Security+ Flashcards
“Subjects” are what?
Users or Groups that are accessing an object or resource
2 main components of IPSec?
Authentication Header (AH) Encapsulating Security Payload (ESP)
3 Primary IP Classes are?
Class A> 0.0.0.0 -> 127.255.255.255
Class B> 128.0.0.0 -> 191.255.255.255
Class C> 192.0.0.0 -> 192.255.255.255
AAA?
Authn
Authr
Accounting (tracking/auditing what-/where with logs)
What are the 4 models of Access Control?
ROLE Based Access Control (RBAC)
RULE Based Access Control
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
ARP?
Address Resolution Protocol - used once a packet makes it inside a network - ARP routes it to the correct machine on the network.
CHAP is similar to PAP in what way?
In what ways do they differ?
Both were used in PPP
Both use passwords or pins
PAP sent pins and passwords in the clear
CHAP uses a hashed password that is hashed with a nonce (number used once)
CIDR?
Classless Interdomain Routing notation
Cipher locks are?
Door with a code that requires punching in - mechanical or digital…
Corrective Controls include?
Intrusion Protection Systems or Active IDS - can engage to stop an ongoing attack
Backup and Recovery - can work to recover from an attack
Integrity?
Integrity provides assurances that data has not changed. This includes ensuring that no one has modified, tampered with, or corrupted the data.
Detective Controls include?
DETECTIVE CONTROLS:
- Log monitoring
- Trend analysis
- Security Auditing
- Video monitoring
- Motion detection
Deterrent Controls include?
Dogs, Guards, Laws.
Most of the Preventative Controls can also be thought of a Deterrent as well (as in Security Guards)
Difference between Preventative and Detective Controls
Preventative are ACTIVE controls - that can stop an incident
Detective are PASSIVE controls - that can’t in themselves stop an incident
DNS records are organized with what desigations?
A (IPv4) - address/host records
AAAA (IPv6) - address
PTR - pointers (opposite of an A - if queried with an IP, it will return a hostname)
MX - mail exchange
CNAME - aliases
What is EAP used for and what is it associated with?
Extensible Authentication Protocol (EAP)
Associated with RADIUS / Wireless Authentication
Uses Tokens, Smart Cards, Certificates
How are Hash’s created and what are they used for?
hash is simply a number created by executing a hashing algorithm against data, such as a file or message. As long as the data never changes, the resulting hash will always be the same. By comparing hashes created at two different times, you can determine if the original data is still the same. If the hashes are the same, the data is the same. If the hashes are different, the data has changed.
UDP vs. TCP?
UDP uses a connectionless session (no 3-way handshake like TCP)
In Discretionary Access Control what is the basic model?
User Centric / User Chooses. LEAST restrictive.
All files and folders have owners and permissions..
This is true for Unix/Linux and NTFS based file systems..
In the context of Redundancy - what does SPOF mean?
Single Point of Failure
IPSec? Associated with what 3 technologies?
IP security.
1) VPN by way of an Internet Key Exchange (IKE) over UDP
2) associated with IPv6, but can be used with v4.
3) ISAKAMP - sec assoc. key mgmt protocol
IPv4 vs IPv6 - how many bits in each part of the address?
32bit for v4
128 for v6
IPv6 format?
8 groups of hexadecimal numbers separated by colons e.g. 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Hex numbers are 4 characters long.
NDP?
Associated with?
Neighbor Discovery Protocol
IPv6
NetBIOS?
Network Basic Input/Output System
Of the five factors of authentication what is the weakest?
Something you know
PAP was used with what?
PPP - Point to Point Protocol
Preventative Controls include:
PREVENTATIVE CONTROLS:
- Blocking (Firewalls, etc)
- Hardening
- Guards (Security Guards)
- Change Management
- Account Disablement Policy
- Security Awareness Training
Protocol IDs are?
The ID of the network protocol - NOT THE PORT.
E.g. TCP is 6, UDP is 17, etc.
Proximity Cards are:
Physical badges held up to scanners - can be combined with a PIN
RADIUS entire authn process is encrypted, T or F
F
Only the password is encrypted
PAP?
Category: Remote Access Server (RAS)
Password Authentication Protocol
Passswords are sent over clear text!
TACACS+ ?
Category: Remote Access Server (RAS)
Terminal Access Controller Access-Control System Plus
- TACACS+ is an alternative to RADIUS, from Cisco.
- Benefit of TACACS+ is that it can interact with Kerberos, allowing it to work with a broader range of environments, including Microsoft domains.
- Encrypts the entire authentication process, whereas RADIUS encrypts only the password.
CHAP?
Category: Remote Access Server (RAS)
Challenge Handshake Authentication Protocol (CHAP)
DIAMETER
Category: Remote Access Server (RAS)
Diameter.
Diameter is an improvement over RADIUS and it supports Extensible Authentication Protocol (EAP) for security.
Flavors of CHAP?
Category: Remote Access Server (RAS)
MS-CHAP and MS-CHAPv2
V2 now solely used
RADIUS
Category: Remote Access Server (RAS)
Remote Authentication Dial-In User Service (RADIUS).
XTACACS
Category: Remote Access Server (RAS)
Extended Terminal Access Controller Access-Control System (XTACACS)
RAS?
Remote Access Service - anything remote you need to sign into
Risk Assessment - Quantitative vs. Qualitative
Quantify = assess risk based on monetary/asset value (SLE/ALE, etc)
Qualitative = based on assessment of Probability x (times) Impact (usually using historical data)
SAML?
Security Assertion Markup Language (SAML)
SNMP?
Simple Network Management Protocol
Telnet is still commonly used T/F?
False
TLS?
Transport Layer Security
UDP?
User Datagram Protocol
What are 2 RAS Authn Services that are considered “AAA”
RADIUS and TACACS+
What are all the things a smart card provides?
The smart card provides:
- non-repudiation
- authentication (2factor: both HAVE & KNOW)
- confidentiality (encryption)
- integrity (signing)
What are authentication types also known as?
Factors
What are planning documents known as Matrices used for in Access Control?
Role Matrix: used to map roles to privileges for planning purposes
What are Rule Based Access Controls usually associated with?
Firewalls / ACLs / Lists
What are SAMLs 3 main actors?
Principal: this is typically a user.
Identity Provider
Service Provider (the authn server)
What are some of the best practices of password management?
Use strong ones,
don’t write them down,
don’t share,
use technology to enforce policies like expiration
What are some of the characteristics of Kerberos
- mutual authentication that can help prevent man-in-the-middle attacks
- uses tickets to help prevent replay attacks.
- network authentication protocol within a Microsoft Windows Active Directory domain or a Unix realm.
- database of objects such as Active Directory and a KDC (or TGT server) to issue timestamped tickets that expire after a certain time period.
What are some of the Layers in “Layered Security”?
Network (Firewall, Reverse Proxy Servers),
Host-based (Intrusion Detection System - IDS) and Antivirus,
Software (Monitoring)
Layered security, or defense in depth, combines multiple layers of security, such as a firewall, an IDS, content filtering, and antivirus software.
What are the GOALS of Controls w.r.t. a Security Incident?
Preventative Controls - try to prevent an incident from occurring
Detective Controls - try to detect an incident that’s already occurred
Corrective Controls - try to correct the damage done by an incident
Deterrent Controls - try to deter an incident from occurring in the first place
Compensating Controls - act as alternatives when primary controls are not feasibles
What are the 2 ways to simplify IPv6 format?
1) Drop Leading 0s
2) 0 Compression (ommitting any hex that’s all zeros, e.g. somehex::someotherhex::onelasthex)
Remember - any number less than 4 characters will have been simplified in some way
What are the 3 parts of the TCP handshake?
SYN (synchronize) from client to server.
SYN/ACK (synch/ack) from server to client.
ACK from client to server.
What are the 3 Private IP Subnets
- x.x.x
- 16.x.x > 172.31.z.z
- 168.x.x
What are the 5 factors of authentication?
Something you KNOW Something you HAVE Something you ARE SomeWHERE you are (location) Something you DO
What are the characteristics of a strong password?
> 8 characters
No dictionary words
At least 3-4 of the following types:
- Upper case
- Lower case
- Numbers
- Special characters
What can Protocol IDs be used for?
Firewall configuration
What does a minimum password age help with?
Helps to prevent users from resetting passwords back to previous password right after being forced to change it
What does PKI stand for?
Public Key INFRASTRUCTURE
What does TLS do that SSL doesn’t?
TLS encrypts the data before transmission
What is a nonce?
Number used once
Used in hashing
What is commonly used with smart cards to increase security and what does it provide?
A pin or password
Provides 2-factor auth
What is HOTP?
HMAC-based One Time Password
What is mutual authentication?
Client authn to the server, and server authn to the client
What is Non-Repudiation, and what are some of the ways to enforce it?
Ability through Digital Signatures and/or audit logs, etc to authenticate that a person was the originator of a message or an action, and later not be able to DENY that it was them that sent the message…
Smart Cards
What is the basic concept behind MAC access control?
Labels.
Users with a particular label are allowed to see files/folders with a particular label.
What is TOTP, how is it different than HOTP?
Time-based one time password- uses a time stamp instead of a counter
What network protocols do RADIUS & TACACS+ use?
RADIUS uses UDP (User Datagram Protocol)
TACACS uses TCP (Transmission Control Protocol)
What Operating System uses a Mandatory Access Control model and what’s it called?
Linux
SELinux (Security Enhanced Linux)
What Protocols are commonly associated with DoS attacks?
UDP - because there’s no handshake - the streaming overwhelms the server.
ICMP
What’s a DACL contain?
A group of ACE (Access Control Entries) - that are made up of SIDs and Persmissions
What’s a DACL?
Discretionary Access Control List - every MS object in the NTFS world has one and it shows everyone that has access to a file or folder.
What’s a SID and what’s it associated with?
Security Identifier - it’s what MS systems use to ident someone. Associated with DAC access control model (Discretionary)
What’s a way to prevent Tailgating?
Mantraps
What’s another name for the “something you are” authn factor?
Biometrics
What’s the main difference between SFTP and FTPS?
SFTP uses SSH (port 22)
FTPS uses TLS/SSL (either on 989 or 990)
What’s the main vulnerability of HMAC-based One Time Password (HOTP)?
A generated password that has not been used can be used indefinitely.
What are the names for biometrics systems failure rates?
The False Accept Rate (FAR, also known as a type 2 error) identifies the percentage of times false acceptance occurs.
The False Reject Rate (FRR, also known as a type 1 error) identifies the percentage of times false rejections occur.
When manually resetting a password- what’s best to remember?
The password should be set to expire on first use
Why do adminstrators disable ICMP services/ports?
Becuase they can be used in DoS attacks and because they make the services discoverable outside of the server.
Write the following subnet mask for the subnet 192.168.1.1 in CIDR notation:
255.255.0.0
192.168.1.1 / 48
Switches deal with _____ traffic while Hubs deal with ______?
Unicast
Broadcast
Loop protection on a Switch is enabled by what protocols and prevents ______?
STP (Spanning Tree Protocol) or RSTP.
Prevents switch looping that can seriously degrade network performance.
VLANs can do what and are enabled by what?
Can logically seperate computers (or groups of users,etc) through software-defined LANs.
Enabled by smart SWITCHES - one switch can create multiple VLANs.
802.1x can be used for what kind of networks?
Wired AND wireless
802.1x can be implemented with what kind of servers?
RADIUS or DIAMETER
What is Port Security?
Securing the physical ports of a network
Routers allow/deny traffic based on _______?
ACLs - basic packet filtering
In the context of ACLs - what does Implicit Deny do and what are they used in?
All traffic that isn’t explicitly allowed is implicity denied.
Routers and Firewalls
What are some of the rules of Implicit Deny?
Deny Any Any or Deny All All (where the first one indicates the type - UDP, TCP, etc) and the second means Inbound/Outbound
Firewall Rules generally take what format?
Permission Protocol Source Destination Port
Firewalls implement “implicit deny” by implementing what at the end of the ACL?
Deny Any Any,
Deny Any
Drop All
Web Application Firewalls can prevent what kind of attacks?
Cross Site Scripting Attacks
What are 3 of the ways to segment/block network traffic?
VLANs,
Routers,
Firewalls
DMZs are typically in between what?
2 firewalls - one to the outside Internet and one to the inside intranet.
NAT?
Network Address Translation
NAT is typically found where?
On internet-facing Firewalls
What’s a commmon form of NAT?
PAT - Port Address Translation
Uses a Single IP address
Pros/Cons of NAT?
Can be used to leverage more expensive Public IP addresses.
Hides computers/servers not meant to be public.
Doesn’t work with IPSec (IPv6)
What is Dynamic NAT?
Uses multiple IP addresses to help balance load
What is UTM?
Unified Threat Management
Combines several network security controls in one server/appliance.
What are some of the things a UTM can monitor?
Email and email attachments, malicious code in websites.
What is one common type of UTM?
Web Security Gateway
OSI Network Layers - what are the layers…
“Please Do Not Throw Suasage Pizza Away”
- Physical (cables/hubs)
- Data Link (switches)
- Network (router/layer3 switch)
- Transport (UDP/TCP, etc)
- Session (establishing/maintaining/terminating)
- Presentation (ASCII, etc)
- Application (HTTP, RDP, LDAP, etc)
What are IPS’s and IDS’s and what is the difference?
IPS = Intrusion Prevention System (ACTIVE - always placed inline with traffic - so it can prevent attack from reaching downstream networks)
IDS = Intrusion Detection System (PASSIVE - usually)
All IPSs are IDSs, but not all IDSs are IPSs (only ACTIVE IDSs can be considered IPSs)
Both use protocol analyzers / sniffers.
HIDS is usually used along with what?
Along with a traditional antivirus since HIDS can help detect network-based issues.
What is a SYN flood?
A form of DoS attack.
Attackers issue multiple simultaneous SYN requests of a server and intentionally don’t respond with the ACK after the SYN/ACK - therefore making the server think it’s connections are just latent - but this causes the server to overload and can crash it.
Where is a NIDS installed?
On a network device like a router or firewall.
A Network-based Intrusion Detection System cannot monitor encrypted traffic, T/F?
True