Implementation Flashcards
What is DNSSEC
In the context of the Security+ exam, DNSSEC stands for Domain Name System Security Extensions. DNSSEC is a suite of extensions to DNS (Domain Name System) designed to add an additional layer of security to the domain name lookup process.
How does DNSSEC insures Data Integrity?
DNSSEC uses cryptographic signatures to ensure the integrity of DNS data. Each DNS record is signed by the domain owner, and these signatures are verified by DNS resolvers to ensure that the data has not been tampered with during transmission.
How does DNSSEC prevents DNS spoofing and DNS cache poisoning attacks.
By using Digital Signatures
Explain DNSSEC’s chain of trust.
The DNSSEC (Domain Name System Security Extensions) chain of trust is a verified electronic signature, or handshake, at each DNS lookup node. In other words, it is a chain of lookups validated by the domain name’s digital signature that secures the request through all lookup nodes.
It starts with the root DNS zone and extends to the authoritative DNS servers for a specific domain. This chain of trust ensures that each level of the DNS hierarchy can vouch for the authenticity of the data in the level below it.
Howdoes DNSSEC uses PKI?
DNSSEC relies on PKI to manage the cryptographic keys used for signing and validating DNS data. Public and private key pairs are used to create digital signatures, and the public keys are distributed in DNS records.
What is S/MIME?
Secure Multipurpose Internet Mail Extensions is the internet standard for digitally signing mime based emails.
key aspects of s/mime
Digital Signatures: S/MIME allows the sender to digitally sign an email using their private key. The recipient can verify the signature using the sender’s public key, ensuring the authenticity of the message and confirming that it hasn’t been altered in transit.
Encryption: S/MIME supports the encryption of email content using the recipient’s public key. This ensures that only the intended recipient, who possesses the corresponding private key, can decrypt and read the message.
Public Key Infrastructure (PKI): S/MIME relies on a PKI to manage public and private key pairs. Digital certificates, issued by trusted Certificate Authorities (CAs), are used to bind public keys to individuals or entities, establishing a trust relationship in the encryption and signing process.
Interoperability: S/MIME is widely supported by various email clients and servers, promoting interoperability for secure email communication across different platforms.
What is Secure real-time transport protocol (SRTP)
SRTP is a security protocol used to provide confidentiality, integrity, and authenticity for real-time communication protocols, especially those used in voice-over-IP (VoIP) and video conferencing applications.
What are the key features of SRTP?
Encryption: SRTP provides encryption for the data exchanged during real-time communication, such as voice and video streams. This encryption helps to protect the confidentiality of the communication by preventing eavesdropping.
Message Integrity: SRTP employs cryptographic mechanisms to ensure the integrity of the transmitted data. This prevents tampering with the content of the communication during transit.
Authentication: SRTP supports mechanisms for authenticating the parties involved in the communication. This helps ensure that the received data is from a legitimate source and has not been altered by a malicious actor.
Replay Protection: SRTP includes safeguards against replay attacks, where an attacker may try to retransmit previously recorded packets to gain unauthorized access or disrupt the communication.
Key Management: SRTP relies on appropriate key management mechanisms to handle the exchange and storage of cryptographic keys. Proper key management is crucial for maintaining the security of the communication.
SRTP is commonly used to enhance the security of real-time communication applications, especially those relying on protocols such as the Real-time Transport Protocol (RTP) for streaming audio and video.
What is LDAP
LDAP stands for Lightweight Directory Access Protocol. LDAP is a standard application protocol used to access and manage directory information services. A directory service is a centralized repository for storing, organizing, and providing access to information about network resources, such as users, computers, and other devices.
What is LDAP often used for?
Directory Services: LDAP provides a framework for accessing and managing directory services. A directory service organizes information in a hierarchical structure, often referred to as a directory tree, and allows efficient querying and retrieval of information.
Authentication and Authorization: LDAP is commonly used for user authentication and authorization in network environments. It allows systems to verify user credentials and determine access rights based on information stored in the directory.
Address Book Services: LDAP is utilized in applications like email clients and other communication tools as a protocol for accessing address book information. This enables users to search and retrieve contact information.
Network Resource Information: LDAP is used to store and retrieve information about network resources, including users, groups, printers, and other devices. It provides a standard way to organize and access this information.
Security Services: LDAP supports encryption through protocols like LDAPS (LDAP Secure) to secure the communication between LDAP clients and servers. This is important for protecting sensitive information, especially during authentication processes.
LDAPS
LDAPS stands for LDAP Secure, which is an extension of the Lightweight Directory Access Protocol (LDAP) that provides a secure communication channel using the Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). LDAPS is used to encrypt the communication between LDAP clients and LDAP servers, adding a layer of security to protect sensitive information, especially during authentication processes. Port: By default, LDAPS typically uses port 636 for communication. This is in contrast to the non-secure LDAP, which usually operates on port 389. Using a dedicated port helps differentiate between secure and non-secure LDAP connections.
What is FTPS
FTPS stands for File Transfer Protocol Secure. FTPS is an extension of the traditional File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) or Secure Sockets Layer (SSL) cryptographic protocols to secure the data transmitted between the FTP client and the FTP server.
FTPS can encrypt both the control channel (used for sending commands) and the data channel (used for transferring actual files). This ensures the confidentiality and integrity of both the commands and the transferred data.
Compatibility: FTPS is backward-compatible with traditional FTP. This means that clients or servers that support FTPS can communicate with non-secure FTP implementations, but the level of security will be limited to the capabilities of the non-secure FTP.
SNMPv3
SNMPv3 stands for Simple Network Management Protocol version 3. SNMP is a protocol widely used in network management systems to monitor and manage network devices, such as routers, switches, and servers. SNMPv3 is an improved and more secure version of the SNMP protocol.
What is Authentication header in IPSEC
Authentication Header (AH) is one of the two primary protocols used in IPsec (Internet Protocol Security) to provide security services for IP (Internet Protocol) network traffic. The other protocol is the Encapsulating Security Payload (ESP). Both AH and ESP can be used separately or in combination, depending on the specific security requirements.
