Securing TCP/IP

Question 1

What is cleartext

Answer 1

Unencrypted, readable data. Includes binary that a computer can read.

Question 2

How does the encryption process work?

Answer 2

Binary > Cipher > Key > Algorithm
The key is different each time, and effects the Algorithm’s output.

Question 3

An 8-bit key will produce an 8-bit length encryption key. How does this effect files that are bigger than 8 bits?

Answer 3

The encryption is simply repeated upon each group of 8 bits.

Question 4

What is symmetric encryption?

Answer 4

When the key pairs can both encrypt and decrypt the data sent between them

Question 5

What is block-cipher encryption?

Answer 5

It encrypts in specific lengths ( in bits)
If for example it encrypts 128-bits it will encrypt the first 128 bits using one encryption key, and then a different key for all subsequent 128-bit groups in the data.

Question 6

What is a stream cipher?

Answer 6

Using a different key for each bit in the data.

Question 7

What is a hash

Answer 7

Converting data into a fixed length data string. This is used to verify integrity of data.

Question 8

What is SHA? and its number range

Answer 8

Secure hashing algorithm. The numbers in the names of each SHA is the bit length of the hash it creates.
224-256

Question 9

What are some real world applications of SHA-256?

Answer 9

SSH, Bitcoin, IPsec

Question 10

What is the process for digital signatures

Answer 10

Message > hash > encrypt with private key > Send to client >Client decrypts > Compares hash received to one stored in browser > Verified certificate.
This message will include the third party verification also.

Question 11

What’s included in the hashed and encrypted message sent to a client during the certificate validation process?

Answer 11

Public key, certificate information, third-party signature.

Question 12

Where are the list of certificate authorities held (client-side)

Answer 12

In your browser

Question 13

What is an example of a location, action and temporal attribute?

Answer 13

Location, Mobile screen pattern lock, access only during a specific time of day.

Question 14

When would you use a self-signed certificate?

Answer 14

Internal use

Question 15

What is network access control?

Answer 15

Forcing policies and rulesets upon the machines within a business. Not being allowed to enter the network unless you’re fully up to date and in compliance with the business’ security criteria is an example of network access control.

Question 16

What is ACL and three of its sub-models?

Answer 16

Access control list is a method of security used to define permissions among users when accessing resources.

Mandatory AC - Every resource is labled with a level of security clearance
Discretionary AC - The owner of the file, at their own discretion, decides who can access the file.
Role-based AC - Based on user groups

Question 17

What is PPP and 3 of its traits

Answer 17

Point to point protocol. Used to connect an initiator to a PC with authentication. This uses usernames and passwords, which the initiator will send over to the authenticating PC. This only allows ONE connection to ONE PC.

-Username and pass
-Plaintext
-No hash

Question 18

What is PAP? and what is it used in?

Answer 18

Password authentication protocol is the username and password process used in point to point protocol (PPP)
It was succeeded by MS CHAP, (MS challenge handshake protocol) that, while still doing plaintext, hashes its passwords for mild security.

Question 19

What form of PPP is still used in dial-up today?

Answer 19

MS-CHAPv2
-Username and pass
-Hashing
-No encryption (though the radius server will do this instead)

Question 20

What is the purpose of a NAS?

Answer 20

NAS are the gateways people must go through to reach the inside of an enterprise network. You connect to this over PPP. When you try to connect to a business network, you will send your authentication to the Network Access Server, which will then forward the information on to the RADIUS server, and send the result back to you once it has it.

Question 21

What is PKI?

Answer 21

Public Key infrastructure is the method by which certificate authorities use intermediate and root certificate servers to provide authentication to servers.
Root CA servers will not directly provide certificates, as they contain sensitive information regarding how the certificate is made. Instead, an intermediate CA server will speak with the Root CA to get a stamp of approval, and then pass it to an issuing CA server.

Question 22

What is NAC?

Answer 22

Network access control controls the access of devices on your network. It ensures that systems trying to gain access meet compliance requirements and are generally fit to be on the network without causing any issues.

Question 23

What is PPP and its 3 variants

Answer 23

Point to point protocol is a method by which two computers communicate directly, using a password and username to authenticate before talking to one another.
Password Authentication protocol - Username and pass. Sent in clear text.
Challenge handshake protocol - Hashes username and password instead of clear text.
MS CHAP v2 - Same as CHAP, really.

Question 24

What is the order through which a dial up client would reach a radius server for authentication?

Answer 24

Creds > Network access server > Network access server forwards info to Radius > Radius verifies and returns result to NAS > NAS provides access

Question 25

Most MS servers come with Internet Access Service. What is Internet Access Service used for?

Answer 25

It enables the usage of RADIUS.

Question 26

What is the purpose of a network access server?

Answer 26

PPP implies a direct connection to the recipient. When you use PPP, it is presumed that the system you connect to holds all of the data needed to authenticate. In the case of large networks, this is not true. As a result, a Network Access Server relays information to the Radius server without exposing the server itself to the public, allowing for PPP to be verified through a long network while also meeting the requirements of a direct connection.

Question 27

What’s the difference between RADIUS, TACACS and Kerberos

Answer 27

TACACS+ provide significantly more granularity of authorization control and is used in many deployments today.
Kerberos is purely an authentication protocol. Second Kerberos tells the network services who you are. - Authenticates Users
On the other hand, RADIUS is an A-A-A protocol. RADIUS asked to allow a particular device or user to access the network. - Authenticates computers

Question 28

What does TACACS stand for?

Answer 28

Terminal access control access system plus

Question 29

Between Radius, TACACS and Kerberos, which are PPP?

Answer 29

TACACS, RADIUS

Question 30

What is a domain controller?

Answer 30

The server that holds the AD information

Question 31

How does the kerberos Access Token setup work?

Answer 31

Client creds > Authentication server > AS provides Ticket Granting Ticket > Client sends Ticket granting ticket to ticket granting system > Ticket granting system provides client with an access token

Question 32

What is an access token?

Answer 32

An access token is referenced when you access resources. Your access token decides what permissions you have on a network and must be refreshed every 8 hours.

Question 33

What happens if the kerberos KDC goes down?

Answer 33

The Kerberos Key Distribution Center (KDC) service supplies both session tickets and session keys in an Active Directory domain. If this goes down, no one can access anything.

Question 34

What terminal access method can be used to tunnel for many times of programs?

Answer 34

SSH

Question 35

True or false: For SSH, you can have a pre-made public and private key you use to connect to a session instead of login details

Answer 35

True

Question 36

What is tunnelling?

Answer 36

Simply an encrypted conversation between two endpoints.

Question 37

What are SSL/TLS and IPSec’s purpose?

Answer 37

They act as the wrapping paper (encryption) and authentication (certificates) for packets sent over certian protocols such as HTTPS, Secure Mail Transfer Protocol, POP3S, IMAPS, etc.

Question 38

What are the two modes Ipsec has?

Answer 38

Transport mode: Only the payload of the packet is encrypted, meaning that IP headers and information are open to attack.
Tunnel mode: Everything is encrypted.

Question 39

What are IPsec’s two inner protocols?

Answer 39

Authentication Header AH: Data integrity/Authentication, but no encryption.
Encapsulation Security Protocol: Encryption, authentication, Encryption. This is the choice of many and outperforms AH.

Question 40

What are the ports for IMAPS and POP3S

Answer 40

993, 995

Question 41

What is SCP (Secure copy protocol?)

Answer 41

A lame version of FTP with no directories to navigate through.

Question 42

What level does IPsec work on?

Answer 42

Level 3, Network layer.

Question 43

What is the purpose of SNMP

Answer 43

Simple network management protocol is used to monitor network devices remotely. Things such as CPU usage, network utilisation, detailed firewalls etc can be accessed through it.

Question 44

Which network protocol requires the use of agents (Applications)) to use?

Answer 44

Simple Network Management Protocol

Question 45

What is the current best standard for SNMP?

Answer 45

SNMPv3 provides encryption security

Question 46

What is LDAP?

Answer 46

Lightweight directory access protocol is mostly used by domain controllers automatically, and will rarely be used manually. This protocol is used to query and change databases that hold information such as printer locations, DHCP clients and more. Active directory would be an example of one of these databases.

Question 47

Any encryption that uses the same key for encryption and decryption is called?
A. Encoded key
B. Symmetric key
C. Single key
D. Synthetic key

Answer 47

B. Symmetric key

Question 48

A(n) _______________ cipher encrypts the plaintext one bit at a time.
A. block
B. forwarding
C. stream
D. asymmetric

Answer 48

C. stream

Question 49

In a PKI encryption method, which key encrypts the data?
A. Public
B. Private
C. Both
D. Depends on who sends the data

Answer 49

A. Public

Question 50

The process of verifying with a high degree of confidence that the sender is who the receiver thinks he or she should be is called _______________.
A. PKI
B. authentication
C. locking
D. nonrepudiation

Answer 50

D. nonrepudiation

Question 51

A hash function is by definition a _______________.
A. complex function
B. PKI function
C. one-way function
D. systematic function

Answer 51

C. one-way function

Question 52

Which of the following is a hash function?
A. SHA-256
B. RC4
C. AES
D. BMX

Answer 52

A. SHA-256

Question 53

In order to have a PKI you must have a(n) _______________.
A. Web server
B. Web of trust
C. root authority
D. unsigned certificate

Answer 53

C. root authority

Question 54

Which type of access control requires a label to define its sensitivity?
A. MAC
B. DAC
C. RBAC
D. VAC

Answer 54

A. MAC Mandatory access control

Question 55

Which authentication standard is highly time sensitive?
A. PAP
B. RADIUS
C. 802.1X
D. Kerberos

Answer 55

D. Kerberos