Securing TCP/IP Flashcards
Process of guaranteeing that someone can’t deny that they sent a message; message can be traced back to the sender
nonrepudiation
Encryption using the same key for the encryption and decryption
symmetric-key algorithm
Encryption using different keys for the encryption and decryption
asymmetric-key algorithm
Grandaddy of all symmetric-key algorithms, it used a 64-bit block and 56-bit key for encryption; susceptible to brute force
Data Encryption Standard (DES)
Symmetric algorithm in which data is encrypted in discrete chunks of a certain length
block cipher
Symmetric algorithm in which data is encrypted one bit at a time; quick and popular with older wireless network or cell phones
stream cipher
Popular stream cipher that was fast, easy to use, and free; considered a legacy cipher due to found weaknesses
Rivest Cipher 4 (RC4)
Symmetric algorithm that uses a 128-bit block size and a 128-, 192-, or 256-bit key for encryption; most popular symmetric algorithm
Advanced Encryption Standard (AES)
Primary asymmetric implementation where one user keeps a private key to himself and send a public key to another; data is encrypted using the public key, the decrypted later using the private key; today, this is done by encrypting and decrypting a symmetric key
public-key cryptography
system used by most asymmetric cryptographic implementations
RSA (Rivest, Shamir, and Adleman)
First commonly used hash, which resulted in a 128-bit message digest
Message-Digest Algorithm version 5 (MD5)
The primary family of cryptographic has functions used these days, which includes 3 different versions (version 1 no longer used, version 2 is most popular right now)
Secure Hash Algorithm (SHA)
A special form of MD5 used by SMTP servers, it is used as a tool for server authentication
Challenge-Response Authentication Mechanism-Message Digest 5 (CRAM-MD5)
Organization/tree of certificate authorities; sometimes consists of root CA’s, intermediate CA’s, and issuing CA’s
public-key infrastructure (PKI)
A newer series of protection applications that combine features previously done my multiple applications; these prevent computers lacking anti-malware and patches from accessing the network and create policies for what systems can do on a network
Network Access Control (NAC)
Security model where each resource is assigned a label defining its security level, and any user without that level of security is not granted access; oldest and least used
mandatory access control (MAC)
Security model where an “owner” of a resource assigns access to that resource - more flexible
discretionary access control (DAC)
Security model where a user’s access to a resource is based on their roles in the network; this is typically linked to groups the user is linked to; most popular for file sharing
role-based access control (RBAC)
Protocol enabling two point-to-point devices to connect, authenticate, and negotiate the network protocol to be used
point-to-point protocol (PPP)
Included with PPP, this protocol provides a more secure authentication routine by hashing using a shared secret, like a passwords known by both sides
Challenge Handshake Authentication Protocol (CHAP)
Form of AAA standard created to support ISPs with hundreds of modems; consists of three devices: a server with access to a database of usernames and passwords, some NAS’s that control the modems, and systems that connect to the network
Remote Authentication Dial-In User Service (RADIUS)
Most popular choice of RADIUS server for Microsoft environments, included in most versions Windows Server OS’s
Internet Authentication Service (IAS)
AAA standard/protocol developed by Cisco to provide support in a system with many routers and switches, uses TCP port 49; uses PAP, CHAP, and MD5 hashes as well as Kerberos
Terminal Access Controller Access Control System Plus (TACACS+)
Authentication protocol used by all Windows networks using a domain controller; for networks with many clients connected to a single authenticating server - no point-to-point
Kerberos
that which ID’s a user or group in a token, used for authorization
security identifier (SID)
SNMP’s version of a server which stores network information - agents access this for the info
Management Information Base (MIB)
Tool that programs use to query and change databases used by a network (AD, for example); computers use this to update the database on another computer; uses TCP and UDP ports 389 by default, though deprecated versions of this used TCP 636
Lightweight Directory Access Protocol (LDAP)
One of the first protocols after the intro to SSH used to securely transfer data between two hosts; last directory listing; still exists with the <> command-line utility in UNIX systems
Secure Copy Protocol (SCP)
