Random Topics to memorize PT 3

Question 1

This allows you to verify the responses that you get from a DNS server. You can make sure that it is exactly the information that you requested. It is done through Public Key Cryptography. The information on a DNS server is signed by a trusted third party.

Answer 1

DNSSEC

Question 2

With this application all the communication between you and whatever device you’re connected to is encrypted.

Answer 2

SSH

Question 3

It’s a way that you can digitally sign and encrypt information right in your email client. It is required to be PKI enabled.

Answer 3

S/MIME

Question 4

Used to make secure phone calls for Voice over IP. It uses AES to encrypt phone calls as they go through the network. It also provides HMAC-SHA1 as hashing to provide integrity and replay protection.

Answer 4

Secure Real-Time Protocol (SRTP)

Question 5

Works together with SSL to make directories more secure. This is a non-standard implementation of SSL.

Answer 5

LDAPS

Question 6

Uses SSL to transfer files securely.

Answer 6

FTPS

Question 7

Uses SSH to transfer files. It allows for file system functionality so you can restart a file transfer if it has been interrupted.

Answer 7

SFTP

Question 8

It provides Confidentiality by encrypting communication between you and the device you are managing. It adds integrity and it has authentication to verify the source of the information. You can alternatively access certain devices via HTTPS to get the same effect.

Answer 8

SNMPv3

Question 9

Both include SSL encryption to help protect data that is being emailed.

Answer 9

Secure POP/IMAP

Question 10

Is used to set the time on all the devices across the network.

Answer 10

NTP (Network Time Protocol)

Question 11

This is where someone can spoof a MAC address and make multiple requests for an IP address and once the DHCP server runs out of IPs to give out then it causes a Denial Of Service. You can configure a switch with MAC filtering to avoid this.

Answer 11

DHCP Starvation Attack

Question 12

Based off of the X.500 standard. This hierarchical structure can contain the country name, organizational units, or you can customize it to be as extensive or as basic as you need.

Answer 12

LDAP

Question 13

It is used for SSO. It is also protected against replay attacks and Man in the Middle attacks. Uses a ticketing processes to authenticate you.

Answer 13

Kerberos

Question 14

It uses a three-way handshake method. The client sends a request, the server then sends a challenge method. The client responds with a password hash. The server then checks the hash against the records and determines if it is correct.

Answer 14

CHAP

Question 15

Communicates in the clear. It’s a super simple authentication method that is not secure for today’s use. You would just provide your username and password to a server, and the server would check to see if it matched with their records and if it did, you’re in.

Answer 15

PAP

Question 16

Uses PPTP. Both are not secure for authentication because they both use the DES encryption method. They should not be used.

Answer 16

MS-CHAP and MS-CHAPv2

Question 17

You can use this authenticate to a third party to provide access to local resources (SSO). This is not used with mobile networks.

Answer 17

SAML

Question 18

Is a protocol that provides resource authentication. Open ID usually handles the SSO authentication and OAUTH determines what services the user should have access to. This was created by Google. It is often used with Google, Twitter, Facebook, and other organizations.

Answer 18

OAUTH

Question 19

This is an open source application that uses SAML to provide federated SSO.

Answer 19

Shibboleth

Question 20

For server based authentication The server does not keep track of any session information, instead is uses a stateless form of authentication. After a user is authenticated the server the server provides them with a token

Answer 20

Secure Token

Question 21

This system uses an MD4 hash challenge for password authentication. There is an HMAC-MD5 hash of the username and server name, and then there’s a variable length challenge that uses a time stamp, some random data, and the name of the Windows domain. Kerberos replaced this.

Answer 21

NTLM (NT LAN Manager)