Networking & Protocols Flashcards
CHAP
Challenge Handshake Authentication Protocol
Protocol used by VPN servers to validate identity of remote clients. Uses a three-way handshake process:
- Server challenges the client
- Client responds with hashed combo of the challenge nonce and a shared secret
- Server checks response and if correct, grants client access
Protects against replay attacks by periodically reverifing client using a different challenge value.
Stronger than PAP b/c doesn’t send pwd in plain-text but not as strong as MS-CHAP v2.
WAP
Wireless Access Point/Access Point (AP)
A networking hardware device that allows other Wi-Fi devices to connect to a wired network. See AP.
PAP
Password Authentication Protocol
Used with Point-to-Point Protocol (PPP) to authenticate clients.
Significant weakness becuase sends passwords over network in cleartext. Used as last resort.
WEP
Wired Equivalent Privacy
- Designed to give wireless networks the same level of privacy protection as a comparable wired network
- Easy to determine key using readily available tools
- Deprecated
SFTP
Secure File Transfer Protocol
- Secure implementation of FTP
- Extension of SSH
- Uses SSH to transmit files in encrypted format
- Uses TCP port 22
L2TP
Layer 2 Tunneling Protocol
- Protocol used to support VPNs or as part of the delivery of services by ISPs
- Does not provide any encryption or confidentiality of content by itself
- Usually implemented with IPsec for encryption
- Uses UDP port 1701
LEAP
Lightweight Extenisible Authentication Protocol
Cisco Systems’ proprietary Extensible Automation Protocol implementation.
WPA
WiFi Protected Access
- Interim replacement for WEP
- Uses TKIP (Temporal Key Integrity Protocol) which dynamically generates a 128-bit key
- Susceptible to attacks:
- password-cracking attack, especially when a weak passphrase is used
- disassociation attack
SMTPS
Simple Mail Transfer Protocol Secure
- Secures SMTP with TLS
- Provide authentication of the communication partners, as well as data integrity and confidentiality
- Uses TCP port 587, sometimes port 465
CCMP
CCM Mode Protocol (Counter Mode CBC Message Authentication Code Protocol)
- An encryption protocol based on AES and used with WPA2 for wireless network security
- More secure than TKIP (Transient Key Integrity Protocol), which was used with the original release of WPA.
PAT
Port Address Translation
Feature on network devices that translates private IP addresses into the public IP address using port numbers.
Uses IPv4 address but with port number
It has two types:
- static
- overloaded PAT
IP
Internet Protocol
- Protocol for routing and addressing packets of data so that they can travel across networks and arrive at the correct destination
- Defines packet structures to encapsulate the data to be delivered
- Defines addressing methods that are used to label the data with source and destination information.
- IPv4 dominent protocol of the internet
- Does not guarantee delivery or acknowledge whether data has been received or corrupted.
TKIP
Temporal Key Integrity Protocol
- Interim solution to replace WEP without requiring the replacement of legacy hardware
- Used with WPA
MMS
Multimedia Message Service
A method used to send text messages. It is an extension of SMS and supports sending multimedia content.
WPA2
WiFi Protected Access 2
- Wireless security protocol that permanently replaces WEP and WPA
- Supports AES encryption through CCMP (Counter Mode/MAC Protocol) with 128-bit encryption key
- 2 modes:
- Pre-shared Key (PSK)/Open Mode - anonymous user access with PSK or passphrase, authorization without authentication
- Enterprise Mode - forces users to authenticate with unique credentials
SNMP
Simple Network Management Protocol
- An application-layer service used to exchange information between network devices
- Uses 2 ports:
161 - manager communication with agents
162 - unsolicited messages from agent to manager (trap)
EAP-TLS
EAP-Transport Layer Security
An extension of EAP that is sometime used with 802.1x.
One of most secure EAP standards and is widely implemented.
Requires certificates on 802.1x server and on the clients.
ICMP
Internet Control Message Protocol
- Used to test basic connectivity between devices.
- Includes tools such as ping, pathping, and tracert.
- Often targeted by DoS attacks so blocked by many firewalls.
- Not typically used to exchange data between systems or used by end-user network applications.
MS-CHAP/MS-CHAPv2
MS Challenge Handshake Authentication Protocol v2
Microsoft version of CHAP with improvements
MS-CHAPv2 significant improvements with ability to perform mutual authentication:
- Client authenticates to the server
- Server authenticates to client
Provides assurances of the server’s identity before client sends data
VPN
Virtual Private Network
- Method for providing access to a private network over a public network such as the internet.
- VPN concentrators are dedicated devices used to provide VPN access to a large group of users
ISAKMP
Internet Security Association and Key Management Protocol
- Protocol for establishing Security association (SA) and cryptographic keys in an Internet environment
- Only provides a framework for authentication and key exchange
- Designed to be key exchange independent
- Uses UDP port 500
TGT
Ticket Granting Ticket
Part of Kerberos process
SOAP
Simple Object Access Protocol
Messaging protocol for exchanging structured information in the implementation of web services within computer networks
POP
Post Office Protocol
- An application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server
- Current version is POP3
- Uses TCP port 110
STP
Spanning Tree Protocol
A protocol enabled on most switches that protects against switching loops. A switching loop can be caused if 2 ports of a switch are connected.
NetBIOS
Network Basic Input/Output System
- Program (API) that allows applications on different computers to communicate within a LAN
- Uses ports 135-139
ESP
Encapsulating Security Payload
Provides origin authenticity through source authentication, data integrity through hash functions and confidentiality through IP packet encryption
Uses protocol 50
VoIP
Voice Over IP
Term used for a technology that enables telephony communications over a network by using the IP protocol
PEAP
Protected Extensible Authentication Protocol
- Extension to EAP sometimes used with 802.1X
- Requires a certificate on the 802.1X server.
FTPS
FTP over SSL
A protocol that combines the use of FTP with additional support for TLS
Uses TCP ports:
989 - data transfer
990 - command control
NAT
Network Address Translation
- Protocol that translates public IP addresses to private IP addresses and vice versa.
- Static NAT: single public IP in one-to-one mapping
- Dynamic NAT: multiple public IP address in one-to-many mapping
- Advantages:
- Don’t need to buy public IP addresses for all clients
- Hides internal computers from internet
- Not compatible with IPsec
DNS
Domain Name System
Hierarchical, decentralized service used to resolve the more recognizable host names to IP addresses
Uses TCP & UDP port 53
SCP
Secure Copy Protocol
- Protocol based on SSH
- Used to copy encrypted files over a network
- Uses TCP port 22
SHTTP
Secure Hypertext Transfer Protocol
Obsolete alternative to HTTPS
802.1x
- Standard for port-based Network Access Control (PNAC) and provides the protected authentication for secure n/w access
- 802.1x networks use an authentication server like RADIUS or EAP to verify user credentials
- User identity authenticated based on their credentials or a certificate.
- After authentication, 802.1x open a ports for network access
- Can be implemented in both wireless and wired networks
EAP-FAST
EAP-Flexible Authentication via Secure Tunneling
A Cisco designed replacement for Lightweight EAP (LEAP).
EAP-FAST supports certificates but they are optional.