Secure Network Protocols Flashcards
A suite of security extensions for an Internet service that translates domain names into IP addresses is known as:
EDNS
DNSSEC
Split DNS
DDNS
DNSSEC (Domain Name System Security Extensions) is a suite of security extensions for the Domain Name System (DNS) protocol. It aims to add security features, such as data origin authentication and data integrity, to DNS responses. DNSSEC achieves this by adding digital signatures to DNS records, which allows DNS clients to verify the authenticity of DNS data received from authoritative DNS servers. This helps prevent various DNS-based attacks, such as DNS spoofing and DNS cache poisoning, by ensuring that DNS responses have not been tampered with in transit.
DNSSEC provides a mechanism for domain owners to cryptographically sign their DNS records, allowing DNS resolvers to validate the authenticity of DNS responses and ensure the integrity of DNS data. Overall, DNSSEC enhances the security of the DNS infrastructure and helps protect users from DNS-related attacks.
EDNS (Extension Mechanisms for DNS): EDNS is a protocol extension for DNS that allows DNS messages to carry larger payloads and additional information. While it can enhance DNS functionality, it is not specifically focused on security.
Split DNS: Split DNS is a configuration where different DNS servers are used for resolving domain names based on whether the request originates from inside or outside a private network. It is not primarily a security extension but rather a technique for network optimization and control.
DDNS (Dynamic DNS): DDNS is a method of automatically updating DNS records with new or changed IP addresses for devices with dynamic (changing) IP addresses. While it has implications for DNS management, it is not a suite of security extensions for DNS.
Which of the following answers refers to a non-proprietary cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services?
RDP
Telnet
SSH
RAS
SSH (“secure shell”) is a cryptographic network protocol that is widely used for secure communication and remote command-line login. It provides strong encryption and authentication mechanisms to protect data transmitted over a network, making it suitable for secure access to remote systems and services. SSH uses public-key cryptography for authentication, allowing users to securely log in to remote servers without transmitting passwords over the network. It also supports encryption of data transmitted between client and server, ensuring confidentiality and integrity of the communication.
SSH is commonly used by system administrators, software developers, and network engineers to securely manage remote servers, transfer files, and execute commands on remote systems. It has become the de facto standard for secure remote access and is supported by most operating systems and network devices.
Here are brief definitions of the other options:
RDP (Remote Desktop Protocol): RDP is a proprietary protocol developed by Microsoft for remote desktop connections and graphical user interface (GUI) interaction with remote computers. It is primarily used for accessing and controlling Windows-based systems remotely.
Telnet: Telnet is a network protocol used for establishing remote terminal connections and executing commands on remote hosts. However, Telnet does not provide encryption or authentication, making it insecure for transmitting sensitive information over untrusted networks.
RAS (Remote Access Service): RAS is a feature in Microsoft Windows operating systems that provides remote access capabilities, such as dial-up networking and virtual private network (VPN) connections. While it enables remote access to network resources, it does not specifically provide encryption or secure communication protocols like SSH.
T/F
Multipurpose Internet Mail Extensions (MIME) specification extends the email message format beyond simple text, enabling the transfer of graphics, audio, and video files over the Internet mail system. Secure MIME (S/MIME) is an enhanced version of the MIME protocol that enables email security features by providing encryption, authentication, message integrity, and other related services.
True.
The statement accurately describes Multipurpose Internet Mail Extensions (MIME) and Secure MIME (S/MIME). MIME is a specification that extends the email message format to support the transfer of multimedia content, such as graphics, audio, and video files, over the Internet mail system. S/MIME is an enhanced version of MIME that adds security features to email communication.
These features include encryption to protect the confidentiality of messages, authentication to verify the identity of the sender, and message integrity to ensure that the content has not been tampered with during transit. Therefore, the statement is true.
Which protocol enables secure, real-time delivery of audio and video over an IP network?
S/MIME
RTP
SIP
SRTP
SRTP is correct.
SRTP (Secure Real-time Transport Protocol) enhances RTP (Real-time Transport Protocol) by providing encryption, authentication, and replay protection for real-time audio and video communication over IP networks. It ensures the confidentiality, integrity, and authenticity of transmitted data, safeguarding against eavesdropping and tampering. SRTP is commonly used in VoIP systems and video conferencing applications to ensure secure communication.
S/MIME (Secure/Multipurpose Internet Mail Extensions): S/MIME is a protocol used for securing email communication by providing encryption, authentication, and message integrity services. It is not specifically designed for real-time audio and video delivery over IP networks.
RTP (Real-time Transport Protocol): RTP is a protocol used for transmitting audio and video data in real time over IP networks. While RTP provides the mechanism for real-time delivery, it does not inherently provide security features such as encryption.
SIP (Session Initiation Protocol): SIP is a signaling protocol used for initiating, maintaining, and terminating communication sessions, such as voice and video calls, over IP networks. While SIP is used in conjunction with RTP for real-time communication, it does not provide security features on its own.
LDAPS
LDAPS (Lightweight Directory Access Protocol over Secure Socket Layer) is a protocol used for secure communication with directory services, such as Active Directory. It operates similarly to LDAP but adds an extra layer of security by using SSL/TLS encryption to protect data transmission. LDAPS encrypts the communication channel between the LDAP client and server, ensuring that sensitive information, such as user credentials and directory data, remains confidential and secure from eavesdropping and tampering. It is commonly used in environments where data security and privacy are critical requirements, such as enterprise networks and identity management systems.
Authentication protocol
Authentication protocol: An authentication protocol is a set of rules and procedures used to verify the identity of users or devices attempting to access a system or network. It typically involves exchanging credentials, such as usernames and passwords, certificates, or biometric data, to authenticate the identity of the entity seeking access.
Secure directory access protocol
Secure directory access protocol: Secure directory access protocol refers to protocols used to securely access directory services, such as LDAP (Lightweight Directory Access Protocol) over SSL/TLS (LDAPS). These protocols ensure that directory data, including user and device information, is accessed securely and confidentially, typically through encryption and authentication mechanisms.
Address resolution protocol
Address resolution protocol: Address Resolution Protocol (ARP) is a protocol used to map IP addresses to physical MAC addresses on a local network. It enables devices to discover the hardware address associated with a given IP address, allowing for the proper delivery of data packets within a local network segment.
File exchange protocol
File exchange protocol: File exchange protocol refers to protocols designed for the transfer of files between computers over a network. Examples include FTP (File Transfer Protocol), SFTP (SSH File Transfer Protocol), and SCP (Secure Copy Protocol). These protocols provide mechanisms for secure and reliable file transfer, often including encryption, authentication, and data integrity checks.
Which of the following protocols allow(s) for secure file transfer? (Select all that apply)
FTPS
TFTP
FTP
SFTP
The protocols that allow for secure file transfer are:
FTPS (File Transfer Protocol Secure): FTPS is an extension of FTP that adds support for SSL/TLS encryption for secure data transmission. It provides authentication and encryption mechanisms to protect file transfers from eavesdropping and tampering.
SFTP (SSH File Transfer Protocol): SFTP is a secure file transfer protocol that operates over SSH (Secure Shell) to provide secure file access, transfer, and management. It encrypts data during transmission and provides authentication mechanisms to ensure secure communication between client and server.
TFTP (Trivial File Transfer Protocol) and FTP (File Transfer Protocol) do not provide inherent security features for file transfer.
TFTP is a simple file transfer protocol that operates over UDP (User Datagram Protocol) and does not include built-in encryption or authentication mechanisms. As a result, data transmitted using TFTP is not secure and can be intercepted or modified by malicious actors.
FTP, while widely used for file transfer, also lacks inherent security features. It sends data in plaintext, making it susceptible to eavesdropping and unauthorized access. Although FTPS (File Transfer Protocol Secure) is a secure version of FTP that adds support for SSL/TLS encryption, the base FTP protocol itself does not provide security.
T/F
Secure File Transfer Protocol (SFTP) is an extension to the FTP protocol that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols.
This statement is not accurate. Secure File Transfer Protocol (SFTP) is actually a completely different protocol from FTP and does not rely on TLS or SSL for security.
SFTP (SSH File Transfer Protocol) operates over SSH (Secure Shell) and uses SSH’s secure communication channels to encrypt data during transmission. It provides secure file transfer, remote file management, and access to remote file systems. SFTP is often preferred over FTP for its enhanced security features, including encryption and authentication mechanisms provided by SSH.
In contrast, FTPS (File Transfer Protocol Secure) is the extension of FTP that adds support for TLS (Transport Layer Security) and SSL (Secure Sockets Layer) cryptographic protocols. FTPS secures the communication channel between the client and server using SSL/TLS encryption, providing similar security features to SFTP but within the context of the FTP protocol.
T/F
FTPS is an extension to the Secure Shell (SSH) protocol and runs by default on port number 22.
This statement is incorrect. FTPS (File Transfer Protocol Secure) is not an extension to the Secure Shell (SSH) protocol. Instead, FTPS is an extension of the FTP (File Transfer Protocol) that adds support for SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption for secure data transmission.
FTPS typically runs over TCP (Transmission Control Protocol) ports 989 for FTPS control connections and 990 for FTPS data connections when using explicit FTPS (FTP over SSL/TLS). However, it can also use other port numbers depending on the configuration.
Which version(s) of the SNMP protocol offer(s) authentication based on community strings sent in an unencrypted form? (Select all that apply)
SNMPv1
SNMPv2
SNMPv3
SNMPv4
SNMP stands for Simple Network Management Protocol. It is a protocol used for managing and monitoring network devices and systems, such as routers, switches, servers, printers, and other network-attached devices. SNMP allows network administrators to remotely monitor device performance, collect statistical data, and manage configurations.
SNMPv1 and SNMPv2 offer authentication based on community strings sent in an unencrypted form.
T/F
Of the three existing versions of the Simple Network Management Protocol (SNMP), versions 1 and 2 (SNMPv1 and SNMPv2) offer authentication based on community strings sent in an unencrypted form (in cleartext). SNMPv3 provides packet encryption, authentication, and hashing mechanisms that allow for checking whether data has changed in transit (i.e. validation of data integrity).
SNMPv3 represents a significant leap forward in network management security, offering robust encryption, authentication, authorization, and data integrity mechanisms to protect sensitive information exchanged between SNMP managers and agents. With packet encryption ensuring confidentiality, authentication mechanisms verifying the identities of users and devices, authorization controls defining access privileges, and data integrity validation ensuring message integrity, SNMPv3 provides a comprehensive security framework to safeguard against eavesdropping, tampering, and unauthorized access. This enhanced security posture makes SNMPv3 an indispensable tool for organizations seeking to maintain the confidentiality, integrity, and availability of their network management data in today’s threat landscape.
What is the name of a network protocol that secures web traffic via SSL/TLS encryption?
SFTP
HTTPS
FTPS
SNMP
HTTPS (Hypertext Transfer Protocol Secure) is the secure version of HTTP, the protocol used for transmitting data between a web browser and a website. It employs SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption to ensure the confidentiality and integrity of data exchanged between the client (web browser) and the server (website).
When a user accesses a website via HTTPS, the communication is encrypted, preventing eavesdropping and tampering by malicious actors. This encryption is particularly crucial for sensitive transactions such as online banking, e-commerce purchases, and transmitting personal information, as it protects users’ sensitive data from interception and unauthorized access. Additionally, HTTPS provides authentication mechanisms to verify the identity of the website, enhancing trust and security for users browsing the web.