Network Security 7 Flashcards
allows a firewall to identify traffic as conversational and automatically create temporary firewall rules to permit the response traffic to flow back to the sender. Operates at OSI layers 3-5.
*** Protocols at Layer 2 define how computers can share access to a common medium, such as a wired or wireless network. This includes protocols such as 802.3 Ethernet and 802.11 Wi-Fi.
Stateful Inspection Firewall
operates at OSI layer 7 (and below), analyzes packet content, blocks program level traffic.
*** Wiretapping is a Layer 1 threat because it involves tampering with the physical cables of a victim’s network.
Application Level Firewall
protocols at Layer 4 further refine this addressing by using a 16-bit number, called a port number, that uniquely identifies each service on a particular host, The two most common protocols within Layer 4 are the TCP and UDP protocols, both of which belong to the TCP/IP suite. The Transport layer ensures that data received from the upper OSI model layers are delivered according to the needs of the application.
protocols at layer 4
The Session layer allows computers to differentiate between the connections within a service on the same host.
Session Layer Info
The Presentation layer serves as a translation and security layer between applications, allowing computers to encode and encrypt data.
*** The Application layer defines how users connect with the application services through protocols such as HTTP.
Presentation Layer Info
is referred to as ciphertext because the proper term for an encryption algorithm is a cipher. If the cipher uses the same key to encrypt the data as it does to decrypt the data, the cipher is said to use a symmetric key. Conversely, if the keys are different, the cipher is said to use an asymmetric key pair, one key to encrypt the data and another to decrypt it. symetric encryption = AES, asymetric encryption = SSL, TLS, IPSEC
Encrypted Data
is an asymmetric key solution that allows two parties to exchange encrypted data without having first exchanged a private or shared key with one another. In PKI systems, each party that could either send or receive encrypted data must first create a key pair consisting of a public key and a private key. PKI is an asymmetric key solution that allows two parties to exchange encrypted data without having first exchanged a private or shared key with one another. The key pair is created using an algorithm that enables one key to decrypt ciphertext that the other key has encrypted. Once the pair is created, the public key is published to a public repository, whereas the private key is kept secret by the owner of the key. If you wish to send this person an encrypted file, you would retrieve their public key from the internet and then use it to encrypt the file. You could then send the encrypted file to the person or even post it for them to download. The only way to decrypt the file is to use the recipient’s private key, which should be stored in a very safe place. PKI can also be used for nonrepudiation and to verify the validity and integrity of data that was sent. Transport Layer Security (TLS) encryption, as well as bulk data encryption, is performed using a symmetric key to optimize its speed, but that key is exchanged using an asymmetric key cipher to ensure perfect secrecy of the key exchange. One downside to asymmetric key ciphers is the computational power required to perform the encryption on large blocks of data.
PKI
uses the algebraic structure of elliptic curves to create a key that is even smaller than traditional asymmetric keys, yet it is substantially more difficult to crack without the aid of quantum computers.
*** End-to-end encryption means that the data is never stored or transmitted in the clear.
ECC
creates a secure channel over the internet between a client computer and a server by exchanging a public key in the form of a certificate. The certificate is issued by a registered and well-known certificate authority (CA), such as Verisign. The certificate has a public key that is stored on the webserver and presented to the public whenever a user connects to the website. The private key is also stored on the webserver but is kept secret and protected. When a client computer (the web browser) contacts the webserver, the client initiates an encryption handshake that establishes a symmetric key that will be used to encrypt their traffic. The key exchange starts with the client computer encrypting a token with the webserver’s public key. This ensures that only a computer holding the private key, the webserver, can decrypt the token. The webserver then decrypts the token using its private key, and then uses the token as a private key in the symmetric key cipher with the client, thereby ensuring both sides of the communication and the key exchange remain encrypted.
TLS
is commonly used to create virtual private network (VPN) tunnels across the internet or other untrusted networks to allow many computers to communicate with each other. _____ traffic is encapsulated and authenticated, which allows the devices to create an encrypted tunnel that traffic may pass through. _____ is composed of the Authentication Header (AH) protocol, which provides data integrity for the connection, the encapsulating security payload (ESP), which provides encryption for the connection, and the security associations (SA), which define the algorithms to be used and the key exchange method. _____ is often used with internet key exchange (IKE) and IKEv2, though it is also possible to use _____ with symmetric keys.
IPSec
