Securing TCP/IP Flashcards
Process of guaranteeing that someone can’t deny that they sent a message; message can be traced back to the sender
nonrepudiation
Encryption using the same key for the encryption and decryption
symmetric-key algorithm
Encryption using different keys for the encryption and decryption
asymmetric-key algorithm
Grandaddy of all symmetric-key algorithms, it used a 64-bit block and 56-bit key for encryption; susceptible to brute force
Data Encryption Standard (DES)
Symmetric algorithm in which data is encrypted in discrete chunks of a certain length
block cipher
Symmetric algorithm in which data is encrypted one bit at a time; quick and popular with older wireless network or cell phones
stream cipher
Popular stream cipher that was fast, easy to use, and free; considered a legacy cipher due to found weaknesses
Rivest Cipher 4 (RC4)
Symmetric algorithm that uses a 128-bit block size and a 128-, 192-, or 256-bit key for encryption; most popular symmetric algorithm
Advanced Encryption Standard (AES)
Primary asymmetric implementation where one user keeps a private key to himself and send a public key to another; data is encrypted using the public key, the decrypted later using the private key; today, this is done by encrypting and decrypting a symmetric key
public-key cryptography
system used by most asymmetric cryptographic implementations
RSA (Rivest, Shamir, and Adleman)
First commonly used hash, which resulted in a 128-bit message digest
Message-Digest Algorithm version 5 (MD5)
The primary family of cryptographic has functions used these days, which includes 3 different versions (version 1 no longer used, version 2 is most popular right now)
Secure Hash Algorithm (SHA)
A special form of MD5 used by SMTP servers, it is used as a tool for server authentication
Challenge-Response Authentication Mechanism-Message Digest 5 (CRAM-MD5)
Organization/tree of certificate authorities; sometimes consists of root CA’s, intermediate CA’s, and issuing CA’s
public-key infrastructure (PKI)
A newer series of protection applications that combine features previously done my multiple applications; these prevent computers lacking anti-malware and patches from accessing the network and create policies for what systems can do on a network
Network Access Control (NAC)
Security model where each resource is assigned a label defining its security level, and any user without that level of security is not granted access; oldest and least used
mandatory access control (MAC)
Security model where an “owner” of a resource assigns access to that resource - more flexible
discretionary access control (DAC)
Security model where a user’s access to a resource is based on their roles in the network; this is typically linked to groups the user is linked to; most popular for file sharing
role-based access control (RBAC)
Protocol enabling two point-to-point devices to connect, authenticate, and negotiate the network protocol to be used
point-to-point protocol (PPP)
Included with PPP, this protocol provides a more secure authentication routine by hashing using a shared secret, like a passwords known by both sides
Challenge Handshake Authentication Protocol (CHAP)
Form of AAA standard created to support ISPs with hundreds of modems; consists of three devices: a server with access to a database of usernames and passwords, some NAS’s that control the modems, and systems that connect to the network
Remote Authentication Dial-In User Service (RADIUS)
Most popular choice of RADIUS server for Microsoft environments, included in most versions Windows Server OS’s
Internet Authentication Service (IAS)
AAA standard/protocol developed by Cisco to provide support in a system with many routers and switches, uses TCP port 49; uses PAP, CHAP, and MD5 hashes as well as Kerberos
Terminal Access Controller Access Control System Plus (TACACS+)
Authentication protocol used by all Windows networks using a domain controller; for networks with many clients connected to a single authenticating server - no point-to-point
Kerberos
