Securing TCP/IP

Question 1

regarding security what is : CIA

Answer 1

Confidentiality
Integrity
Availability

Question 2

these uses keys to encrypt cleartext into cyphertext

Answer 2

Algorithms

Question 3

An algorithm that uses the same key to encrpyt and decrypt is

Answer 3

Symmetric Encryption

Question 4

This is any unencrypted data:

Answer 4

cleartext

Question 5

this type of encryption uses a public and a private key:

Answer 5

asymmetric encyption

Question 6

For 2 people to communicate, they must exchange:

Answer 6

Public keys

Question 7

A ________ creates a fixed-size hash value

Answer 7

hash algorithm

Question 8

You see a lot of Hash algorithms when:

Answer 8

downloading stuff

Question 9

Examples of Hashes:

Answer 9

MD and SHA-1

Question 10

These are used for verifying data, not for encryption:

Answer 10

Hashes

Question 11

Hash values are always fixed:

Answer 11

in size

Question 12

Authentication is first and uses

Answer 12

Identification or what or which user are you like your, user name

Question 13

After you are identified as a valid user you then need to be

Answer 13

Authorized

Question 14

What are the 3 parts to any form of authentication

Answer 14

identify yours self
a password
authorization - defines what exactly you can do

Question 15

Authentication Attributes

Answer 15

Something you do
Something you exhibit
Someone you know
Somewhere you are

Question 15

____________ is actually proving that or your identity

Answer 15

authentication

Question 16

Radius network basically has a supplicant, or EU, Client ( mediator ), Server ( handles the authentication), possible Database ( has all the user id’s and passwords) and they use Ports:

Answer 16

UDP ports 1812-1813
UDP ports 1645-1646

Question 17

___________ provides AAA or ( authentication, authorization, and accounting. It is used a lot in wireless networks.

Answer 17

Radius

Question 18

This is a version of Radius that’s a proprietary system because of Cisco to handle a large network of routers and switches. This is rarely used in wireless networks.

Answer 18

TACACS+

Question 19

TACACS+ uses what port?

Answer 19

TCP port 49

Question 20

This authenication protocol is mainly designed for LAN’s. It is a Microsoft proprietary technology that is used in Windows Server. Designed for wired networks.

Answer 20

Kerberos

Question 21

Kerberos using Key Distribution Server (KDS)

Answer 21

Authenticating Server
Ticket Granting Service

Question 22

In Kerberos this is sent back to a client to authenticate but doesn’t authorize. The client then stamps the ticket and send it back. Finally the KDC send a time-stamped Token back granting authorization which is normally 8 hours.

Answer 22

Ticket Granting Token (TGT)

Question 23

Windows networks, especially running Kerberos requires that the ________ be set the same on all machines.

Answer 23

time

Question 24

To help with the broad range of authentication protocols in the world, this protocol enables flexible authentication as it acts like a big envelope that can manage or decide on what authentication needs to happen and primarily used on wireless networks:

Answer 24

Extensible Authentication Protocol ( EAP )

Question 25

This EAP uses or has a common key for everyone to login

Answer 25

EAP pre-shared key (EAP PSK)

Question 26

This EAP uses a standard uses just a standard username and Password for authentication

Answer 26

Protected Extensible Authentication Protocol (PEAP)

Question 27

This EAP that’s not used that often which uses a “Hash” is called:

Answer 27

EAP MD5

Question 28

these EAP’s use certificates

Answer 28

EAP TLS
EAP TTLS

Question 29

A “Single Sign-On” is used on a Windows LAN via:

Answer 29

Windows Active Directory or (AD)

Question 30

Trust domains on a Windows network are also called:

Answer 30

Federated systems

Question 31

This version of a single sign-on starts with a “IdP” or identity provider which will allow via a token to access web providers or other devices via a VPN.

Answer 31

Security Assertion Markup Language ( SAML )

Question 32

___________ provides a variety of service provider samples for SAML

Answer 32

SSOcircle

Question 33

Public and Privat keys can actually do the same think but we don’t

Question 34

Encrypted Hash is a

Answer 34

Digital Signature

Question 35

Public Key, My Digital Signature, third part guarantee saying that your signature is good, and their Digital Signature.

Answer 35

Digital Certificate

Question 36

3 ways to create a trust relationship:

Answer 36

Create your own Digital Certificate Or unsigned Certificate
Web of trust: where a lot of people trust each other, lot of work
Public Key Infrastructure (PKI) :hierarchy structure with root servers, starts with a Certificate of Authority, is the way we do the internet.

Question 37

There are 2 ways to verify that a certificate is valid:

Answer 37

OCSP
CRL

Question 38

Take your time and Read the Certificate error message

Question 39

A self-signed certificate can throw a_____ _______if it wasn’t issued by a Certificate Authority

Answer 39

443 error

Question 40

An ______ _________n be viewed then fixed either by getting a new certificate from it’s issuer or accepting the certificate in it’s current state.

Answer 40

expired certificate

Question 41

The setting to ________ ___________ to confirm the current validity of certificates is a good security setting

Answer 41

query OCSP