compression and encryption
Only layer without protocols
Session Layer 5
Responsible for establishing a connection between two applications, maintaining it during the data transfer, and controlling the release of the connections.
Session Layer phases
Establish connection
data transfer
connection release
restart and connection if necessary
maintenance of the session.
Session Layer Protocols
Password Authentication Protocol (PAP)
Point to Point Tunneling Protocol (PPTP)
Network Basic Output System (NetBIOS)
Remote Procedure Call (RPC)
Session Layer modes
Simplex
Half Duplex
Full Duplex
difference between Session and Transport layers
Session is between 2 applications
Transport is between 2 computers
Security issue with RPC
lack of authentication or weak authentication
Session Layer protocols are
the least used in a network environment
Should be disabled
ATM
Asynchronous Transfer Mode
OSI Layers vs TCP/IP Layers
Application Application
Presentation
Session
___________________________________
Transport Host to Host
___________________________________
Network Internet
___________________________________
Data Link Network Access
Physical
Network Attacks can be
used as a channel for an attack
or
be the target of attack
Transport Layer 4
When 2 computers communicate
Handshaking process
Transport Layer provides
reliable data transfer error detection correction recovery flow control Optimization end to end data transport services establishes logical connection between two computers
Transport Layer Protocols
TCP Transport Control Protocol
UDP User Datagram Protocol
IPX
TCP vs UDP
connection vs best effort
Network Layer 3
inserts address and routing to packet’s header
Network Layer Protocols
IP Internet Protocol
ICMP Internet Control Message Protocol
RIP Routing Information Protocol
OSPF Open Shortest Path First
IGMP Internet Group Management Protocol
BGP Border Gateway Protocol
Data Link Layer 2
formats in order to transmit over Token ring ATM Ethernet ATM FDDI
Data Link sub layers
Logical Link Control LLC
Media Access Control MAC
Data Link LLC is defined in ISO
802-2
Flow control and Error checking
Ethernet is defined in ISO
802.3
Data Link MAC knows if the network is
Ethernet, Token Ring, or ATM
Token Ring is ISO is
802.5
Wireless LAN ISO is
802.11
Not to be confused with 802.1 for authentication
Data Link Protocols
Point to Point Protocol (PPP) ATM Layer 2 Tunneling Protocol (L2TP) FDDI Ethernet Token Ring
IEE 802 Layers
LLC
MAC
Network Cards bridge the
Data Link and Physical Layers
Data Link Layer unit of data
Frame
Physical Layer 1
converts bits into voltage for transmission
Physical Layer controls
Synchronization
Data rates
Line Noise
Transmission Techniques
Presentation Layer Standards
American Standard Code for Information Interchange (ASCII)
Extended Binary Coded Decimal Interchange Mode (EBCDOC)
Tagged Image File Format (TIFF)
Joint Photographic Experts Group (JPEG)
Motion Picture Experts Group (MPEG)
Musical Instrument Digital Interface (MIDI)
Bridges and Switches understand only up to the
Data Link Layer
Repeaters only understand traffic at the
Physical Layer
Layer 3 device works at the
Network Layer
Distributed Network Protocol 3
Designed for use in SCADA systems
Not a general purpose protocol
No routing functionality
SCADA systems
Hierarchical architecture
Sensors connected to Remote Terminal Units (RTUs)
RTUs aggregate data and relay to the SCADA master
Remote Terminal Unit
In Distributred Network Protocol 3, SCADA, the RTU relays information to the SCADA
Control instructions and configurations changes are sent from SCADA to RTUs
SCADA master
It the Human Machine Interface (HMI)
Controller Area Network Bus
Run most automobiles worldwide
TCP/IP: Model
IP is a network layer protocol and provides routing services
Main protocols of Transport Protocol
TCP and UDP
Socket
Is the combination of protocol (TCP or UDP), port, and IP address.
Well Known Ports
0-1023
Registered Ports
1024-49151
Dynamic Ports
49152-65535 available to be used by any application on an “as needed” basis
TCP Handshake
1 Syn
2 Syn//ACK
3. ACK
TCP must setup connection before any data is sent
SYN flood
SYN packets sent with never an ACK.
Floods system with SYN packets
Denial of Service attack
Syn Flood defenses
SYN caches
delays allocation of a socket until handshakes are complete.
Segment vs Datagram
TCP is segment
UDP is Datagram
IP 4 vs IP 6 bits
IP4 is 32 bit
IP6 is 128 bit
IP 4 Class Ranges
A is 0.0.0.0 to 127.255.255.255
First byte is network remaining for hosts
B is 128.0.0.0 to 191.255.255.255
First 2 bytes are network and the remaining are hosts
C is 192.0.0.0 to 223.255.255.255
First 3 are network and the last one is hosts
D is 224.0.0.0 to 239.255.255.255
Used for multicast addresses
E 240.0.0.0 to 255.255.255
Reserved for research
CIDR
Classless Interdomain Routing
Provides flexibility to increase of decrease class sized
TTL
Time to Live
Keeps packets from traversing a network forever
TOS
Type of Service
Prioritizes different packets
IP 6
Has IPSEC built in
allows scoped addresses
Does not require NAT
Teredo
Intersite Tunneling Mechanism using UDP encapsulation
ISATAP
Intrasite tunneling mechanism
Danger of Teredo
Attackers can use open ports for unintended traffic in and out of the network
802.1AR
MAC security standard (MACSec)
Provides a unique ID for a device
EAP-TLS digital certificate
Only communication over network is device authentication
MACsec
provides hop by hop protection at layer 2
Only authenticated and trusted devices on the network can communicate with each other.
EAP-TLS authentication framework
Each device compliant with 802.1AR comes with a built in device identifier (iDevID)
802.1AE
Provides data encryption, integrity, and origin authentication
802.1AF
Key agreement
carries out key agreement functions for the session keys used for data encryption
RADIUS
Remote Authentication Dial In Service
Authenticates devices by digital certificates using 802.1AR EAP-TLS
TPM
Trusted Platform Module
Converged Protocols
VOIP
FCoE
MPLS
ISCSI
FCoE
Fiber Channel over Ethernet
allows fiberchannel frames to ride on Ethernet
Mostly used in SAN storage
Not common
MPLS
Multiprotocol Label Switching
Frequently used to create Layer 2 VPNs
Called a layer 2.5 protocol
Data Link 2 and Network 3
Internet Small Computer System Interface
ISCSI
Encapsulates SCSI data to TCP segments
IP Convergence
addresses specific type of converged protocols
Transitions services from disparate media and protocols to IP
Baseband
One channel transmission
Broadband
Uses several channels
Analog vs Digital
Analog signals are measured in amplitude and frequency
Digital signals represent binary digits
ASTM
Asynchronous Transfer Mode
Data Link layer framed with start and stop indicators
Transfer data in a stream
Synchronous employs timing mechanisms
Asynchronous Communication Characteristics
No timing component Surrounds each bit with processing bits Parity bit used for error control Each byte requires three bits of instruction start stop parity
Synchronous Communication Characteristics
Timing component for data transmission synchronization
Robust error checking, commonly through
Cyclic Redundancy Checking (CRC)
Used for high speed, high volume transmissions
Minimal overhead compared to asynchronous communication
Coaxial Cable
copper core that is surrounded by a shielding layer and grounding wire.
more resistant to electromagnetic interference (EMI)
Attenuation
loss of signal strength as it travels
Cross Talk
signals of one wire spill over to the signals of another wire
Bus topology types
Linear
Tree
Star Topology
all nodes connect to a central device
Ethernet
Mesh Topology
multiple connection routes
MTU
Maximum Transmission Unit
How much data a frame can carry
Token Passing
24 bit control frame used to control which computers communicate.
Token is passed from computer to computer.
Only the computer with the token can put frames on the wire.
used by token ring and FDDI technologies
Do not have problems with collisions
CSMA
Used by ethernet
Carrier Sense Multiple Access with Collision Detection
Fasterthan token passing
Wireless uses
CSMA/Collision Avoidance
Each computer signals its intent to transmit data before it actually does so.
Signal collisions between 2 machines are detected by
increased voltage on the line
A collision domain is
a group of computers contending or competing for the same shared communication medium
Broadcast domains
are sets of computing nodes that all receive a layer 2 broadcast frame
Internetwork
When 2 distinct LANs are connected by a router
WAN
When 2 LANs are connected by a data link layer technology such as frame relay or ATM, they are a WAN
Ethernet is defined by
Contention based technology using a shared medium
Uses broadcast and collision domains
Uses CSMA CD or CA
Supports full duplex communication
Can use twisted pair, coaxal, or fiber optic cabling
Defined by standard IEEE 802.3
FDDI
developed by ANSI
usually used as a backbone using fiber optic cabling
provides fault tolerance by offering a second counter rotating ring
primary ring sends data clockwise
secondary ring transmits data counterclockwise and invoked only if the primary goes down
Each node is connected to both rings
FDDI 2
provides fixed bandwidth that can be allocated for specific applications
Copper Distributed Data Interface
CDDI can work over UTP cabling
IEEE 802.3 802.4 802.5
Ethernet is 802.3
FDDI is 802.4
Token ring is 802.5
IGMP
Internet Group Management Protocol
used to report multiport group membership to routers
When a user access multicast traffic, they become a member of a multi cast group.
Frame
Data that is not fully encapsulated
ARP
Address Resolution Protocol
When data link layer receives a frame, the network layer has already assigned a destination IP
ARP broadcasts a frame requesting the MAC address for the destination IP.
ARP table cache poisoning
Goal is to receive packets intended for another computer
This is a masquerading attack
DHCP Discover
Client broadcast on the network to discover the DHCP server
DHCP Offer
Server’s response to DHCP discover seeking an IP address
DHCP Request
Client responds to confirm its acceptance of an IP address
DORA process
DHCP Discover Offer Request Acknowledgement
DHCP snooping
method to shield networks from unauthenticated DHCP clients
Switches can direct clients to legitimate DHCP servers
Ensures DHCP servers can assign IP Addresses only to selected systems, identified by their MAC addresses
RARP
for diskless workstations to obtain IP addresses
BootP
Bootstrap Protocol for diskless workstations to obtain IP addresses
BootP is an enhancement to RARP
ICMP
Internet Control Message Protocol
IP's messenger boy delivers status messages reports errors replies to certain requests reports routing information PING
PING
Ping is an ICMP utility to test connectivity to another system
Echo replies
ICMP attacks
data can be inserted to ICMP packets
ICMP tunneling
sets up covert channel to send data illegitimately
Simple Network Management Protocol
used to view network status, traffic flows, and hosts
2 components of SNMP
managers and agents
Manager is server that polls devices
Community string is a password
Community String
a password for SNMP
Community strings are sent in clear text in SNMP v1 and v2
SNMP ports
161 and 162
Should be closed to untrusted networks
Version 3 of SNMP has encrypted passwords
DNSSEC
implements PKI and digital signatures which allows DNS servers to validate the origin of a message to ensure it is not spoofed and potentially malicious
DNS Splitting
DNS in DMZ handles external hostname to IP addresses.
Internal DNS handles internal hostname to IP addresses
Domain grabbing and cyber squatting
stolen domain registration
SASL
Simple Authentication and Security Layer
protocol independent framework for performing authentication
Email Relaying
mail servers in DMZs may not be locked down enough
This enables spammers to spoof email via loosely configured relays
Phishing
social engineering
SPF
Sender Policy Framework
Spear Phishing Attack
zeroes in on certain people
Whaling attack
zero in on a big fish
Private IP Address ranges
- 0.0.0 to 10.255.255.255 Class A
- 16.0.0 to 172.31.255.255 Class B
- 168.0.0 to 192.168.255.255 Class C
3 types of NAT
Static Mapping a pool of public IP addresses configured. Private addresses are statically mapped to specific public addresses
Dynamic Mapping Pool of IP addresses works as first come first serve
Port Address Translation Only one public IP address for all systems
Distance Vector Routing
routing decisions based on distance (or number of hops) and a vector (direction)
Looks only at the number of hops
RIP is a distance vector routing protocol
Link State Routing
sees more than just number of hops
OSPF is a Link State Routing Protocol
Routing Information Protocol
RIP
outlines how routers exchange routing table data. calculates the shortest difference.
Considered legacy
Open Shortest Path First
OSPF
link state
allows for a hierarchical routing network
OSPF has replaced RIP
Interior Gateway Routing Protocol
IGRP distance vector routing protocol
proprietary to CISCO
Enhanced Interior Gateway Protocol
EIGRP
Cisco proprietary
faster routing than IGRP
Spanning Tree Algorithm STA
adds intelligence to bridges
Ensures frames do not circle networks forever.
provides redundant paths
assigns priority valuies
Source Routing
tell the bridges where to send the packets
PBX
Public Branch Exchange
private telephone switch
Phreaker
Phone Hacker
Uses default passwords to enter PBX switches
Types of firewalls
Packet Filtering Stateful Proxy Dynamic Packet Filtering Kernel Proxy
Three firewall arcitectures
Screened Host
Multihome
Screened Subnet
Packet Filtering Firewalls
based on network level protocol values
configured with ACLs
dictate type of traffic
First generation firewalls
Packet filtering
Only have capability of reviewing protocol header at network and transport layers
Ingress filtering
Inbound traffic filtering
egress filteringq
outbound traffic filtering
Stateless inspection
Packet filtering
device does not understand the content packets are working within
Firewall used at the edge of a network
Packet filtering
gets the obvious junk
Weaknesses of packet filtering
Cannot prevent attacks that employ application specific vulnerabilities or functions
have limited logging functionality
do not support advanced user authentication
cannot detect spoofed addresses
not able to detect packet fragmentation attacks
Advantages of packet filtering
scalable
not application dependent
high performance
commonly used as first line of defense
Stateful firewalls
remembers and keeps track of packets until connection is closed
Keeps state of connection
Stateful Inspection Firewall Characteristics
Maintains a state table that tracks each communication session
Provides a high degree of security and does not introduce the performance hit that application proxy firewalls introduce
Is scalable and transparent to users
Provides data for tracking connectionless protocols such as UDP and ICMP
Stores and updates the state and context of data within the packets
Proxy firewalls
Middleman
intercepts and inspects messages before delivering them
Stands between a trusted and untrusted network.
Breaks the communication channel
Circuit level proxy
creates a connection between two communicating systems.
Works at the session layer of the OSI model
cannot look into contents of a packet
Considered application dependent
Traffic appears to have come from the proxy
Application Level Proxy
inspect the packet up through the application layer
Understands the packet as a whole
can make access decisions based on content
Understands services and protocols
can distinguish commands
Has one proxy per protocol
Characteristics of application level firewalls
extensive logging capabilities
capable of authenticating users directly
Disadvantages of using application level proxy firewalls
not generally well suited to high bandwidth or real time applications
tend to be limited in terms of support for new network applications and protocols
They create performance issues because of the per-packet processing requirements.
SOCKS
a circuit level proxy gateway
provides secure channel between 2 computers
Dynamic Packet Filtering Firewalls
Creates an ACL that allows and external entity to communicate with an internal system via a high numbered port
Without this, you would punch holes in your firewalls for ports above 1023
Kernel Proxy Firewalls
faster than application level proxy firewalls
Connection between internal and external is broken
Fifth generation Firewall
Kernel Proxy Firewall
Next Generation Firewalls
Incorporates a signature based IPS engine
Connects to external data sources such as Active Directory
Firewall type and OSI layer
Packet Filtering Network Layer Stateful Network Layer Application Level Proxy Application Layer Circuit Level Proxy Session Layer Dynamic packet filtering Network Layer Kernel Proxy Application Layer Next Generation Multiple Layers
Bastion Host
highly exposed device most likely to be targeted by attackers
Can be on the public side of a DMZ or directly connected to an untrusted network
Should have all unnecessary services and accounts disabled and administrative tools removed
Dual Homed Firewall
device that has 2 interfaces
One connected to one network and one connected to another network
Should have packet forwarding and routing turned off
Screened Host
firewall that communicates directly with perimeter router and internal network
Screened subnet
2 firewalls create a DMZ
Masquerading or spoofing
attacker modifies a packet header to have the source address of a host inside the network to be attacked.
No reason for a packet with an internal address to come in from the outside.
Fragmentation Attacks
IP Fragmentation
Teardrop attack
Overlapping fragment attack
IP Fragmentation attack
Flaws within IP are exploited.
Causes DoS attacks
Teardrop Attack
Malformed fragments are created by the attacker
When reassembled, cause system instability
Overlapping Fragment attack
overwrites a previously approved fragment and executes an attack on the victim system.
Source routing
the packet defines the network path. bypasses the router.
Source routing is often disabled
Honeypot
intended to be exploited by attackers
Usually sits in the screened subnet or DMZ
Tarpits
slow down attacker
Unified Threat Management
provide multiple functionalities in a single network appliance
Considered all in one devices
Issues with UTM products
Single point of failure for traffic
Single point of compromise
Performance issues
Content Distribution Networks
multiple servers distributed across a large region optimized for users closest to it.
More resistant to Denial of Service attacks
Software Defined Networking
dynamically route traffic to services and platforms
Drivers in SDN
Cloud Computing
Big Data
Mobile computing
Control Planes
Where the internetwork routing decision are made
Part of the router that runs the routing protocol like OSPF.
Responsible for discovering the topology of the network and maintaining routing tables
Forwarding plane
where traffic forwarding decisions are made
Follows the directions of the control plane
Control plane is the strategic, methodical planner of traffic routing.
Forwarding plane is the tactical, fast executioner of those plans
Control Plane vs Forwarding Plane
Control plane is central
Forwarding is in each device
Approaches to SDN
Open
API
Overlay
Intranet vs extranet
strictly internal vs internal with external links
Extranets are often used in business to business communication
Value Added Networks
Use EDI for internal communications and with other companies
commonly used with supplier companies to provide inventory for like Target, Walmart
EDI
Electronic Data Interchange
Provides structure and organization for electronic documents, orders, invoices, purchase orders, and data flow
Metropolitan Area Networks
usually a backbone that connects LANs to eachother and LAN to WAN, the internet, and telecommunication networks
SONET
Synchronous Optical Networks
Majority of Metropolitan Area networks are SONET or FDDI
SONET is a standard for
telecommunications transmissions over fiber optic cables
SONET is self healing. If a break in a line occurs, it can use a backup redundant ring
VPLS
Virtual LAN Service is a multipoint, Layer 2, VPN that connects 2 or more customer devices using ethernet bridging techniques
VPLS emulates a LAN over a managed IP/MPLS network
Wide Area Networks
When a computer on one network needs to communicate with a network on the other side of the country or in a different country altogether, WAN technologies kick in
Asynchronous Transfer Mode (ATM)
Telecommunication packets that travel on SONET
High speed network technology used in WAN implementations by carriers, ISPs, and telephone companies
Telecom History
Copper lines carry purely analog signals T1 lines carry up to 24 conversations T3 lines carry up to 28 T1 lines Fiber Optics over SONET networks ATM over SONET
Dedicated link
also called a leased line or point to point link
Link is not shared with any other entities
STDM
Statistical time division Multiplexing
Transmits several types of data simultaneously across a single transmission line such as T1 or T3
CSU/DSU
Required when digital equipment will be used to communicate with telecommunication lines
Converts data from routers, switches, and multiplexers to be transmitted over service provider digital lines
Two main types of switching
Circuit switching and packet switching
Circuit Switching
Sets up a virtual connection that acts like a dedicated link between 2 systems
Packet switching
is not dedicated
flow may use various routes
Circuit switching characteristics
Connection oriented virtual links
Traffic travels in a predictable and consistent manner
Fixed delays
Usually caries voice oriented data
Packet switching characteristics
packets can use many dynamic path
traffic is usually bursty in nature
variable delays
usually carries data oriented data
Frame relay
a WAN technology that operates at the data link layer
uses packet switching technology to let multiple companies and networks share the same WAN medium
Is considered legacy
Permanent Virtual Circuit PVC
like a private line with agreed upon availability
has guaranteed bandwidth
Switched Virtual Circuits SVCs
similar to dial up connections
Variable bandwidth
Quality of Service
distinguishes between different classes of messages and assigns priority levels
QOS has 3 levels
Variable bit Rate VBR
Unspecified bit rate UBR
Available Bit Rate ABR
Synchronous Data Link Control
used in networks that use dedicated leased lines with permanent physical connections
HDLC
a framing protocol that is used mainly for device to device communication
Point to Point Protocol PPP
a data link protocol that carries out framing and encapsulation for point to point connections
encapsulation of multiprotocol packets
Often used in telecom
PPP authenticattion
PAP Password Authentication Protocol
CHAP Challenge Handshake Authentication Protocol
EAP Extensible Authentication Protocol
Password Authentication Protocol PAP
Insecure as it sends passwords in cleartext
If must be used, use it over an encrypted connection
Link Control Protocol LCP
establishes, configures, and maintains connections
Used to carry out encapsulation format options
handles variable limits on packet sizes, detects loopback sizes
Data Link Protocols
control how devices talk to eachother
HSSI
High Speed Serial Interface
used to connect multiplexers and routers to high speed communication services such as ATM and frame relay
SIP
Session Initiation Protocol
sets up and breaks down call sessions
Application Layer Protocol that can work over TCP or UDP
A signaling protocol widely used for VOIP communication sessions
Components needed for VOIP
an ip telephony device
a call processing manager
voicemail system
gateway
SPIT
Spam over Internet Telephony
ISDN
Integrated Service Digital Network
PPTP
Point to Point Tunneling Protocol
Used to secure PPP connections
Encapsulates PPP
PPTP authentication
PAP
CHAP
MS-CHAP
EAP TLS
MPPE
Microsoft Point to Point Encryption
PPTP limitations
Restricted to IP
cannot support multiple connections
can be used for system to system communication but not gateway to gateway
PPTP relies on PPP functionality for a majority of its security functions
Never became an industry standard
Layer 2 Tunneling Protocol
combines features of PPTP and Cisco’s Layer 2 Forwarding (L2F)
L2TP tunnels PPP traffic over various network types
(IP, ATM, X25)
not just restricted to IP
Integrates with IPSec to provide confidentiality, integrity, and potentially another layer of authentication
IP:Sec
A suite of protocols developed to protect IP traffic
bolts onto IP 4
PPTP and L2TP work at the data link layer.
IPSec works at the network layer
Protocols that make up IPSEC
Authentication Header (AH)
Encapsulating Security Payload (ESP)
Internet Security Association and Key Management Protocol (ISAKMP)
Can be used separately or together in IPSec
AH and ESP
HAIIPE
High Assurance Internet Protocol Encryptor
is a Type 1 encryption device based on IP
secure gateway that allows 2 enclaves to exchange date over an untrusted network
works at the Network layer
has largely replaces link layer encryption
Transport Layer Security VPN
Works at the session layer
used mainly to protect HTTP traffic
already embedded in most web browsers
IPSEC can be configured
to provide transport adjacency
more than one security protocol (ESP and AH) is used in a VPN tunnel
Iterated runneling
an IPSEC tunnel tunneled through another IPSec tunnel
Common types of VPN tunnel
TLS portal VPN
TLS tunnel VPN
TLS portal VPN
single standard TLS connection to a website
called a portal because a single location provides access to other resources
remote user accesses TLS/VPN gateway using a browser, is authenticated, and presented with a webpage for services
TLS Tunnel VPN
Individual uses a web browser to securely access multiple network services including applications and services that are not web based
PPTP summary
Works in a client server model
Extends and protects PPP connections
Works at the data link layer
Transmits over IP networks only
Layer 2 Tunneling Protocol Summary
Hybrid of L2F and PPTP Extends and protects PPP connections Works at the data link layer Transmits over multiple types of networks, not just IP Combined wiht IPSec for security
IPSec Summary
Handles multiple VPN connections at the same time
Provides secure authentication and encryption
Supports only IP Networks
Focuses on LAN to LAN communication rather than user to user communication
Works at the network layer, and provides security on top of IP
Transport layer Security TLS Summary
Works at the session layer and protects mainly web and email traffic
Granular access control and configuration available
Easy deployment since TLS is already embedded in web browsers
Can only protect a small number of protocol types
Not an infrastructure level VPN solution
Password Authentication Protocol
AP)
used by remove users to authenticate over PPP connections
Provides identification and authentication
Credentials are sen to the authentication server after a connection has been established via PPP
Authentication server has a database to authenticate users
PAP security is the least secure because credentials are sent in cleartext
Challenge Handshake Authentication Protocol (CHAP)
addresses vulnerabilities found in PAP
uses a challenge/response instead of having the user send password over the wire
Server sends a one time challenge (NONCE)
Challenge is encrypted
MS CHAP
Microsoft version of CHAP provides mutual authentication functionality
Has 2 versions that are incompatible
Not vulnerable to P
man in the middle attacks because it continues the challenge/response activity
Extensible Authentication Protocol
supported by PPP provides a framework to enable many types of authentication techniques.
Can use one time passwords, token cards, biometrics, Kerberos, digital certificates
Wireless FHSS vs DSSS
FHSS uses only a portion of the total bandwidth available.
DSSS uses all available bandwidth
Ad Hoc wireless LAN
No APs
called infrastructure WLAN used to extend an existing wired network
acts as a wireless hub stream symmetric cipher
WEP deficiencies
use of static encryption keys
ineffective use of initialization vectors
Lack of packet integrity assurance
Protocol used by WEP
RC4
Temporal Key Integrity Protocol TKIP
backward compatible with WLAN devices
TKIP generates new dynamic keys
Made to increase security of WE{ or replace it without the need for hardware upgrade
Tools to crack WEPs
AirSnort
WEPCrack
Lightweight Extensible Authentication Protocol
CISCO proprietary
EAP TLS
used by Microsoft and others
Authenticates by digital certificates
Protective EAP
is server side only EAP
MIME
Multipurpose Internet Mail Extensions
specifies how multimedia and email binary attachments are to be transferred
S MIME
Secure MIME is a standard for encrypting and digitally signing email and providing secure transmission
Pretty Good Privacy
PGP
Phil Zimmerman freeware email security program
First widespread public key encryption program
is a complete cryptosystem that protects email and files
Can use RSA public key encryption for key management and IDEA symmetric cipher for bulk encryption of data
Uses MD5 hashing algorithm,
authentication by using public key certificates
Web of trust
Used by PGP instead of Certificate Authorities (CA)
HTTP Secure
HTTP running over Secure Sockets Layer (SSL)or TLS.
Secure Sockets Layer
uses public key encryption and provides data encryption, server authentication, message integrity, and optional client authentication
SSL developed by Netscape and not open community pits security protocol
POODLE
Padding Oracle On Downgraded Legacy Encryption attach in 2014 was death for SSL Forces SSL to downgrade its security for the sake of interoperabiity
Secure Shell SSH
functions as a type of tunneling mechanism
provides terminal like access to remote computers. SSH is a program and protocol that can be used to log into another computer over a network
Denial of Service
compromises the availability of a system
results in a service or resource degraded or made unavailable to legitimate users
Malformed Packets
Ping of death
ICMP echo attack
early networks did not enforce the maximum length of a ICMP packet which is 65536 bytes. Operating systems could not handle packets larger
Flooding
overwhelm the target computer with packets.
SYN flooding
exploits the three way handshake that TCP users
Distributed Denial of Service
High volume DOS
uses an army of hijacked or zombie computers
Best defense is a content based distribution network
Sniffing
Is the attack of confidentiality of your data
Requires NICs to be in promiscuous mode
