Securing TCP/IP Flashcards
What is cleartext
Unencrypted, readable data. Includes binary that a computer can read.
How does the encryption process work?
Binary > Cipher > Key > Algorithm
The key is different each time, and effects the Algorithm’s output.
An 8-bit key will produce an 8-bit length encryption key. How does this effect files that are bigger than 8 bits?
The encryption is simply repeated upon each group of 8 bits.
What is symmetric encryption?
When the key pairs can both encrypt and decrypt the data sent between them
What is block-cipher encryption?
It encrypts in specific lengths ( in bits)
If for example it encrypts 128-bits it will encrypt the first 128 bits using one encryption key, and then a different key for all subsequent 128-bit groups in the data.
What is a stream cipher?
Using a different key for each bit in the data.
What is a hash
Converting data into a fixed length data string. This is used to verify integrity of data.
What is SHA? and its number range
Secure hashing algorithm. The numbers in the names of each SHA is the bit length of the hash it creates.
224-256
What are some real world applications of SHA-256?
SSH, Bitcoin, IPsec
What is the process for digital signatures
Message > hash > encrypt with private key > Send to client >Client decrypts > Compares hash received to one stored in browser > Verified certificate.
This message will include the third party verification also.
What’s included in the hashed and encrypted message sent to a client during the certificate validation process?
Public key, certificate information, third-party signature.
Where are the list of certificate authorities held (client-side)
In your browser
What is an example of a location, action and temporal attribute?
Location, Mobile screen pattern lock, access only during a specific time of day.
When would you use a self-signed certificate?
Internal use
What is network access control?
Forcing policies and rulesets upon the machines within a business. Not being allowed to enter the network unless you’re fully up to date and in compliance with the business’ security criteria is an example of network access control.
What is ACL and three of its sub-models?
Access control list is a method of security used to define permissions among users when accessing resources.
Mandatory AC - Every resource is labled with a level of security clearance
Discretionary AC - The owner of the file, at their own discretion, decides who can access the file.
Role-based AC - Based on user groups
What is PPP and 3 of its traits
Point to point protocol. Used to connect an initiator to a PC with authentication. This uses usernames and passwords, which the initiator will send over to the authenticating PC. This only allows ONE connection to ONE PC.
-Username and pass
-Plaintext
-No hash
What is PAP? and what is it used in?
Password authentication protocol is the username and password process used in point to point protocol (PPP)
It was succeeded by MS CHAP, (MS challenge handshake protocol) that, while still doing plaintext, hashes its passwords for mild security.
What form of PPP is still used in dial-up today?
MS-CHAPv2
-Username and pass
-Hashing
-No encryption (though the radius server will do this instead)
What is the purpose of a NAS?
NAS are the gateways people must go through to reach the inside of an enterprise network. You connect to this over PPP. When you try to connect to a business network, you will send your authentication to the Network Access Server, which will then forward the information on to the RADIUS server, and send the result back to you once it has it.
What is PKI?
Public Key infrastructure is the method by which certificate authorities use intermediate and root certificate servers to provide authentication to servers.
Root CA servers will not directly provide certificates, as they contain sensitive information regarding how the certificate is made. Instead, an intermediate CA server will speak with the Root CA to get a stamp of approval, and then pass it to an issuing CA server.
What is NAC?
Network access control controls the access of devices on your network. It ensures that systems trying to gain access meet compliance requirements and are generally fit to be on the network without causing any issues.
What is PPP and its 3 variants
Point to point protocol is a method by which two computers communicate directly, using a password and username to authenticate before talking to one another.
Password Authentication protocol - Username and pass. Sent in clear text.
Challenge handshake protocol - Hashes username and password instead of clear text.
MS CHAP v2 - Same as CHAP, really.
What is the order through which a dial up client would reach a radius server for authentication?
Creds > Network access server > Network access server forwards info to Radius > Radius verifies and returns result to NAS > NAS provides access
Most MS servers come with Internet Access Service. What is Internet Access Service used for?
It enables the usage of RADIUS.
What is the purpose of a network access server?
PPP implies a direct connection to the recipient. When you use PPP, it is presumed that the system you connect to holds all of the data needed to authenticate. In the case of large networks, this is not true. As a result, a Network Access Server relays information to the Radius server without exposing the server itself to the public, allowing for PPP to be verified through a long network while also meeting the requirements of a direct connection.
What’s the difference between RADIUS, TACACS and Kerberos
TACACS+ provide significantly more granularity of authorization control and is used in many deployments today.
Kerberos is purely an authentication protocol. Second Kerberos tells the network services who you are. - Authenticates Users
On the other hand, RADIUS is an A-A-A protocol. RADIUS asked to allow a particular device or user to access the network. - Authenticates computers
What does TACACS stand for?
Terminal access control access system plus
Between Radius, TACACS and Kerberos, which are PPP?
TACACS, RADIUS
What is a domain controller?
The server that holds the AD information
How does the kerberos Access Token setup work?
Client creds > Authentication server > AS provides Ticket Granting Ticket > Client sends Ticket granting ticket to ticket granting system > Ticket granting system provides client with an access token
What is an access token?
An access token is referenced when you access resources. Your access token decides what permissions you have on a network and must be refreshed every 8 hours.
What happens if the kerberos KDC goes down?
The Kerberos Key Distribution Center (KDC) service supplies both session tickets and session keys in an Active Directory domain. If this goes down, no one can access anything.
What terminal access method can be used to tunnel for many times of programs?
SSH
True or false: For SSH, you can have a pre-made public and private key you use to connect to a session instead of login details
True
What is tunnelling?
Simply an encrypted conversation between two endpoints.
What are SSL/TLS and IPSec’s purpose?
They act as the wrapping paper (encryption) and authentication (certificates) for packets sent over certian protocols such as HTTPS, Secure Mail Transfer Protocol, POP3S, IMAPS, etc.
What are the two modes Ipsec has?
Transport mode: Only the payload of the packet is encrypted, meaning that IP headers and information are open to attack.
Tunnel mode: Everything is encrypted.
What are IPsec’s two inner protocols?
Authentication Header AH: Data integrity/Authentication, but no encryption.
Encapsulation Security Protocol: Encryption, authentication, Encryption. This is the choice of many and outperforms AH.
What are the ports for IMAPS and POP3S
993, 995
What is SCP (Secure copy protocol?)
A lame version of FTP with no directories to navigate through.
What level does IPsec work on?
Level 3, Network layer.
What is the purpose of SNMP
Simple network management protocol is used to monitor network devices remotely. Things such as CPU usage, network utilisation, detailed firewalls etc can be accessed through it.
Which network protocol requires the use of agents (Applications)) to use?
Simple Network Management Protocol
What is the current best standard for SNMP?
SNMPv3 provides encryption security
What is LDAP?
Lightweight directory access protocol is mostly used by domain controllers automatically, and will rarely be used manually. This protocol is used to query and change databases that hold information such as printer locations, DHCP clients and more. Active directory would be an example of one of these databases.
Any encryption that uses the same key for encryption and decryption is called?
A. Encoded key
B. Symmetric key
C. Single key
D. Synthetic key
B. Symmetric key
A(n) _______________ cipher encrypts the plaintext one bit at a time.
A. block
B. forwarding
C. stream
D. asymmetric
C. stream
In a PKI encryption method, which key encrypts the data?
A. Public
B. Private
C. Both
D. Depends on who sends the data
A. Public
The process of verifying with a high degree of confidence that the sender is who the receiver thinks he or she should be is called _______________.
A. PKI
B. authentication
C. locking
D. nonrepudiation
D. nonrepudiation
A hash function is by definition a _______________.
A. complex function
B. PKI function
C. one-way function
D. systematic function
C. one-way function
Which of the following is a hash function?
A. SHA-256
B. RC4
C. AES
D. BMX
A. SHA-256
In order to have a PKI you must have a(n) _______________.
A. Web server
B. Web of trust
C. root authority
D. unsigned certificate
C. root authority
Which type of access control requires a label to define its sensitivity?
A. MAC
B. DAC
C. RBAC
D. VAC
A. MAC Mandatory access control
Which authentication standard is highly time sensitive?
A. PAP
B. RADIUS
C. 802.1X
D. Kerberos
D. Kerberos
