Securing TCP/IP

Question 1

5 areas of TCP/IP Security

Answer 1

Encryption - scramble, mix up or change data
Integrity - data is received is the same as data sent
nonrepudiation - person can not deny they took a specific action
authentication - verify person accessing data
authroization - what can authorized person do with data

Question 2

symmetric-key algorithm

Answer 2

same key for both encryption and decryption

Question 3

asymmetric-key algorithm

Answer 3

different key for encryption and decryption

Question 4

block cipehers

Answer 4

name of most symmetric key algorithms

- encrypt chunks of data of a certain length at a time

Question 5

DES

Answer 5

Data Encryption Standard
64 bit block
56 bit key
susceptible to brute-force attacks

Question 6

stream ciphers

Answer 6

takes a single bit and encrypts it on the fly

Question 7

RC4

Answer 7

Rivest Cipher 4

• fast easy to use and free
• stream cipher

Question 8

AES

Answer 8

Advanced Encryption Standards

• block cipher
• 128, 192 or 256 bit key size

Question 9

public-key cryptography

Answer 9

primary asymmetric key algorithm

Question 10

encryption at each layer

Answer 10

1 - no encryption at this layer except bigger WAN tech like SONET
2 - no encryption done at this layer
3 - only IPSec, typically software that encrypts the IP packet, new outer layer encapsulates and encrypts inner packet
4 - neither TCP or UDP offers any encryption
5, 6, 7 - important encryption standards such as SSL and TSL

Question 11

hash

Answer 11

mathmatical function that you run on a string of binary digits of any length that results in a value of some fixed length (often called a checksum or message digest)

Question 12

cyptographic hash

Answer 12

• one way function
• hash is irreversible
• can be used to verify file integrity

Question 13

md5

Answer 13

message-digest algorithm version 5

- 128-bit message digest

Question 14

SHA

Answer 14

secure hash algorithm

• includes sha-1, sha-2, and sha-3
• sha-1 produces 160-bit message digest
• sha-2 has four variants
  
  • sha-224 (224 bit message digest)
  • sha-256
  • sha-384
  • sha-512
• sha-3 comes in 4 variants
  
  • sha3-224
  • sha3-256
  • sha3-384
  • sha3-512

Question 15

CRAM-MD5

Answer 15

tool for server authentication

Question 16

digital signature

Answer 16

a hash of the public key encrypted by the private key

Question 17

certificate

Answer 17

standardized type of file that includes a public key with a digital signatuure, and the digital signature of a trusted 3rd party

Question 18

NAC

Answer 18

Network Access Control

• usually prevents computers lacking anti-malware and patches from accessing the network
• creates policies that define what individiual systems can do on the network

Question 19

ACL

Answer 19

Access Control List

• clearly defined list of permissions that specifies what an authenticated user may perform on a shared resource
• three ACL models: mandatory, discretionary and role based

Question 20

Mandatory Access Control

Answer 20

MAC

• every resource is assigned a label that defines it security level
• if user lacks level, they don’t get access
• used in OS to determine what programs have access to other programs stored in RAM

Question 21

Discretionary Access Control

Answer 21

DAC

- resource owner controls access

Question 22

Role-based Access Control

Answer 22

RBAC

- managed by groups

Question 23

PPP

Answer 23

Point-to-Point Protocol

• enables to PPP devices to connnect, authenticate with a user/pass and netgotiate network protocol to use
• two methods of authentication, PAP and CHAP

Question 24

PAP

Answer 24

Password Authentication Protocol

- PPP protocol that simply transmits the user/pass in plaintext

Question 25

CHAP

Answer 25

Challenge Handshake Authentication Protocol

• PPP protocol relies on a shared secret, usually a password that both ends of the connection knows
• client creates a hash of password, sends to host
• host compares has to password
• periodically repeats the entire process to prevent man-in-the-middle attacks

Question 26

Microsft CHAP

Answer 26

MS-CHAPv2

• most common authentication method for dialup connections
• offers most security

Question 27

AAA

Answer 27

Authentication, Authorization, and Accounting

• port authentication
• alooows remote users authentication to a particular point of entry (port) to another network

Question 28

RADIUS

Answer 28

Remote Authentication Dial-In User Service

• created to support ISPs with thousands of modems to connect to a central database
• consists of 3 devices
  
  • server that has access to a database of usernames and passwords
  • number of Network Access Servers (NASs) that control themodems
  • and a group of systems that in some way connect ot the network

Question 29

RADIUS server programs

Answer 29

IAS - Internet Authentication Service for MS Server

FreeRADIUS - Unix/Linux

Question 30

RADIUS ports

Answer 30

UDP port 1812 and 1813

UDP 1645 and 1646

Question 31

TACACS+

Answer 31

Terminal Access Controller Access Control SYstem Plus

• created by cisco to support AAA in a network with many routers and switches
• very similar to RADIUS but uses port 49 by default
• separates AAA into 3 parts
• uses PAP, CHAP and MD5, but can use Kerberos

Question 32

Kerberos

Answer 32

an authentication protocol for TCP/IP networks with many clients all connected to a single authenticating server, no PPP

• used in MS domains
• uses UDP or TCP port 88
• KDC (key distribution center) has two process
  
  • Authentication Server (AS)
  • Ticket-granting Service (TGS)
  • token includes Security Identifier (SID) plus SIDs for groups the user is a member of
  • uses timestamps
  • if KDC goes down, no one has access
  • timestamps require everyones clocks are synced

Question 33

Single-sign On

Answer 33

ability to log in only one time and use the same token to access any resource

Question 34

SSH

Answer 34

Secure Shell

- use PKI in the form of an RSA key

Question 35

tunnel

Answer 35

secure links between tow programs on separate computers

Question 36

SSL

Answer 36

Secure Sockets LAyer

• requires server with certificate
• uses symmetic-key cipher
• creates encrypted tunnel between SSL server and client

Question 37

TLS

Answer 37

Transport Layer Security

• upgrade to SSL
• works with almost any application

Question 38

IPsec

Answer 38

internet Protocol Security

• works at internet/network layer
• dominant encryption suite
• works in transport mode and tunnel mode
  
  • transport - only payload of packet is encrypted
  • tunnel - entire packet is encrypted and placed inside another packet

Question 39

CRLs

Answer 39

Certificate Revocation Lists

- third party that tracks if certs have been revoked

Question 40

SCP

Answer 40

Secure Copy Protocol

- transfer data securely between two hosts using SSH

Question 41

SFTP

Answer 41

replacement for FTP

• uses FTP over SSH
• TCP port 23

Question 42

SNMP

Answer 42

Simple Network Management Protocol

• queries state of SNMP capable devices
• uses agents (special client programs) to collect network information from a management information base (MIB)
• v1 & v2 unencrypted
• v3 encrypted

Question 43

LDAP

Answer 43

Lightweight Directory Access Protocol
- tool that programs use to query aqnd change a database used by the network
- can talk to Active Directory and other directory service providers to query and change items
uses TCP and UDP port 389

Question 44

LDAPS

Answer 44

• secure version of LDAP
• now depricated
  used TCP port 636

Question 45

NTP

Answer 45

Network Time Protocol

- gives current time

Question 46

In PKI wihch key encrypts the data

Answer 46

public

Question 47

In order to have PKI, you must have

Answer 47

root authority