Securing TCP/IP Flashcards
regarding security what is : CIA
Confidentiality
Integrity
Availability
these uses keys to encrypt cleartext into cyphertext
Algorithms
An algorithm that uses the same key to encrpyt and decrypt is
Symmetric Encryption
This is any unencrypted data:
cleartext
this type of encryption uses a public and a private key:
asymmetric encyption
For 2 people to communicate, they must exchange:
Public keys
A ________ creates a fixed-size hash value
hash algorithm
You see a lot of Hash algorithms when:
downloading stuff
Examples of Hashes:
MD and SHA-1
These are used for verifying data, not for encryption:
Hashes
Hash values are always fixed:
in size
Authentication is first and uses
Identification or what or which user are you like your, user name
After you are identified as a valid user you then need to be
Authorized
What are the 3 parts to any form of authentication
identify yours self
a password
authorization - defines what exactly you can do
Authentication Attributes
Something you do
Something you exhibit
Someone you know
Somewhere you are
____________ is actually proving that or your identity
authentication
Radius network basically has a supplicant, or EU, Client ( mediator ), Server ( handles the authentication), possible Database ( has all the user id’s and passwords) and they use Ports:
UDP ports 1812-1813
UDP ports 1645-1646
___________ provides AAA or ( authentication, authorization, and accounting. It is used a lot in wireless networks.
Radius
This is a version of Radius that’s a proprietary system because of Cisco to handle a large network of routers and switches. This is rarely used in wireless networks.
TACACS+
TACACS+ uses what port?
TCP port 49
This authenication protocol is mainly designed for LAN’s. It is a Microsoft proprietary technology that is used in Windows Server. Designed for wired networks.
Kerberos
Kerberos using Key Distribution Server (KDS)
Authenticating Server
Ticket Granting Service
In Kerberos this is sent back to a client to authenticate but doesn’t authorize. The client then stamps the ticket and send it back. Finally the KDC send a time-stamped Token back granting authorization which is normally 8 hours.
Ticket Granting Token (TGT)
Windows networks, especially running Kerberos requires that the ________ be set the same on all machines.
time
To help with the broad range of authentication protocols in the world, this protocol enables flexible authentication as it acts like a big envelope that can manage or decide on what authentication needs to happen and primarily used on wireless networks:
Extensible Authentication Protocol ( EAP )
This EAP uses or has a common key for everyone to login
EAP pre-shared key (EAP PSK)
This EAP uses a standard uses just a standard username and Password for authentication
Protected Extensible Authentication Protocol (PEAP)
This EAP that’s not used that often which uses a “Hash” is called:
EAP MD5
these EAP’s use certificates
EAP TLS
EAP TTLS
A “Single Sign-On” is used on a Windows LAN via:
Windows Active Directory or (AD)
Trust domains on a Windows network are also called:
Federated systems
This version of a single sign-on starts with a “IdP” or identity provider which will allow via a token to access web providers or other devices via a VPN.
Security Assertion Markup Language ( SAML )
___________ provides a variety of service provider samples for SAML
SSOcircle
Public and Privat keys can actually do the same think but we don’t
Encrypted Hash is a
Digital Signature
Public Key, My Digital Signature, third part guarantee saying that your signature is good, and their Digital Signature.
Digital Certificate
3 ways to create a trust relationship:
Create your own Digital Certificate Or unsigned Certificate
Web of trust: where a lot of people trust each other, lot of work
Public Key Infrastructure (PKI) :hierarchy structure with root servers, starts with a Certificate of Authority, is the way we do the internet.
There are 2 ways to verify that a certificate is valid:
OCSP
CRL
Take your time and Read the Certificate error message
A self-signed certificate can throw a_____ _______if it wasn’t issued by a Certificate Authority
443 error
An ______ _________n be viewed then fixed either by getting a new certificate from it’s issuer or accepting the certificate in it’s current state.
expired certificate
The setting to ________ ___________ to confirm the current validity of certificates is a good security setting
query OCSP