Network Security - Objective 4 Flashcards
Common concepts, attack types, network hardening, remote access methods, physical security
Type of encryption used by WPA
RC4 (Rivest Cipher 4)
Geofencing
Uses GPS or RFID to define real-world boundaries where barriers can be active or passive
NAC
Network Access Control
Permits or denies access to the network based on a device’s characteristics
Difference between active & passive geofencing
Whether an alert is sent or only a log created
Wireless client isolation a.k.a. AP isolation
Devices on a wireless network can’t communicate with each other
Guest network isolation
The guest network does not have access to other networks on the access point
Encryption protocol used by SNMP3
DES
CRAM-MD5
MD5 variant used in email systems
DAC
Discretionary Access Control
An access control method where access is determined by the owner of the resource
MAC
(not the address)
Mandatory Access Control
An access control policy where the computer system gets to decide who gets access to what objects
RBAC
Role-based Access Control
Access model that is controlled by the system but focuses on a set of permissions versus an individuals permissions
Zero-Trust
A security framework that requires users to be authenticated and authorized before being granted access to applications or data
Transport layer protocols used by RADIUS & TACACS+, respectively
UDP & TCP
802.1x
A standardized framework that’s used for port-based network access control (NAC) on both wired and wireless networks
3-roles in 802.1x authentication
- supplicant
- Authenticator
- authentication server
3 examples of devices that can act as an authenticator in an 802.1X network
- Switch
- WAP
- VPN concentrator
EAP
Extensible Authentication Protocol [actually a series of them]
Allows for numerous different mechanisms of authentication performed using 802.1x
EAP-MD5
Utilizes simple passwords and the challenge handshake
authentication process to provide remote access
authentication
EAP-TLS
Uses public key infrastructure with a digital certificate
being installed on both the client and the server
EAP-TTLS
Requires a digital certificate on the server and a password
on the client for its authentication
EAP-FAST
EAP Flexible Authentication via Secure Tunneling
Uses a protected access credential to establish mutual
authentication between devices
PEAP
Protected EAP
Uses server certificates and Microsoft’s Active Directory
databases to authenticate a client’s password
Reason to disable dynamic switchport mode on your switchports
To prevent switch spoofing
RD Gateway
Remote Desktop Gateway
A server role that uses RDP over HTTPS & port 443 to provide a connection using the SSL/TLS protocols for remote users accessing an internal network
3 things an RD gateway does for remote access
- create an encrypted connection
- control access to network resources based on permissions and group policies
- Monitor the status of the gateway and any RDP connection passing through the gateway
4 remote access authentication protocols
- PAP unencrypted, not used
- CHAP
- MS-CHAP
- EAP can use more than just UN/PW (Use EAP/TLS in conjunction with a RADIUS or TACACS+ server)
VNC
Virtual Network Computing
Designed for thin client architecture and things like virtual desktop infrastructure (VDI)
2 ways of accessing a virtual desktop
- web browser
- specialized thin client device that uses a PXE network boot image that loads up a specialized client that can connect to the centralized server
Difference between full tunnel & split tunnel VPN
Full tunnel routes & encrypts all traffic & split only does the traffic bound for the headquarters. Which you use determines which network you are logically a part of & therefore can access the resources of.
When not to use a split tunnel VPN
On an untrusted Wi-Fi network
Clientless VPN
VPN in a web browser (https)
Protocol used instead of SSL or TLS for streaming or VoIP data in a VPN
DTLS datagram transport layer security
L2TP
Layer 2 Tunneling Protocol
Early tunneling protocol - no native encryption
L2F
Layer 2 Forwarding
Unused now (Cisco tunneling protocol for the P2P protocol)
PPTP
A pro and a con
Point-to-Point Tunneling Protocol
Supports dial-up networks but also lacks native security features except when used with Microsoft Windows
IPSec
IP Security
Provides authentication and encryption of packets to create a secure encrypted communication path between two computers