Securing TCP/IP

Question 1

Process of guaranteeing that someone can’t deny that they sent a message; message can be traced back to the sender

Answer 1

nonrepudiation

Question 2

Encryption using the same key for the encryption and decryption

Answer 2

symmetric-key algorithm

Question 3

Encryption using different keys for the encryption and decryption

Answer 3

asymmetric-key algorithm

Question 4

Grandaddy of all symmetric-key algorithms, it used a 64-bit block and 56-bit key for encryption; susceptible to brute force

Answer 4

Data Encryption Standard (DES)

Question 5

Symmetric algorithm in which data is encrypted in discrete chunks of a certain length

Answer 5

block cipher

Question 6

Symmetric algorithm in which data is encrypted one bit at a time; quick and popular with older wireless network or cell phones

Answer 6

stream cipher

Question 7

Popular stream cipher that was fast, easy to use, and free; considered a legacy cipher due to found weaknesses

Answer 7

Rivest Cipher 4 (RC4)

Question 8

Symmetric algorithm that uses a 128-bit block size and a 128-, 192-, or 256-bit key for encryption; most popular symmetric algorithm

Answer 8

Advanced Encryption Standard (AES)

Question 9

Primary asymmetric implementation where one user keeps a private key to himself and send a public key to another; data is encrypted using the public key, the decrypted later using the private key; today, this is done by encrypting and decrypting a symmetric key

Answer 9

public-key cryptography

Question 10

system used by most asymmetric cryptographic implementations

Answer 10

RSA (Rivest, Shamir, and Adleman)

Question 11

First commonly used hash, which resulted in a 128-bit message digest

Answer 11

Message-Digest Algorithm version 5 (MD5)

Question 12

The primary family of cryptographic has functions used these days, which includes 3 different versions (version 1 no longer used, version 2 is most popular right now)

Answer 12

Secure Hash Algorithm (SHA)

Question 13

A special form of MD5 used by SMTP servers, it is used as a tool for server authentication

Answer 13

Challenge-Response Authentication Mechanism-Message Digest 5 (CRAM-MD5)

Question 14

Organization/tree of certificate authorities; sometimes consists of root CA’s, intermediate CA’s, and issuing CA’s

Answer 14

public-key infrastructure (PKI)

Question 15

A newer series of protection applications that combine features previously done my multiple applications; these prevent computers lacking anti-malware and patches from accessing the network and create policies for what systems can do on a network

Answer 15

Network Access Control (NAC)

Question 16

Security model where each resource is assigned a label defining its security level, and any user without that level of security is not granted access; oldest and least used

Answer 16

mandatory access control (MAC)

Question 17

Security model where an “owner” of a resource assigns access to that resource - more flexible

Answer 17

discretionary access control (DAC)

Question 18

Security model where a user’s access to a resource is based on their roles in the network; this is typically linked to groups the user is linked to; most popular for file sharing

Answer 18

role-based access control (RBAC)

Question 19

Protocol enabling two point-to-point devices to connect, authenticate, and negotiate the network protocol to be used

Answer 19

point-to-point protocol (PPP)

Question 20

Included with PPP, this protocol provides a more secure authentication routine by hashing using a shared secret, like a passwords known by both sides

Answer 20

Challenge Handshake Authentication Protocol (CHAP)

Question 21

Form of AAA standard created to support ISPs with hundreds of modems; consists of three devices: a server with access to a database of usernames and passwords, some NAS’s that control the modems, and systems that connect to the network

Answer 21

Remote Authentication Dial-In User Service (RADIUS)

Question 22

Most popular choice of RADIUS server for Microsoft environments, included in most versions Windows Server OS’s

Answer 22

Internet Authentication Service (IAS)

Question 23

AAA standard/protocol developed by Cisco to provide support in a system with many routers and switches, uses TCP port 49; uses PAP, CHAP, and MD5 hashes as well as Kerberos

Answer 23

Terminal Access Controller Access Control System Plus (TACACS+)

Question 24

Authentication protocol used by all Windows networks using a domain controller; for networks with many clients connected to a single authenticating server - no point-to-point

Answer 24

Kerberos

Question 25

that which ID’s a user or group in a token, used for authorization

Answer 25

security identifier (SID)

Question 26

SNMP’s version of a server which stores network information - agents access this for the info

Answer 26

Management Information Base (MIB)

Question 27

Tool that programs use to query and change databases used by a network (AD, for example); computers use this to update the database on another computer; uses TCP and UDP ports 389 by default, though deprecated versions of this used TCP 636

Answer 27

Lightweight Directory Access Protocol (LDAP)

Question 28

One of the first protocols after the intro to SSH used to securely transfer data between two hosts; last directory listing; still exists with the <> command-line utility in UNIX systems

Answer 28

Secure Copy Protocol (SCP)