Network+ 13 Flashcards
symmetric encryption : DES: Data Encryption Standard (DES) is an older encryption algorithm (developed in the mid-1970s) using a 56-bit key. It is considered weak by today’s standards. Triple DES (3DES), developed in the late 1990s, uses three 56-bit DES keys (for a total of 168 bits) and is usually considered a strong encryption algorithm. However, the security of 3DES varies based on the way it is implemented. Specifically, 3DES has three keying options, where all three keys are different (keying option 1), two of the three keys are the same (keying option 2), or all three keys are the same (keying option 3) to maintain backward compatibility with DES.
asymmetric encryption : RSA is commonly used as part of a public key infrastructure (PKI) system. Specifically, PKI uses digital certificates and a certificate authority (CA) to authentication and encryption services.
symmetric/asymmetric encryption
Message digest 5 (MD5): Creates 128-bit hash digests, Secure Hash Algorithm 1 (SHA-1): Creates 160-bit hash digest, hash-based message authentication code (HMAC) uses an additional secret key in the calculation of a hash value.
MD5
intergrity attacks = Hijacking a session: An attacker could hijack a TCP session
Salami attack: A salami attack is a collection of small attacks that result in a larger attack when combined.
Data diddling: The process of data diddling changes data before it is stored in a computing system. Malicious code in an input application or a virus could perform data diddling.
Trust relationship exploitation: Different devices in a network might have a trust relationship between themselves.
Integrity Attacks
availability attacks = Reflective: With this attack, a third-party system is used to help carry out the attack; oftentimes this third party is not compromised, making this attack very difficult to track down.
Amplified: A DNS server is often used in an amplification attack, but other services could be used in the exploit as well. With these attacks, legitimate servers are tricked into flooding responses at a target system; the forged request tends to be small but results in large responses hitting the target.
TCP SYN Flood : One variant of a DoS attack is for an attacker to initiate multiple TCP sessions by sending SYN segments but then never complete the three-way TCP handshake.
availability attacks
DR focuses on getting critical applications back online, and BC focuses on the tasks carried out by an organization to ensure that critical business functions continue to operate during and after a disaster.
An AUP identifies what users of a network are and are not allowed to do on a network.
vulnerability scanners include Nessus and Nmap (network mapper).
DR/BC Etc …
BYOD = Bluejacking: The sending of unauthorized messages over a Bluetooth connection to a device.
Bluesnarfing: Provides unauthorized access from a wireless device through a Bluetooth connection.
Bluebugging: Creates unauthorized backdoor access to connect a Bluetooth device back to the attacker.
BYOD
Nessus : Performing audits on systems without requiring an agent to be installed on the systems, Checking system configurations for compliance with an organization’s policy.
Auditing systems for specific content (for example, credit card information or adult content)Performing continuous scanning, thus reducing the time required to identify a network vulnerability, Scheduling scans to run once, daily, weekly, or monthly.
Nessus
Access control lists (ACLs) are rules usually applied to router interfaces that specify permitted and denied traffic, ex : filtering criteria include IP addresses (source or destination), port number (source or destination), and MAC addresses (source or destination).
PPPoE : PPPoE encapsulates PPP frames within Ethernet frames.
Point-to-Point Protocol (PPP) is a common Layer 2 protocol that offers features such as multilink interface, looped link detection, error detection, and authentication.
ACLs Etc …
Layer 2 Protections : Spanning tree protections: These protections include root guard, BPDU guard, and flood guard.
Root guard prevents another switch in the topology from taking over the STP root role, while BPDU guard helps identify rogue or misplaced switches in the topology.
Flood guard helps to prevent against Denial of Service (DoS) attacks that seek to disrupt communications through a massive flooding of frames.
DHCP snooping: This involves preventing rogue DHCP servers and DHCP pool exhaustion attacks by restricting ports from accepting certain DHCP messages.
VLAN segmentation: This inherently protects systems from accidental or malicious “attacks” from systems in other broadcast domains. VLAN segmentation also forces inter-VLAN communications to pass through a router, which can easily enforce security policy and security checks on the traffic.
Layer 2 Protections
Network Hardening : Changing default credentials. Avoiding common passwords. Upgrading firmware. Patching and updating. File hashing. Disabling unnecessary services. Using secure protocols. Generating new keys. Disabling unused ports. This includes both ports running IP and physical ports themselves. Changing the native VLAN.
Independent Computing Architecture (ICA) is a Citrix Systems proprietary protocol that allows an application running on one platform (for example, Microsoft Windows) to be seen and controlled from a remote client, independent of the client platform.
Network Hardening Etc …
