ID/Access & Network Flashcards
Kerberos
Network authentication protocol
Uses KDC/TGT to communicate with directories (key distribution center/ticket granting ticket)
UDP 88
SAML
Security Assertion Markup Language
Defines security authorization for single sign on web based applications, eg Shibboleth.
Exchanges authentication and authorization info between identity providers and service providers.
LDAP
LDAPS
Lightweight directory access control (TCP 389)
LDAP Secure (TLS TCP 636)
Access protocol with formats and methods for querying directories
Extends X.500 directory standard
NTLM
New Technology LAN manager
Suite of protocols providing authentication, confidentiality & integrity in Windows systems
Uses a message digest hashing algorithm the challenge users and check credentials
TOTP
HMAC
HOTP
Time based one time password
Key hash message authentication code
HMAC based one time password
SFTP
FTPS
TFTP
Secure file transfer protocol
File transfer protocol secure
Trivial file transfer protocol
SFTP SSH on TCP 22
FTPS uses TLS on TCP 989 990 or TCP 20 21 (FTP)
TFTP UDP 69 for small amounts of data. Usually disabled because it is not essential
IPsec
Encrypt IP
native to IPv6 but works with IPv4
Encapsulates and encrypts IP packet payloads and uses tunnel mode to protect VPN traffic
Two main components are authentication header (AH) identified by protocol ID number 51 and encapsulating security payload (ESP) identified by ID number 50
It uses the Internet key exchange (IKE) over UDP port 500 to create a security association for the VPN
SSH
Secure shell
Encrypt traffic using TCP 22
SSL
Secure sockets layer protocol secures HTTP traffic as HTTPS
It can encrypt SMTP and LDAP
It has been compromised and is not recommended for use. Poodle attack
STARTTLS
A command used to upgrade an Unencrypted connection to an encrypted connection on the same port
Removes the need to use one port to transmit data include text and a second port to transmit data in cipher text
SMTP
Simple mail transfer protocol
TCP 25
Before STARTTLS,
used TCP 465 with SSL and
TCP 587 with TLS
POP3
Secure POP3
Post office protocol V3
TCP 110
transfers emails from servers down to clients
Secure POP can use SSL or TLS
used TCP 995 before STARTTLS
IMAP4
Secure IMAP4
Internet message excess protocol version 4
TCP 143
Protocol to store email on an email server (gmail)
Secure IMAP4 used TCP 993 before STARTTLS
HTTP
HTTPS
TCP 80
TCP 443 with SSL or TLS
GPO
Group policy setting
A directory service
Poisoning attack
Corrupt cache stores by protocols for temporary access
TCP
Transmission control protocol provide the connection oriented traffic i.e. guarantee delivery. DCP uses a three-way handshake. It sends a synchronize packet the server responds with a synchronize/acknowledge packet and the client returns and acknowledge packet to establish the connection.
UDP
User datagram protocol
Provides connection less sessions. UDP delivers traffic without using extra traffic to ensure delivery. ICMP traffic and audio/video streaming use UTP. Many denial of service attack use UDP
TCP/IP
Uses IP to reach destination and the MAC address through the ARP to reach correct host
ARP poisoning
Clients receive false hardware address updates and attackers use it to redirect or interrupt network traffic
NDP
Neighbor discovery protocol
Perform several functions on IPV6
RTP
SRTP
(Secure) real time transport protocol
Delivers audio and video over IP networks. This includes voice over Internet protocol communications streaming media media video teleconferencing applications and devices using web-based push to talk features.
SRTP protects against replay attacks
Replay attack
An attacker capture data sent between two entities modifies it and then attempt to impersonate one of the parties by replaying the data
Remote access to systems
SSH, e.g. SSH secures Netcat in Linux system
RDP (Remote Desktop protocol) TCP/UDP 3389
VPN
NTP
Network time protocol
Most common time synchronization protocol
Uses complex algorithms; SNTP (simple NTP) does not use algorithms
IPv4 private address ranges
Defined by RFC 1918
- 0.0.0-10.255.255.255
- 16.0.0-172.31.255.255
- 168.0.0-192.168.255.255
IPv4
32 bits binary
IPv6
128 bits hexadecimal
4 bits per character
uses unique local addresses allocated in private networks; not assigned to systems on internet
unique local addresses start with fc00
DNS
domain name system
UDP 53
DNS server cache
DNS servers store queries in a cache so it doesn’t have to repeat the query again.
DNS server records
hosted in zones
A (host record): host name and IPv4 address; most common record; client query uses name with a forward lookup request
AAAA: host name and IPv6 address
PTR (pointer record): query is IP address; returns name
MX (mail exchange): identifies mail server; linked to A or AAAA record of mail server
CNAME (canonical name): allows a single system to have multiple names associated with a single IP address
SOA (start of authority): info on DNS zone and some settings (TTL)
DNS server software
most DNS servers on internet run Berkeley Internet Name Domain (BIND) and run on Unix/Linux servers.
Internal networks can use BIND but in Microsoft networks, DNS servers commonly use Microsoft DNW software
zone transfer
process of DNS servers sharing information with each other
TCP 53
only includes a small number of update records
Domain Name Resolution
DNS zones include records: A (IPv4 addresses), AAAA (IPv6 addresses)
DNS uses TCP 53 for zone transfers (info sharing between DNS servers)
DNS uses UDP 53 for DNS clien queries
Most Internet-based DNS servers run BIND on Unix/Linux serves.
Common to configure DNS serves to only use secure zone transfers
DNSSEC helps preven DNS poisoning attacks.
Nslookup (MSFT) and dig (Un/Ln) are command line tools to test DNS
SNMPv3
simple network management protocol
UDP 161
UDP 162 to send error messages
