Lesson 11 - Implementing Secure Network Protocols Flashcards

1
Q

provides an automatic method for network address allocation.

A

Dynamic Host Configuration Protocol (DHCP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

is a type of DoS attack where a rogue client repeatedly requests new IP addresses using spoofed MAC addresses, with the aim of exhausting the IP address pool.

A

DHCP starvation
This makes it more likely that clients seeking an address lease will use the rogue DHCP server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

resolves fully qualified domain names (FQDNs) to IP addresses.

A

Domain Name System (DNS)
The name servers work over port 53.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A type of hijacking attack where the attacker steals a domain name by altering its registration information and then transferring the domain name to another entity. Sometimes referred to as brandjacking.

A

Domain Hijacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A network-based attack where an attacker exploits the traditionally open nature of the DNS system to redirect a domain name to an IP address of the attacker’s choosing.

A

DNS poisoning
Several DNS poisoning attack can be perpetrated:
Man in the Middle
DNS Client Cache Poisoning
DNS Server Cache Poisoning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

obtaining information about a private network by using its DNS server to perform a zone transfer (all the records in a domain) to a rogue DNS or simply by querying the DNS service, using a tool such as nslookup or dig.

A

DNS Footprinting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A security protocol that provides authentication of DNS data and upholds DNS data integrity.

A

DNS Security Extensions (DNSSEC)
Helps to mitigate spoofing and poisoning attacks by providing a validation process for DNS responses.
The Key Signing Key for a particular domain is validated by the parent domain or host ISP. The top-level domain trusts are validated by the Regional Internet Registries and the DNS root servers are self-validated, using a type of M-of-N control group key signing. This establishes a chain of trust from the root servers down to any particular subdomain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A network protocol used to access network directory databases, which store information about authorized users and their privileges, as well as other organizational information.

A

Lightweight Directory Access Protocol (LDAP)
Pot 389

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A network protocol used to access network directory databases, which store information about authorized users and their privileges, as well as other organizational information.

A

LDAP Secure (LDAPS)
LDAPS (TLS over TCP port 636)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Protocol for monitoring and managing network devices. SNMP works over UDP ports 161 and 162 by default.

A

Simple Network Management Protocol (SNMP)
Widely framework for management and monitoring.
Device queries take place over port 161 (UDP); traps are communicated over port 162 (also UDP).
SNMP v3 supports encryption and strong user-based authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Provides a transport over which to synchronize these time dependent applications.

A

Network Time Protocol (NTP)
NTP works over UDP on port 123.
Top-level NTP servers (stratum 1) obtain the Coordinated Universal Time (UTC) from a highly accurate clock source, such as an atomic clock.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The protocol used to provide web content to browsers. HTTP uses port 80. HTTPS(ecure) provides for encrypted transfers, using SSL/TLS and port 443.

A

HyperText Transfer Protocol (HTTP)
HTTP also features a forms mechanism (POST) whereby a user can submit data from the client to the server.
HTTP is nominally a stateless protocol; this means that the server preserves no information about the client during a session.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A security protocol that uses certificates for authentication and encryption to protect web communication.

A

Transport Layer Security (TLS)
Secure Socket Layer (SSL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

An attack where a man-in-the-middle tries to force the use of a weak cipher suite and SSL/TLS version.

A

Downgrade Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

the algorithms supported by both the client and server to perform the different encryption and hashing operations required by the protocol.

A

A cipher suite
Prior to TLS 1.3, a cipher suite would be written in the following form:
ECDHE-RSA-AES128-GCM-SHA256
This means that the server can use Elliptic Curve Diffie-Hellman Ephemeral mode for session key agreement, RSA signatures, 128-bit AES-GCM (Galois Counter Mode) for symmetric bulk encryption, and 256-bit SHA for HMAC functions. Suites the server prefers are listed earlier in its supported cipher list.

TLS 1.3 uses simplified and shortened suites. A typical TLS 1.3 cipher suite appears as follows:
TLS_AES_256_GCM_SHA384
Only ephemeral key agreement is supported in 1.3 and the signature type is supplied in the certificate, so the cipher suite only lists the bulk encryption key strength and mode of operation (AES_256_GCM), plus the cryptographic hash algorithm (SHA384) used within the new hash key derivation function (HKDF). HKDF is the mechanism by which the shared secret established by D-H key agreement is used to derive symmetric session keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A library of programming utilities used, for example, to enable software developers to access functions of the TCP/IP network stack under a particular operating system.

A

application programming interface (API)
Use of these APIs is authorized via a token or secret key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Attack method where malicious XML is passed as input to exploit a vulnerability in the target app.

A

XML injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A protocol used to transfer files between network hosts.

A

File Transfer Protocol (FTP)
Variants include S(ecure)FTP, FTP with SSL (FTPS and FTPES) and T(rivial)FTP. FTP utilizes ports 20 and 21.
All authentication and data transfer are communicated as plaintext, meaning that credentials can easily be picked out of any intercepted FTP traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A secure version of the File Transfer Protocol that uses a Secure Shell (SSH) tunnel as an encryption method to transfer, access, and manage files.

A

SSH FTP (SFTP)
Secure Shell (SSH) over TCP port 22

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Another means of securing FTP is to use the connection security protocol SSL/TLS. There are two means of doing this:

A

Explicit TLS (FTPES)—use the AUTH TLS command to upgrade an unsecure connection established over port 21 to a secure one. This protects authentication credentials. The data connection for the actual file transfers can also be encrypted (using the PROT command).
Implicit TLS (FTPS)—negotiate an SSL/TLS tunnel before the exchange of any FTP commands. This mode uses the secure port 990 for the control connection. A type of FTP using TLS for confidentiality.
FTPS is tricky to configure when there are firewalls between the client and server. Consequently, FTPES is usually the preferred method.

21
Q

The protocol used to send mail between hosts on the Internet.

A

Simple Mail Transfer Protocol (SMTP)
Messages are sent over TCP port 25.

22
Q

SMTP communications can be secured using TLS. This works much like HTTPS with a certificate on the SMTP server. There are two ways for SMTP to use TLS:

A

STARTTLS—this is a command that upgrades an existing unsecure connection to use TLS. This is also referred to as explicit TLS or opportunistic TLS.
SMTPS—this establishes the secure connection before any SMTP commands (HELO, for instance) are exchanged. This is also referred to as implicit TLS.
The STARTTLS method is generally more widely implemented than SMTPS. Typical SMTP configurations use the following ports and secure services:

23
Q

TCP port 110 protocol that enables a client to access email messages stored in a mailbox on a remote server. The server usually deletes messages once the client has downloaded them.

A

Post Office Protocol v3 (POP3)
POP3S is the secured version of the protocol, operating over TCP port 995 by default.

24
Q

TCP/IP application protocol providing a means for a client to access and manage email messages stored in a mailbox on a remote server.

A

Internet Message Access Protocol v4 (IMAP4)
IMAP4 utilizes TCP port number 143.
The default port for IMAPS is TCP port 993.

25
Q

An email encryption standard that adds digital signatures and public key cryptography to traditional MIME communications.

A

Secure/Multipurpose Internet Mail Extensions (S/MIME)

26
Q

A generic name for protocols that carry voice traffic over data networks.

A

Voice over IP (VoIP)

27
Q

Used to establish, disestablish, and manage VoIP and conferencing communications sessions. It handles user discovery (locating a user on the network), availability advertising (whether a user is prepared to receive calls), negotiating session parameters (such as use of audio/ video), and session management and termination.

A

Session Initiation Protocol (SIP)
Where unencrypted SIP typically runs over TCP port 5060, SIPS uses TCP port 5061.

28
Q

Opens a data stream for video and voice applications over UDP. The data is packetized and tagged with control information (sequence numbering and time-stamping).

A

real-time Transport Protocol (RTP).

29
Q

Version of RTP secured using TLS.

A

SRTP

30
Q

A secure tunnel created between two endpoints connected via an unsecure network (typically the Internet).

A

virtual private network (VPN)

31
Q

The practice of encapsulating data from one protocol for safe transfer over another network such as the Internet.

A

tunnel

32
Q

Developed by Cisco and Microsoft to support VPNs over PPP and TCP/IP. PPTP is highly vulnerable to password cracking attacks and considered obsolete.

A

Point-to-Point Tunneling Protocol (PPTP)

33
Q

A protocol that uses the HTTP over SSL protocol and encapsulates an IP packet with a PPP header and then with an SSTP header.

A

Secure Sockets Tunneling Protocol (SSTP)

34
Q

Dial-up protocol working at layer 2 (Data Link) used to connect devices remotely to networks.

A

The Point-to-Point Protocol (PPP)

35
Q

A set of open, non-proprietary standards that are used to secure data through authentication and encryption as the data travels across the network or the Internet.

A

Internet Protocol Security (IPSec)
Internet Protocol Security (IPSec) operates at the network layer (layer 3) of the OSI model, so it can be implemented without having to configure specific application support. IPSec can provide both confidentiality (by encrypting data packets) and integrity/anti-replay (by signing each packet).
The main drawback is that it adds overhead to data communications.
IPSec can be used to secure communications on local networks and as a remote access protocol.

36
Q

An IPSec protocol that provides authentication for the origin of transmitted data as well as integrity and protection against replay attacks.

A

Authentication Header (AH)

37
Q

IPSec sub-protocol that enables encryption and authentication of the header and payload of a data packet.

A

Encapsulation Security Payload (ESP)
Encapsulation Security Payload (ESP) provides confidentiality and/or authentication and integrity.

38
Q

IPSec can be used in two modes:

A

Transport mode—this mode is used to secure communications between hosts on a private network (an end-to-end implementation). When ESP is applied in transport mode, the IP header for each packet is not encrypted, just the payload data. If AH is used in transport mode, it can provide integrity for the IP header.
Tunnel mode—this mode is used for communications between VPN gateways across an unsecure network (creating a VPN). This is also referred to as a router implementation. With ESP, the whole IP packet (header and payload) is encrypted and encapsulated as a datagram with a new IP header. AH has no real use case in tunnel mode, as confidentiality will usually be required.

39
Q

Framework for creating a Security Association (SA) used with IPSec. An SA establishes that two hosts trust one another (authenticate) and agree secure protocols and cipher suites to use to exchange data.

A

Internet Key Exchange (IKE)

40
Q

IKE negotiations take place over two phases:

A

Phase I establishes the identity of the two hosts and performs key agreement using the Diffie-Hellman algorithm to create a secure channel. Two methods of authenticating hosts are commonly used:
Digital certificates—the hosts use certificates issued by a mutually trusted certificate authority to identify one another.
Pre-shared key (group authentication)—the same passphrase is configured on both hosts.

Phase II uses the secure channel created in Phase I to establish which ciphers and key sizes will be used with AH and/or ESP in the IPSec session.

41
Q

VPN protocol for tunneling PPP sessions across a variety of network protocols such as IP, Frame Relay, or ATM.

A

Layer 2 Tunneling Protocol (L2TP)

42
Q

VPN configuration where only traffic for the private network is routed via the VPN gateway.

A

Split tunnel

43
Q

VPN configuration where all traffic is routed via the VPN gateway.

A

Full tunnel
Full tunnel offers better security, but the network address translations and DNS operations required may cause problems with some websites, especially cloud services. It also means more data is channeled over the link.

44
Q

Microsoft’s protocol for operating remote connections to a Windows machine (Terminal Services) allowing specified users to log onto the Windows computer over the network and work remotely. The protocol sends screen data from the remote host to the client and transfer mouse and keyboard input from the client to the remote host. It uses TCP port 3389.

A

Remote Desktop Protocol (RDP)

45
Q

Remote access tool and protocol. VNC is the basis of macOS screen sharing.

A

Virtual Network Computing (VNC)
Other example is Teamviewer

46
Q

Using features of HTML5 to implement remote desktop/VPN connections via browser software (clientless).

A

HTML5 VPN

47
Q

Accessing the administrative interface of a network appliance using a separate network from the usual data network. This could use a separate VLAN or a different kind of link, such as a dial-up modem.

A

out-of-band (OOB)

48
Q

A hardened server that provides access to other hosts.

A

jump server

49
Q

A remote administration and file-copy program that supports VPNs by using port forwarding, and that runs on TCP port 22.

A

Secure Shell (SSH)
The main uses of SSH are for remote administration and secure file transfer (SFTP).