Lesson 11 - Implementing Secure Network Protocols Flashcards
provides an automatic method for network address allocation.
Dynamic Host Configuration Protocol (DHCP)
is a type of DoS attack where a rogue client repeatedly requests new IP addresses using spoofed MAC addresses, with the aim of exhausting the IP address pool.
DHCP starvation
This makes it more likely that clients seeking an address lease will use the rogue DHCP server.
resolves fully qualified domain names (FQDNs) to IP addresses.
Domain Name System (DNS)
The name servers work over port 53.
A type of hijacking attack where the attacker steals a domain name by altering its registration information and then transferring the domain name to another entity. Sometimes referred to as brandjacking.
Domain Hijacking
A network-based attack where an attacker exploits the traditionally open nature of the DNS system to redirect a domain name to an IP address of the attacker’s choosing.
DNS poisoning
Several DNS poisoning attack can be perpetrated:
Man in the Middle
DNS Client Cache Poisoning
DNS Server Cache Poisoning
obtaining information about a private network by using its DNS server to perform a zone transfer (all the records in a domain) to a rogue DNS or simply by querying the DNS service, using a tool such as nslookup or dig.
DNS Footprinting
A security protocol that provides authentication of DNS data and upholds DNS data integrity.
DNS Security Extensions (DNSSEC)
Helps to mitigate spoofing and poisoning attacks by providing a validation process for DNS responses.
The Key Signing Key for a particular domain is validated by the parent domain or host ISP. The top-level domain trusts are validated by the Regional Internet Registries and the DNS root servers are self-validated, using a type of M-of-N control group key signing. This establishes a chain of trust from the root servers down to any particular subdomain.
A network protocol used to access network directory databases, which store information about authorized users and their privileges, as well as other organizational information.
Lightweight Directory Access Protocol (LDAP)
Pot 389
A network protocol used to access network directory databases, which store information about authorized users and their privileges, as well as other organizational information.
LDAP Secure (LDAPS)
LDAPS (TLS over TCP port 636)
Protocol for monitoring and managing network devices. SNMP works over UDP ports 161 and 162 by default.
Simple Network Management Protocol (SNMP)
Widely framework for management and monitoring.
Device queries take place over port 161 (UDP); traps are communicated over port 162 (also UDP).
SNMP v3 supports encryption and strong user-based authentication.
Provides a transport over which to synchronize these time dependent applications.
Network Time Protocol (NTP)
NTP works over UDP on port 123.
Top-level NTP servers (stratum 1) obtain the Coordinated Universal Time (UTC) from a highly accurate clock source, such as an atomic clock.
The protocol used to provide web content to browsers. HTTP uses port 80. HTTPS(ecure) provides for encrypted transfers, using SSL/TLS and port 443.
HyperText Transfer Protocol (HTTP)
HTTP also features a forms mechanism (POST) whereby a user can submit data from the client to the server.
HTTP is nominally a stateless protocol; this means that the server preserves no information about the client during a session.
A security protocol that uses certificates for authentication and encryption to protect web communication.
Transport Layer Security (TLS)
Secure Socket Layer (SSL)
An attack where a man-in-the-middle tries to force the use of a weak cipher suite and SSL/TLS version.
Downgrade Attack
the algorithms supported by both the client and server to perform the different encryption and hashing operations required by the protocol.
A cipher suite
Prior to TLS 1.3, a cipher suite would be written in the following form:
ECDHE-RSA-AES128-GCM-SHA256
This means that the server can use Elliptic Curve Diffie-Hellman Ephemeral mode for session key agreement, RSA signatures, 128-bit AES-GCM (Galois Counter Mode) for symmetric bulk encryption, and 256-bit SHA for HMAC functions. Suites the server prefers are listed earlier in its supported cipher list.
TLS 1.3 uses simplified and shortened suites. A typical TLS 1.3 cipher suite appears as follows:
TLS_AES_256_GCM_SHA384
Only ephemeral key agreement is supported in 1.3 and the signature type is supplied in the certificate, so the cipher suite only lists the bulk encryption key strength and mode of operation (AES_256_GCM), plus the cryptographic hash algorithm (SHA384) used within the new hash key derivation function (HKDF). HKDF is the mechanism by which the shared secret established by D-H key agreement is used to derive symmetric session keys.
A library of programming utilities used, for example, to enable software developers to access functions of the TCP/IP network stack under a particular operating system.
application programming interface (API)
Use of these APIs is authorized via a token or secret key.
Attack method where malicious XML is passed as input to exploit a vulnerability in the target app.
XML injection
A protocol used to transfer files between network hosts.
File Transfer Protocol (FTP)
Variants include S(ecure)FTP, FTP with SSL (FTPS and FTPES) and T(rivial)FTP. FTP utilizes ports 20 and 21.
All authentication and data transfer are communicated as plaintext, meaning that credentials can easily be picked out of any intercepted FTP traffic.
A secure version of the File Transfer Protocol that uses a Secure Shell (SSH) tunnel as an encryption method to transfer, access, and manage files.
SSH FTP (SFTP)
Secure Shell (SSH) over TCP port 22