ISC2 - Study Notes 11 Flashcards
provides mutual authentication of systems, integrity, and confidentiality. It uses the Authentication Header (AH) for authentication and integrity, and the Encapsulating Security Protocol (ESP) for encryption. Tunnel Mode : the entire packet is encrypted and encapsulated into an IP packet. Transport Mode : only the payload (the actual data) is encrypted. In other words, the IP header is not encrypted.
IPSec
An SSL VPN uses port 443 and allows clients to access internal resources.
In a full tunnel, all traffic from the user is sent through the VPN tunnel and encrypted.
A split tunnel only encrypts the traffic directly related to the VPN.
Info
(PAP) is an older authentication protocol. Usernames and passwords are passed over the network in cleartext, which makes them highly susceptible to sniffing attacks.
(CHAP) is more secure than PAP because the actual password is never sent over the wire. Instead, a nonce (a number used once) is combined with a shared secret known only to the client and the remote access server. The result of combining the nonce and the shared secret is then hashed with Message Digest 5 (MD5).
Info
MS-CHAPv2 is mutual authentication. In other words, the client authenticates to the server and the server also authenticates back to the client. This helps prevent the client from sending authentication data to an attacker impersonating the remote access server.
(EAP) provides a more secure authentication process than many other remote authentication methods.
PEAP encapsulates and encrypts the EAP transmission in a TLS tunnel. PEAP requires a certificate on the server, but clients are not required to have a certificate.
Info
EAP-TTLS also uses TLS to create a tunnel to encapsulate the authentication method. It exchanges authentication information as attribute-value pairs (AVPs), allowing it to secure many older authentication methods (such as PAP, CHAP, and MS-CHAP). Note that while PAP sends the authentication information in cleartext, the TLS tunnel ensures that the authentication information is encrypted while in transit. EAP-TTLS requires a certificate on the authentication server, but clients do not need a certificate.
Info
provides the best security of these methods. It requires the server and each client to have a certificate, providing mutual authentication.
EAP-TLS
RADIUS is not only for dial-up. It also provides AAA services for VPN remote access connections.
Diameter is another AAA protocol and it was created as an alternative to RADIUS. It isn’t backward compatible with RADIUS, but it does provide several improvements. It uses TCP instead of UDP and supports both IPsec and TLS to encrypt sessions.
TACACS+ encrypts the entire authentication session. In contrast, RADIUS encrypts only the user’s password.
Info
Many mobile device management (MDM) systems can interact with an existing NAC system, or provide NAC services. An MDM system can identify approved mobile devices and inspect them to ensure they meet preset requirements such as being up to date. Unapproved devices can be redirected to a guest network. Approved devices that don’t meet requirements can be redirected to the quarantined network. Healthy, approved devices can be given full access to the network.
Info
is the software on the physical server that creates, runs, and manages the VMs. It also manages the resources for each of the VMs. These resources include the virtual data storage, memory, and networking components.
Hypervisor
features include support for the Common Internet File System (CIFS) and Network File System (NFS). The SAN features include support for Internet Small Computer System Interface (iSCSI) and Fibre Channel (FC).
NAS
