Security Architecture Domains 1 and 2 Flashcards
Access control is a way to discover
Who is accessing the information? (the Subject doing the accessing)
What is being accessed? (the Objects) being accessed)
How might the access occur? (the mechanism(s) used for access)
What are the major concepts of access control
Subject, Object, Permissions, Rights
What is the difference between a permission and a right
Through their rights (policy) users are granted permissions.
Describe the interaction between subjects, rights, permissions and objects
Subjects - WHO
Rights - HOW
Permissions - HOW
Objects - WHAT
Access control coupled with __________ establishes the basis for accountability
Auditing
Auditing is
The process of recording access control actions
A system should be governed by a written standard that specifies the rules applicable to the system. These rules are derived from
- Laws
- Regulations
- Industry standards
- Organisational policies
The compilation of rules applicable to a particular IT system forms the
security policy
The security policy addresses
managerial, operational, and technical security requirements for a system.
More often than not ______________________ in an IT system represents the bulk of the technical security within the security policy. The interpretation of the correct
access control and auditing
Access control at the network level tends to be more (1) such as allowing or disallowing access to (2)
connection oriented
ports and protocols associated with given IP addresses.
Each subject identified in an ACL is known as an
Access control entity
The _____________ is used to manage each ACL in the system
ACL repository
_____________ is the predominant access control technique in use today. Most commodity systems implement some form of it in some form.
Discretionary Access Control (DAC)
The underlying concept of DAC is
to give an object owner the discretion to decide who is authorised access to an object and to what extent.
Why does the read permission not always mean read only
In the case of files it normally also means read and copy
What is important to remember about the write permission
It can also mean to delete, because a file can be overwritten with a single byte
Given the Read, Write and Execute problems that attend DAC systems what are some implementation strategies that mitigate them
- Limit access to essential objects only.
- Label sensitive data.
- Filter information where possible.
- Promulgate guidance that prohibits unauthorised duplication of
information.
5 Conduct monitoring for noncompliance.
__________________________ is the primary means of controlling system integrity. Why do viruses often gain complete access to a system?
Preventing unauthorized modification of resources is the primary
means of controlling system integrity. Why do viruses often gain complete
access to a system? Excessive permissions on configuration settings and files allow the virus to write to or delete critical files.
Access control mechanisms that are neither DAC nor mandatory access control (MAC) are referred to as forms of
nondiscretionary access control.
Types of non-discretionary access control
- Role-Based Access Control (RBAC)
- Originator Controlled (ORCON)
- Digital Rights Management (DRM)
- Usage Controlled (UCON)
- Rule-Based Access Control -
MAC functions by associating 1. level with the 2. level of the target object. It is important to note that systems supporting
- A subject’s clearance level with
- The sensitivity level of the target object.
What are common reasons why users receive rights and permissions that go beyond what is needed for the task?
- Lack of explicit definition of duties - Neither the user nor manager
has a clear grasp or definition of the duties assigned to the
individual. - Weak internal controls - Where explicit duties are known, changes
in duties or access controls on the system may not be periodically
reviewed for conflicts. - Complexities in administration - In very large, distributed
organizations, it is difficult to know the access limitations that
should be imposed when access control is centralized.
Security design efforts should consider various aspects that could affect
separation of duties. At a minimum, it should be possible to enforce separation of duties through the user access control mechanisms whether the designation is manual or automated. A system should have sufficient administrative flexibility to accommodate the following aspects:
- Identify each explicit role
- Assign appropriate permissions
- Avoid unnecessary rights
- mitigate workflow violation potential
What techniques can be used in small organisations to help with the problem of separation of duties?
Assign accounts on a per-role basis - An individual should have a
separate account for each role used.
Prevent those with multiple roles from reading and writing to the
same storage area
Auditing is vital - Consider implementing object-level auditing for
individuals with multiple roles.
Conduct more frequent evaluations
All of the technical security controls in a system are collectively referred to as
the Trusted Computing Base (TCB).
The overall security of a system is no stronger than
the most vulnerable components of the TCB
What are the most common components of the TCB of most enterprise systems.
Port Locking and Network Access Control (switches)
User management and resource control (Workstations and Servers)
Network Filtering and Access Control (Routers)
Business data access rules (Databases)
Boundary protections (firewalls)
Information Flow Control (Application servers)
A _________________ is the collection of components of a TCB that mediate all
access within a system.
Security Kernel
The most common functions of the security kernel include
Authentication, auditing, and access control.
The operational aspect of the security functions is referred to as
The security reference monitor
What does a security reference monitor generally do
Compares an access request against a listing that describes the allowed actions
What does the acronym AAA refer to
Authentication, Authorisation and Accounting
An access control system that is centralised relies on a
A single device as the security reference monitor. Authorisation and access control decisions are made from the centralised device
What are the approaches to achieving centralised access control
- The ACS proxies client requests - limits communication
- A gatekeeper mechanism - limits communication
- Free roaming on the network with control over individual access requests.
What are the disadvantages of ACS
Single point of failure
Single point of compromise
Capacity
A number of protocols exist that support centralized access control.
TACACS, TACACS+, RADIUS, and EAP are just a few of the most common access
TACACS
An older centralised access control system. Terminal Access Control ACS. On port 49
A critical shortcoming in TACACS is
A critical shortcoming in TACACS is the lack of
encryption. All communication from a TACACS client to the
server is in cleartext. Using this protocol through an untrusted or
public network exposes the session and endpoints to a potential
compromise.
TACACS+
Protocol supporting centralised access control
TACACS+ - This proprietary protocol by Cisco is based on
TACACS. It is primarily used with TCP on port 49. This protocol
overcomes the security weaknesses of its predecessor by providing
encryption for the packet payload. Authentication, Authorization,
and Accounting (AAA) capabilities are built into the protocol,
whereas it is missing from TACACS.
Shortcoming of TACACS+
The use of AAA capabilities is implementation specific. Therefore, a security
architect must ensure that each TACACS+ implementation is consistent with the policy of the organization.
RADIUS
Protocol supporting centralised access control
The Remote Authentication Dial In Service (RADIUS)
also has AAA capabilities built into the protocol. RADIUS
is a centralized access control protocol commonly used in the
telecommunications industry as well as by Internet service
providers. A network access server (NAS) acting as the gateway
to a network passes client access requests to the RADIUS server.
EAP
Protocol supporting centralised access control
The Extensible Authentication Protocol (EAP) is a protocol
supporting multiple authentication methods. It operates above
the data link layer and therefore does not rely on IP.
Essentially a peer-to-peer protocol.
The protocol relies on the lower layer to ensure packet ordering, but
retransmissions are the responsibility of EAP.
Its design as an authentication protocol prohibits its use for data transport, which would be inefficient.
Protection of the device used for centralised access control is vital.
List some the important counter measures
Reduce attack surface
Active monitoring
Device backup
Redundancy
A collection of nodes that individually make access control decisions through a replicated database characterises a …
decentralized access control mechanism. The
Although decentralized access control has advantages, it is not perfect. Some
of the issues that need to be considered when implementing decentralized access control include
- Continuous synchronization considerations - The access control
mechanism is only as current as the last synchronization. Excessive gaps in the time between synchronizations may allow inappropriate access to the system or objects. - Bandwidth usage - Synchronization events might consume a lot
of bandwidth. Nodes joined through low-bandwidth connections
may consume a disproportionate amount of bandwidth when
synchronizing. - Physical and logical protection of each access control node - A
compromise of one access control node could propagate a
compromise to all. Successful attacks against the centralized
database in one location could provide the attacker with the
ability to attack any node participating in the architecture.
Inconsistencies in security countermeasures are a common issue with systems using decentraliSed access control. Servers providing access control services could be located in different facilities in the same region or in different parts of the world. Ensuring that the intended design is consistently applied for each instance can be quite challenging.
- Physical security
- Management coordination
- Remote maintenance (making it reachable to)
- Exclusion from DMZ
Design Considerations
There are a number of issues that must be carefully considered when
implementing federated access control.
Cooperative effort
Mutual risk
Utilize a DMZ
Exclude access control integration
The X.500 Directory Specification provides
A framework to specify the attributes used to create a directory as well as the methods used to access its objects
The IETF has defined an alternative method to access an
X.500-based directory over IP that is known as
Lightweight Directory Access Protocol (LDAP).
The latest Microsoft servers rely extensively on their proprietary DAP implementation known as
Active Directory
Directory specifications such as X.500 enable an organization to publish
information in a way that
Supports hierarchical access to structured information.
How is PKI vulnerable
Depends on the physical security of the device with the private key
Traditionally, there have been two distinct approaches to Security
Management:
Security Event Management (SEM) and
Security Information Management (SIM).
What are the six capabilities of a SIEM system
- Data aggregation
- Correlation
- Alerting
- Dashboards
- Compliance
- Retention
What does the correlation function of an SIEM refer to
The ability to use correlation techniques to integrate data from different sources.
A ________________ is the principal subject of interest within an access control
mechanism.
A system user is the principal subject of interest within an access control
mechanism.
Ideally, ________________ will be subject to an access control mechanism.
every object
What is the significant drawback of ODBC
SQL commands are sent in clear text
What do security architects often use to get around the security hazards of allowing direct connections to database
Three-tier Web-based applications are a frequently used architecture to
provide controlled access to organizational data.
Three-tier Web-based applications are a frequently used architecture to
provide controlled access to organizational data. Implementing this type of
architecture has its benefits and drawbacks. Discuss the benefits
- A web browser can be used instead of proprietary applications
- Provides a method of allowing multiple users to get access to the sites
- Communication channels can be encrypted
Three-tier Web-based applications are a frequently used architecture to
provide controlled access to organizational data. Implementing this type of
architecture has its benefits and drawbacks. Discuss the drawbacks
- Increased complexity
- Vulnerability to cross site scripting
- Middle tier security (a breach of the server could result in a breach of the data)
Managing through the use of groups is indeed a double-edged sword. Although it provides substantial power to mitigate risk, when not properly managed it can cause other problems. Some issues facing a security architect when controls governing group management fail are the following:
Orphaned groups
Duplicated groups
Separation of duty violations
Failures in least privilege
Administering group membership is an aspect of
Identity management
Groups and roles are both a type of collection, but differ in their application.
Groups are collections of ______, while roles are collections of ___________.
Users
Rights and permissions
An important aspect of an RBAC implementation is _________________,
which is the fundamental attribute used to establish separation of duties.
mutual exclusivity
How can the implementation of RBAC differ from one vendor to another
the ability to specify mutual exclusivity.
A true implementation of RBAC is predicated on a mechanism that enforces its attributes. However, this may not be practical or feasible for resource-constrained organisations using commodity systems that desire this type of access control. In these cases what can one do
groups could be used to mimic role-based access.
When using groups to mimic role-based access what should one do on creation of the groups
A detailed listing of the attributes and
uses of each group as a role is required.
When using groups to mimic role-based access one should Identify
Which objects in the system should have
permissions associated with the roles
When using groups to mimic role-based access what should one avoid assigning to groups
groups
When using groups to mimic role-based access what should one avoid assigning on objects
Refrain from assigning account permissions on objects.
.
When using groups to mimic role-based access should one allow users to have multiple accounts?
Yes, Issue users multiple accounts. This is necessary if varying levels
of rights are needed. This does not mean a user must have an
account for each role, but rather, the inclusion of a member in
a “role” must not create a situation where an account can easily
circumvent its intended use. In this regard, a solid identity
management methodology increases in importance.
When using groups to mimic role-based access how could system services be used
could act as intermediaries between subjects and objects.
When using groups to mimic role-based access how should one audit and monitor the system
monitor for inappropriate permissions and
audit for misuse
What are the attributes to consider in Task Based Access control TBAC
Time
Sequence
Dependencies
What is the standard for Task Based Access Control (TBAC)
The concept of TBAC is still an emerging topic. Presently, there are no
accepted standards or definitions of what TBAC entails. However, this does not detract from the usefulness of implementing access control according to the attributes of a task in a workflow. Indeed, many organizations already implement types of access control in workflows. A number of document collaboration suites implement workflows and make use of TBAC enforcement attributes.
The routing access control list specifies
subnets or addresses that are accessible from a segment
Techniques to achieve location-based access control
The routing access control list specifies subnets or addresses that are accessible from a segment. The critical point here is that
Different segments should be physically separated until they are connected to the node applying the logical access controls. This prevents an insider from spoofing an address in an alternate subnet and bypassing access controls based on physical location.
Techniques to achieve location-based access control
The idea of using access controls for network segments assumes that requests for resource access originate from a node within the segment, when is this not the case
When the segment has been compromised by a bot or a trojan
Techniques to achieve location-based access control
Enabling access controls according to device type is dependent on
two important factors:
- Device recognition - Each device type must be recognizable in some
way by the access control mechanism. - Policy enforcement - Access control decisions are made according
should not be allowed to connect and pass traffic in the network.
Techniques to achieve location-based access control
What happens with network based access control using physical and logical addresses
The rules regarding what the device is allowed to communicate with would be encoded into Layer 2 devices, Layer 3 devices, and monitoring devices.
Techniques to achieve location-based access control
What happens with network based access control using 802.1X standard
As devices connect to the network, they are authenticated according to the certificate presented. A
RADIUS server is used to support device authentication.
Techniques to achieve location-based access control
Advantages of network based access control
- Standards based
- all connected devices can be authenticated
- connection attempts can be logged
Techniques to achieve location-based access control
Disadvantages of network based access control
- not supported by all device types
- each device still needs a certificate
- certificates need to be managed
- limited to authentication
Techniques to achieve location-based access control
potential advantages of third party access control systems
- specialised
- supported
- policy alignment can be determined
- automated
Techniques to achieve location-based access control
Potential disadvantages of third party access control systems
- cost
- hype (imaginary functionality)
- may not support all device types
The design and implementation of location-based access control
involves the following factors (7)
- Join logical and physical - use the logical and physical attributes of
nodes and networking equipment. - Layer controls - Use multiple techniques to achieve defence in depth.
- Map and inventory the network
- Conduct traffic pattern analysis -
- Know where segments exist physically -
- Implement rules on networking equipment
- Monitor compliance
The necessary components of identity verification include
- Entity - A person or process claiming a particular identity.
- Identity - A unique designator for a given subject.
- Authentication factor - Proof of identity supplied by the entity.
- Authenticator - The mechanism to compare the identity and factor against a database of authorised subjects.
- Database - A listing of identities and associated authentication
factors.
The Difference between an Entity and Subject
An individual who is yet to be authenticated is referred to as an entity rather than a subject. This distinction is necessary because a subject represents someone or something with logical rights and permissions in a system.
An entity has no logical rights before authentication. An entity graduates to a subject when successfully validated.
An authentication factor meeting at least one of these qualities will provide sufficient confidence that an attacker will not be able to easily masquerade as the intended subject.
- It is known only to the entity
- Reproduction of it is infeasible
- It is computationally impractical to replicate
List some token based authentication tools
Badges
Magnetic strips
Proximity cards
Can proximity cards be spoofed
Most cards are not capable of using encryption to prevent spoofing. Rogue readers with high output fields and
strong sensitivity can be used to capture card identities as people pass by. This information can be passed to specially constructed devices that retransmit card information, allowing access to
protected areas.
Biometrics can be broadly categorised as
either physical or behavioural.
Give an example of a behavioural biometric
The way each person uses a keyboard represents a biometric referred to as typing dynamics or keystroke dynamics.
When comparing various biometric options, it is important to consider the following key operational aspects
Accuracy
Enrolment time
Response time
Security
When comparing various biometric options, it is also important to consider the implementation aspects
Cost
Acceptance
Storage
Changes
Iris-based technologies have proved themselves to be one of the best forms of
biometrics (Chirillo and Blaul, 2003). They have very low error rates and are
very accurate. These types of biometric devices have a moderate-to-low cost. It
is likely that cost will continue to decrease as usage increases globally. Although
these devices have good performance, there are issues.
- Users are still somewhat
reluctant to participate in iris-based biometrics. It seems that people fear that the acquisition device could damage their eyes due to the use of infrared technology. - Eye movement, proximity, and angle of the acquisition device, as well as lighting,
affect the quality of the minutiae collected. These variations can hinder the
enrollment process.
Retina recognition systems are very accurate and very expensive. Spoofing
a retina pattern is considered difficult. Aside from cost, the biggest drawback
to retina-based biometrics is
User acceptance. Enrolment and authentication with a retina recognition device requires an individual to place the eye very close to the input device. Many users fear damage to their eye by the device or contracting an eye disease from a prior user. Eye glasses and contacts also
interfere with the proper operation of a retina detection device. Due to cost and
acceptance considerations, retina-based biometrics should only be used when a
high level of security is essential.
Facial recognition technologies have acceptable performance, are low cost,
and are not generally resisted by users. However, they do have some issues.
Lighting, hairstyles, subject aging, cosmetics, accessories such as glasses or
piercing, expressions, and facial hair can affect the accuracy of the detection
process.
Furthermore, some facial recognition techniques can be fooled with an image of the actual subject presented to the input device.
Some facial recognition techniques also fail to distinguish between identical twins.
There is an important attribute of authentication factors that is sometimes
overlooked. The strength attribute of an authentication factor lies in its ability
to resist abuse; that is, a strong authentication factor is difficult to reproduce by anyone other than the owner. This is a major factor driving biometrics. Most people believe that something you are is superior to something you know or
have. Indeed, this seems plausible. However …
if something you are is reproducible
or can be captured, then there is the risk of abuse. In such cases something you have, like a key that cannot be reproduced is superior.
A threat that plagues passwords will likely have an equivalent counterpart affecting biometrics. Keystroke loggers are a particularly nasty threat to passwords. Those running within a system can capture all manner of authentication activity using a keyboard. Similarly,
A Biometric Template Logger (BTL) could also be used to capture minutiae attributes before they are sent over a network.
Design validation seeks to address the following areas
- Requirements - Have all requirements been addressed?
- Operations - Are organizational needs met?
- Functionality - Does it work as desired?
- Weaknesses - Can it be circumvented?
The most common sources of security requirements are
laws, regulations, industry standards, and organisational policies.
An efficient way to determine if a system meets access control requirements is to list all applicable security requirements in a matrix. Using what headings?
Unique identifier
Sources
Requirement -
Interpretation
The two elements of functionality that a security architect should bear in mind when reviewing an access control mechanism are
- Operational - The access control must work as intended with the
desired results. - Usable - A difficult-to-use access control mechanism will ultimately prove ineffective.
The overall goal of access control design validation is
to ensure that the questions regarding requirements, operations, functionality, and weaknesses are not left unanswered.
How should access control design validation proceed
Identify access control gaps
Identify policy deficiencies
Look for obvious ways to circumvent controls
Identify countermeasures
Use defence in depth to counteract weaknesses
Three Different testing paradigms are useful in determining the effectiveness
of a control.
Exercise controls
Penetration testing
Vulnerability assessment
What three elements test the extent to which access controls support security
requirements.
- implemented correctly
- operating as intended
- producing the desired outcome
Different testing paradigms are useful in determining the effectiveness
of the control. What does the “Exercise controls” paradigm do?
Determines if the controls are working as expected by running test cases
Different testing paradigms are useful in determining the effectiveness
of the control. What does the “penetration testing” paradigm do?
Determines if the controls can be circumvented
Different testing paradigms are useful in determining the effectiveness
of the control. What does the “Vulnerability assessment” paradigm do?
Identifies potential flaws in the system
The security architect should bear in mind the relationships between access control attributes when developing test procedures.
Entities and authentication factors -
Access control testing should ensure that the link between an entity and authentication factor is resistant to compromise and tampering.
The security architect should bear in mind the relationships between access control attributes when developing test procedures.
Subjects and rights
Testing should determine if subject interactions with the system could result in the ability to increase rights or not.
The security architect should bear in mind the relationships between access control attributes when developing test procedures.
Critical objects should
have their permissions checked.
- Which of the following represents the type of access given to a user?
A. Permissions
B. Subjects
C. Objects
D. Rights
The correct option is A
Permissions regulate the type of access a subject is given to an object. Common
permissions include: read, write, delete, and execute.
- The most widely adopted access control method is
A. Discretionary access control.
B. Mandatory access control.
C. Rule-based access control.
D. Role-based access control.
The correct option is A
Discretionary Access Control is the predominant access control technique in use
today. Most commodity systems implement some form of DAC.
- No read up and no write down are properties of
A. Discretionary access control.
B. Mandatory access control.
C. Rule-based access control.
D. Role-based access control.
The correct option is B
This is the basic functionality of Mandatory Access Control. The fundamental principles of MAC prevent a subject from reading up and writing down between classifications.
- Access control for proprietary distributable content is best protected
using
A. Discretionary access control.
B. Digital rights management.
C. Distributed access control.
D. Originator controlled
The correct option is B
Among the options given, only DRM provides a means to control proprietary content
- When designing a system that uses least privilege, a security architect
should focus on
A. Business requirements.
B. Organizational mission.
C. Affected usability.
D. Disaster recovery.
The correct option is D
Disasters are unlikely; therefore, least privilege should not be designed with
limitations.
- Separation of duties is BEST implemented using
A. roles.
B. permissions.
C. rights.
D. workflows.
The correct option is A
Separation of duties is best implemented with roles composed of granular rights
and permissions.
- Which of the following is the BEST supplemental control for weak
separation of duties?
A. Intrusion detection
B. Biometrics
C. Auditing
D. Training
The correct option is C
Accountability becomes more important when separation of duties is weak
or unachievable. Auditing is paramount. Consider implementing object-level
auditing for individuals with multiple roles. Identify key areas where abuse
might occur, and implement multiple methods to monitor for violations.
- Centralized access control
A. Is only implemented in network equipment.
B. Implements authentication, authorization, and accounting.
C. Is implemented closest to the resources it is designed to protect.
D. Is designed to consider and accept business partner authentication
tokens.
The correct option is B
Authentication, authorization, and accounting are important aspects of
centralized access control.
- Firewalls typically employ
A. Centralized access control.
B. Decentralized access control.
C. Federated access control.
D. Role-based access control.
The correct option is A
A firewall with an integrated authentication mechanism is an example of a centralized access control device using the gatekeeper approach. This type of approach is primarily used to control access to resources and services at particular locations within the protected network.
- A feature that distinguishes decentralized from centralized access
control is its
A. audit logging.
B. proxy capability.
C. security kernel.
D. shared database.
The correct option is D
Decentralized access control relies on shared databases.
- Federated access control
A. is implemented with RADIUS.
B. is designed to be mutually exclusive with single sign-on.
C. is implemented closest to the resources it is designed to protect.
D. is designed to consider and accept business partner authentication
tokens.
The correct option is D
Federated Access Control enables a business partner type of single sign-on.
- Lightweight Directory Access Control is specified in
A. X.509
B. X.500
C. RFC 4510
D. RFC 4422
The correct option is C
RFC 4510 describes a simplified X.500 Directory Access Control protocol.
- This technique is commonly used to collect audit logs:
A. Polling
B. Triggers
C. Workflows
D. Aggregation
Polling by a centralised server is commonly used to query other servers to
periodically collect events.
- A word processing application, governed by Discretionary Access
Control (DAC), executes in the security context of the
A. end user.
B. process itself.
C. administrator.
D. system kernel.
The correct option is A
In DAC, non-system processes run in the memory space owned by the end user.
15 In DAC, non-system processes run in the memory space owned by the end user.
A. are prohibited by policy.
B. may be able to access all the user’s files.
C. are a new technology that is difficult to evaluate.
D. may be derived from untrustworthy open source projects.
The correct option is B
Vulnerabilities in the design or implementation could enable network
penetration.
- Business rules can BEST be enforced within a database through the
use of
A. A proxy.
B. redundancy.
C. views.
D. authentication.
The correct option is C
Views can be used as a type of access control for designated users or database
requests.
- A well-designed demilitarized zone (DMZ) prevents
A. direct access to the DMZ from the protected network.
B. access to assets within the DMZ to unauthenticated users.
C. insiders on the protected network from conducting attacks.
D. uncontrolled access to the protected network from the DMZ.
The correct option is D
The goal of a DMZ is to prevent or control information flow from outside to inside
- Dual control is primarily implemented to
A. complement resource-constrained separation of duties.
B. distribute trust using a rigid protocol.
C. support internal workflows.
D. supplement least privilege.
The correct option is B
Dual control requires explicit separation of duties and protocols.
- A well-designed security test
A. requires penetration testing.
B. is documented and repeatable.
C. relies exclusively on automated tools.
D. foregoes the need for analysis of the results.
The correct option is B
The results of a test that is not documented or repeatable are questionable.
What does analogue multiplexing do
shifts conversations into predefined channels of frequency division multiplexers
_______________ was used to encrypt voice by the Allies.
Pulse Code Modulation (PCM)
____________ represents one of the earliest methods developed to digitize an analog
signal, such as human voice or facsimile transmission.
Pulse Code Modulation PCM
How does PCM work
First, the analog signal is sampled at predefined time intervals.
Next, each sample, which can have an
infinite number of heights, is quantized into a predefined value that is closest
to the height of the signal. Then, the resulting height is encoded into a series
of bits.
The data rate of a T1 line is 1.544 Mbps, how do we work that out
24 voice calls were sampled and encoded into 8 bits, and a framing bit was
added to provide a pattern used for synchronisation.
This was the well-known
T1 frame, which comprises 193 bits (8 × 24 + 1)
Because sampling occurs 8000
times per second, the data rate of the now ubiquitous T1 line became 193 bits/
frame × 8000 frames/second, or 1.544 mb per second
What is a T2 Line
A T2 consists of four T1 lines multiplexed with additional framing that is used between telephone
company offices operates at 6.312Mbps
What is a T3 Line
28 T1 lines multiplexed operating at 44.736 Mbps
The use of packet-switched networks offered certain advantages over the use
of the telephone network for transporting data?.
- numerous data sources
could be routed over common high-speed circuits. - each packet had its integrity checked via the use of a Cyclic Redundancy Check (CRC)
- Packet switching could make use of alternate routes
Why did CRC offer superior integrity checking than when asynchronous data is transmitted via the telephone link
Asynchronous could only provide a parity bit, which cannot detect multiple errors
Although packet networks have significant advantages over circuit-switched networks, they also have many disadvantages. Foremost among the disadvantages was
The delay resulting from the need to retransmit packets because of CRC
mismatches caused by spurious hits on circuits resulting primarily from machinery
and weather conditions.
The early packet networks previously described were based on the _______ protocol. Their development paved the way the growth of a new type of packet network based on the _______ protocol
X25
TCPIP
VOIP
There are several key areas of concern in the development of a network architecture designed to move digitized voice over a packet network originally developed to transport data. Those concerns include
- the end-to-end delay associated with
packets carrying digitized voice, - jitter,
- the method of voice digitization used,
- the packet loss rate, and
- security.
What is Jitter and why is it a problem
Jitter represents the variation in packet transit caused by queuing, contention,
and the propagation of data through a network?
Distorts sound
While there are numerous voice protocols that have attained a degree of
prominence, this section will focus on an umbrella protocol and two signaling
protocols. The umbrella protocol is referred to as the
H.323 Recommendation,
which defines a series of protocols to support audiovisual communications on
packet networks.
VOIP
Session Initiation Protocol (SIP) defines .
the signaling required to establish and tear down communications, including voice and video calls flowing over a packet network
VOIP
Signalling System 7 (SS7), which represents
Signaling system protocol originally used for establishing and tearing down calls made over the world’s series of public switched
telephone networks.
However, to make a call over a packet network such as the
Internet, SS7 information must be conveyed. This occurs by transporting SS7
over the Internet Protocol (IP).
An H.323 terminal (client)
An endpoint in a LAN that participates
in real-time, two-way communications with another H.323 terminal, gateway,
or multipoint control unit (MCU). Under the H.323 standard, a terminal must
support audio communication and can also support audio with video, audio
with data, or a combination of all three.
An H.323 gateway (GW) provides …
The physical and logical connections
from a packet-switched network to and from circuit-switched networks.
Gatekeepers are optional devices within an H.323 network. When present they
perform three important call control housekeeping functions, which assist in the preservation of the integrity of the packet network. Those functions are …
admission control,
address translation,
and bandwidth management.
MCU
A Multipoint Control Unit (MCU) represents an endpoint on a LAN that
provides the capability for
three or more terminals and gateways to participate in a multipoint conference.
The collection of all terminals, gateways, and multipoint control units managed by a single gatekeeper is known as an
H.323 Zone.
SIP
The Session Initiation Protocol (SIP) represents an application layer signaling
protocol that enables
telephony and VolP services to be delivered over a packet
network.
A comparison of two methods of supporting voice communications over ip networks underscores the considerable
difference between the two protocols. The ___(A)_____ protocol defines a unified
system to support multimedia communications over IP networks, providing support for audio, video, and even data conferencing. Within the umbrella protocol, it also defines methods for handling device failures, such as using alternative gatekeepers and endpoints, and messages are encoded, ______(B) ____ was developed to initiate a call, referred to as a session, between
two devices and has no support for multimedia conferencing.
H323
SIP
This standard defines the manner in which public switched telephone networks (PSTNs) perform call
setup and breakdown, routing, and control by exchange signalling information over a digital signalling network that is separate from the network which actually
SS7, a mnemonic for Signaling System No. 7,
There are over 100 million facsimile devices in use around the world, the ability of one device to communicate with another is provided by the ____ protocol.
G3
What is the problem with the G3 standard.
By itself, the G3 standard does not directly deal with security. Although a
modified Huffman coding is employed to reduce transmission time of each
scanned line, anyone who has the knowledge to tap a transmission can more than likely decode the transmission.
Products that can be used to
control the flow of data at the
entryway to the network are
referred to as
as perimeter controls
Filtering based on the contents of packet headers, such as the headers in IP, TCP, and UDP, are commonly incorporated into
firewalls
TCP is used to transport connection-oriented, reliable data, such as control information.
UDP is used to transport connectionless data
How would the two protocols handle a telephone call
a VolP call would require TCP data to convey the dialed number and other
control information, while UDP would be used to transport digitized voice.
One of the major problems associated with the callback feature of security
modems results from the use of
Local Area Signaling Service (LASS) codes.
LASS codes are numbers entered on a telephone touchpad to access special
features of the telephone system. Two well-known LASS codes are 67, which
toggles Caller-ID blocking, and 69 for Call Return. By knowing how to use
LASS codes, a hacker may be able to exploit the configuration of the callback
feature of a security modem
______ are a combination of network
layer firewalls and application layer firewalls.
Unified threat management (UTM) gateways
________________ are a relatively new technology, as compared to other
firewall technologies, and the type of threats that they mitigate are still changing frequently. Because they are put in front of web servers to prevent attacks on the server, they are often considered to be very different than traditional firewalls.
Web application firewalls
Differences between routers and firewalls
Transfer of packets
Router - uses table to look up forwarding address
Firewall - tests, the packet if it fails it is discarded
Differences between routers and firewalls
Degree of packet inspection
Router examines headers - for routing information
Firewall goes deeper, sometimes checking the contents for login attempts
Differences between routers and firewalls
Performing proxy services
Routers do not do proxy services
Firewalls do
A typical HIDS consists of an agent on a host that identifies intrusions by analysing system calls, application
logs, file-system modifications (such as password and access threshold files),
and other host activities and state. These IDS types are commonly referred to as
as Network Behavior Analysis (NBA) IDS
Intrusion detection
Inline Sensor
An inline sensor is deployed so that the network traffic it is monitoring must pass
through it, much like the traffic flow associated with a firewall.
Intrusion detection
Passive Sensor
A passive sensor is deployed so that it monitors a copy of the actual network
traffic; no traffic actually passes through the sensor. Passive sensors are typically
deployed so that they can monitor key network locations, such as the divisions
between networks, and key network segments, such as activity on a demilitarized zone
What is a spanning port
A port that can see all of the traffic going through the switch.
What is a network tap
A network tap is a direct connection between a sensor and the physical network media itself, such as a fiber optic cable. The tap provides the sensor with a copy of all network traffic
What is an IDS load balancer
An IDS load balancer is a device that aggregates and directs network traffic to
monitoring systems, including IDS sensors.
Unlike a network-based IDS, which can see all packets on the networks it monitors, a wireless IDS works by
sampling the traffic
Sometimes an IDS is offered with an ____, it is not an optimal IDS because …
Access point (AP)
It needs to divide its time between providing access and monitoring traffic
To operate effectively, an IPS must have an excellent
intrusion detection
capability.
An IPS itself should not become a liability by becoming subject to one or more types of network or computer attacks. Thus, some IPS products
.
are designed to be installed without an IP network address. Instead, they operate promiscuously, examining each
packet flowing on the network and responding to predefined attacks by dropping packets, changing equipment settings, and generating a variety of alerts.
SIEM technology is typically deployed to support three primary use cases:
- Compliance through log management and compliance reporting
- Threat management through real-time monitoring of user activity,
data access, and application activity and incident management - A deployment that provides a mix of compliance and threat
management capabilities
Deciding what events to send to the SIEM is often challenging. The security
architect needs to be aware of two capacity limits that SIEM systems have:
Storage. How much space will the events take?
Events per second.
There are two specific areas that the security architect should begin to focus
on as they look to deploy SEIM systems into the enterprise:
- Bandwidth utilisation
- HTTP Tunneling
Give an example of an SEIM rule that would target bandwidth utilisation
“if the bandwidth directed to my web servers is greater than 40Mb/s for 10 minutes or more, trigger an alert.”
Why should SEIMs be configured to look for HTTP Tunneling
If users are tunneling other protocols
through HTTP they are likely attempting to evade controls, or it could be malware attempting to evade controls.
If users are tunneling other protocols
through HTTP they are likely attempting to evade controls, or it could be malware attempting to evade controls. The security architect will need to create a rule that
monitors for TCP port 80
or 443 traffic that is NOT HTTP protocol based.
One or more stations and an access point are referred to as a Basic Service Set
(BSS). To differentiate one BSS from another, each access point is assigned a
Service Set identifier (SSID). The SSID is periodically broadcast by the access point
One popular method to increase
wireless security, which is not particularly practical when facing network-savvy
hackers, is
to turn off SSID broadcasting.
Wireless LANs can communicate is two different ways referred to as
as peer-to-peer and
infrastructure.
In peer-to-peer mode, stations
communicate directly with one
another.
In the infrastructure mode of operation, stations communicate via the use of
an access point. (Wireless router)
The wireless access point, which is more popularly referred to as a wireless router
when used in a home or small business, is the most common communications
product used to connect wireless stations to a corporate LAN. In actuality, the
basic access point is
a two-port bridge, with one port representing the wireless
interface while the second port is the wired interface.
When functioning as a
bridge, the access point operates according to the three-F rule,
flooding, filtering,
and forwarding, as it builds a table of MAC addresses associated with each port.
BSS
One or more stations and an access point are referred to as a Basic Service Set BSS
When two BSSs are connected via a repeater or wired connection, they form an
Extended service set (ESS)
The ESS has an identifier or network name referred to as an
Extended Service Set Identifier (ESSID).
The ESSID can be considered
as the network identifier for
the wireless network.
Devices may be set to “any” or
to a specific ESSID. When set, they will
only communicate with other devices
using the same ESSID.
The original security for wireless LANs, was
Wired Equivalent Privacy (WEP)
What was wrong with WEP
It was broken by several persons several years ago
After WEP In an attempt to minimize the vulnerability of wireless transmissions, several additional security-related protocols were developed. These included
two versions of Wi-Fi Protected Access (WPA and WPA2),
and two new wireless-security-related standards from the IEEE referred to as the 802.11i and 802.1X.
802.1X includes a security protocol
referred to as the
Temporal Key Integrity Protocol (TKIP).
Both WPA and WPA2 represent security protocols created by
the Wi-Fi Alliance
TKIP was designed to add a level of security beyond that provided
by WEP. To do so, TKIP added
- a key mixing function,
- a sequence counter that protects against replay attacks, and
- a 64-bit message integrity check to eliminate the potential of a man-in-the-middle attack.
TKIP was launched during 2002 and has been superseded by more robust encryption methods, such as
AES and
CCMP 40
Under WPA2, two modes of operation are supported:
Personal mode and
Enterprise mode.
Under WPA2, two modes of operation are supported: Personal mode and
Enterprise mode. Personal mode was developed to support wireless security in
the home and small office environment that lacked access to an authentication
server. This mode of operation is referred to as __________(1) __________, and its use
requires wireless network devices to
________________(2)
- Pre-shared key (PSK), and its use
- encrypt traffic using a 256-bit key. That key can be entered as a passphrase of 8 to 63 printable ASCII characters or as a string of 64 hex digits.
It is important to note that although WPA and WPA2 are not IEEE
standards, they
implement the majority of the IEEE 802.11 standard, with WPA2 supporting the Advanced Encryption Standard (AES).
AES
Advanced Encryption Standard
AES supports three block ciphers
three block ciphers; AES-128, AES-192, and AES-256.
What is the block size of each of the three block ciphers AES-128, AES-192, and AES-256.
They are all 128Bit, the number refers to the key size
block size refers to
the fixed-length chunk of data that a block cipher processes at a time
Are WPA and WPA2 compatible with the 802.11i standard.
While WPA and WPA2 represent a majority of the 802.11i standard, they are
not fully compatible with it. While 802.1 li makes use of the AES block cipher,
While 802.11 makes use of the AES block cipher, both the original WEP and WPA use
The RC4 stream cipher. Another difference
The 802.1li architecture includes support for the 802.1X standard as an
authentication mechanism based on the use of the Extensible Authentication Protocol (EAP)
CCMP
Cipher block chaining message authentication an encryption protocol based on AES
why is the 802.11i standard well suited to the enterprise
- support for the 802.1X standard for authentication
2.The use of AES based counter mode with CCMP
The 802.1x standard provides
port based authentication requiring devices to be authenticated prior to gaining access to a LAN
Under the 802.1x standard the client node is referred to as
the supplicant
In 802.1x if the authentication server accepts the supplicant’s request,
the authenticator opens the port to the supplicant’s traffic, otherwise it is blocked.
In addition to the use of 802.11i and 802.1x enhancements another
technique commonly used to provide a high level of security on wireless networks
is the use of a layer 3 VPN, an alternative security mechanism that can be valuable when users are traveling or their organisation does not fully support the 802.1X standard.
Through the use of virtual LANs, it becomes possible to partition switch-based networks into zones of control. Why is this good?
- it can restrict who can access devices attached to specific switch ports,
2 It can enhance throughput
by limiting broadcast traffic.
The most prominent use of content filtering is in
programs that operate as add-ons to Web browsers or at a corporate gateway,
blocking unacceptable messages that might be pornographic or racist or otherwise harmful
Anti-malware software can be
considered as a special type of
Content filter
________________ is the building block upon which anti-spam products operate.
Content filtering
HTTPS inspection allows a firewall to
terminate outbound HTTPS sessions at the firewall.
HTTPS inspection allows a firewall to terminate outbound HTTPS sessions at the firewall. How is this accomplished
This is accomplished by acting as a trusted man-in-the-middle. When a request is made of the firewall for an HTTPS protected resource, the firewall will establish a new connection to the destination server and retrieve its SSL certificate. The firewall then copies the information from the certificate and creates its own certificate using these details and provides that to the client. As long as the client trusts the root certificate of the firewall the process is completely transparent to the end user.
Some common examples of mobile code include code developed using script languages such as
JavaScript and VBScript, Java applets, ActiveX controls, Flash animations, and
even macros embedded within Microsoft Office documents such as Excel and
Word documents.
DLP
Data loss prevention
There are three broad categories of DLP that the security architect needs to be familiar with as they plan the deployment of a solution:
Enterprise DLP solutions
Channel DLP for specific channels like email
DLP-lite - monitors only specific protocols
It is imperative that the security architect continue to be aware of the absolute
need to ____________________ in the planning and operationalization
of DLP.
involve non IT stakeholders
The TCP/IP protocol suite in effect combines
the upper three layers of the OSI
model (application, presentation, and session),
One of the main challenges for the security architect with regards to social
media and more broadly, social networking technologies in the enterprise, comes from
the intersection of the tremendous increase in smart device capabilities and
the Bring Your Own Device (BYOD) phenomenon that has become prevalent
in recent years
A revolutionary piece of malware, being the first to have a successful and continuous run propagating through social networks.
KOOBFACE
In order to determine what social networks the affected user is a member of, the KOOBFACE downloader
checks the Internet cookies in the user’s machine.
The components of the KOOBFACE botnet owed their continued
proliferation to
to gratuitous link-sharing behaviors seen commonly on social networking sites.
Why are Social Media worms like KOOBFACE a problem for security architects
The malicious content is hosted outside of the security infrastructure of the organisation.
The most widely used security protocol is
SSL Secure Sockets Layer
HyperText Transmission Protocol (HTTP). SSL has been used over the past few
years to migrate to a derivative IETF standard referred to as
Transport Layer Security (TLS) that is very similar to SSL Version 3.0; these standards are often referred to interchangeably in this
Does SSL support all TCP features
It is important to note that SSL does not support some TCP features,
such as out-of-band data.
The SSL protocol was developed by
Netscape Communications Corporation
in 1994.
Explain the seven step process through which SSL/TLS communications are set up
- After building a TCP connection, the SSL handshake is started by the client.
- The client sends a number of specifications: which version of SSL/TLS
it is running, what ciphersuites it wants to use, and what compression methods
it wants to use. - The server checks what the highest SSL/TLS version is that is
supported by them both, picks a ciphersuite from one of the client’s options (if it supports one), and optionally picks a compression method. - After this the basic setup is done, the server sends its certificate.
- Having verified the certificate and being certain this server really is who he
claims to be (and not a man in the middle), a key is exchanged. This can be a public key, a PresharedSecret, or simply nothing, depending on the chosen ciphersuite. - Both the server and the client can now compute the key for the symmetric
encryption. - The client tells the server that from now on, all communication will be encrypted, and sends an encrypted and authenticated message to the server.
To close an SSL connection, ______________ ‘alert’ is used. If an attacker tries to
terminate the connection by finishing the TCP connection (injecting a FIN
packet), both sides will know the connection was improperly terminated. The
connection cannot be compromised by this though, merely interrupted.
close_notify
To close an SSL connection, a close_notify ‘alert’ is used. Why is this important
If an attacker tries to
terminate the connection by finishing the TCP connection (injecting a FIN
packet), both sides will know the connection was improperly terminated.
Although SSL permits both the client and the server to authenticate each
other, typically only the server is authenticated in the SSL layer. Clients are
primarily authenticated
in the application layer, through passwords sent over an SSL-protected communications link between client and server
Is the client or the server typically authenticated in the application layer
the client, the server is normally authenticated in the SSL layer
A key limitation of SSL/TLS is
the fact that information passed over a secure connection becomes nonsecure when the server being accessed stores the
received data on a hard drive.
A VPN interconnects two or more locations via tunneling. There are two basic types of VPN tunnelling:
voluntary and compulsory
Under voluntary VPN tunnelling which end manages the connection setup
process.
The client
Under compulsory tunneling,
what is responsible for managing the VPN connection setup process.
the communications carrier network provider
Under voluntary tunneling, what are the two steps required,
The client first initiates a connection to the communications carrier, which is an Internet service provider (ISP), when establishing an Internet VPN.
Then, the VPN client application creates the tunnel to a VPN server over the
connection.
Since the early 1980s, several computer network protocols were developed to
support VPN tunnels. Some of the more popular VPN tunneling protocols
include
- the Point-to-Point Tunneling Protocol (PPTP),
- Layer 2 Tunneling Protocol (L2TP),
- IP Security (IPSec),
- a combination of L2TP and IP Sec referred
to as L2TP/IPSec, and
TCP Wrappers.
PPTP is built on top of the ___________________, which is commonly
used as the login protocol for dial-up Internet access. PPTP stores data within
Point-to-Point Protocol (PPP)
How does PPTP store and transmit data
PPTP stores data within PPP packets, then encapsulates the PPP packets within IP datagrams for transmission through an Internet-based VPN tunnel.
PPTP authentication uses PPP-based protocols such as
- the Password Authentication
Protocol (PAP), - the Challenge-Handshake Authentication Protocol (CHAP),
- and the Extensible Authentication Protocol EAP
A key advantage of PPTP is
its inclusion in just about every version of Windows.
Thus, Windows servers also can function as PPTP-based VPN servers without
having an organization bear any additional cost.
Three key disadvantages of PPTP are
- Vulnerable to man in the middle attacks
- Only supports single factor (password based) authentication
- It has failed to embrace a single standard for authentication and encryption
Another disadvantage of PPTP is its failure to embrace a single standard for
authentication and encryption. What does this mean
Thus, two products that both fully comply
with the PPTP specification can be totally incompatible with each other if they
encrypt data differently.
Numerous concerns have arisen over the
level of security PPTP provides compared to alternative VPN protocols. As a
result of questions regarding its security, PPTP has been made obsolete by
by Layer 2 Tunneling Protocol and IPSec.
Similar to PPTP, L2TP exists at the data link layer (Layer 2) in the OSI
reference model; hence, the origin of its name. However, in actuality, L2TP is a
Layer 5 protocol and operates at the session layer of the OSI model using UDP
Port 1701.
The two endpoints of an L2TP tunnel are called
LAC (L2TP Access
Concentrator) and the
LNS (L2TP Network Server).
The LAC is the initiator of the tunnel, while the LNS is the server, which waits for new tunnels to be established. Once a tunnel is established, network traffic is bidirectional.
There are two basic types of tunneling: compulsory and voluntary. Under
L2TP, compulsory tunneling is ideal for a business environment. This is because
the tunnel is created from the LAC via the Internet to the LNS on a distant
corporate network, and neither remote client has knowledge of the tunnel nor
needs L2TP client software. Instead, each remote client creates a PPP connection
to the LAC and is then tunneled to the LNS.
When remote clients need to access a LAC to gain access to a distant corporate network, this is called
compulsory tunneling
True or false L2TP does not provide any encryption.
True
Under L2TP, how does authentication occur?
occurs via PPP at the LAC or the LNS.
IPSec operates at Layer _____ and secures _____________
3
secures everything in the network
Also, unlike SSL, which is typically built into every Web browser, IPSec requires
a client installation.
How is IPSec different from SSL
It is not only for web traffic, it covers all traffic
IPSec operates at the IP layer (Layer 3) of the Internet Protocol Suite, what is the effect of this.
The operation of IPSec at Layer 3 makes this security protocol more flexible than
SSL/TLS and higher-layer protocols.
IPSec represents a family of security-related protocols. Each protocol was
designed to perform different security-related functions. Those protocols and
their functions include …
- Authentication Header (AH): Provides authentication for IP datagrams as well as protection against replay attacks.
- Encapsulating Security Payload (ESP): Provides authentication, data integrity, and confidentiality of packets transmitted.
- Internet Key Exchange (IKE): It is an IPSec protocol that is used to
set up a Security Association (SA) by handling negotiation of the
encryption and authentication keys to be used by IPSec.
While ESP supports encryption-only and authentication-only modes of
operation, what should one note
using encryption without authentication is strongly discouraged because it is insecure.
IPSec uses a Security Parameter Index (SPI), which points to a location in a
Security Association Database (SADB), along with the destination address in a
packet header, which together
uniquely identify a security association for that packet.
This operates directly above IP, using IP protocol number of 51. It is employed
to authenticate the origin of data as well as provide for the data integrity of IP
datagrams. In addition, it can optionally protect against replay attacks through
the use of a sliding window technique and discarding old packets.
Authentication header
There are two “modes” of operation that are supported by AH and ESP
This mode is used to protect end-to-end
communications between two hosts. This protection can be either authentication or encryption or both, but it is not a tunnelling protocol. Thus, it has nothing to do with a traditional VPN
Transport mode
There are two “modes” of operation that are supported by AH and ESP
Under this mode the full IP header as
well as payload data is encapsulated, which enables source and destination addresses to be different from those of the original packet. This encapsulation permits the packet to flow between
two intermediary devices that form the tunnel, such as IPSec-compatible routers.
Tunnelling model
ESP represents the portion of IPSec that
provides origin authentication, data
integrity, and confidentiality of packets. ESP also supports encryption-only.
Unlike AH, ESP does not
Unlike AH, ESP does not protect the IP packet header.
Due to the lack of encryption and authentication in the L2TP protocol, it is
often implemented
along with IPSec; the result is referred to as L2TP/IPSec,
Because the L2TP packet is both wrapped and hidden within the IPSec packet
no information about the content of the packet can be obtained from the encrypted packet.
An additional benefit from the use of IPSec with L2TP is the ability to enhance
authentication via
the use of EAP
The socks protocol operates at layer
5 Session Layer
The SOCKS protocol is designed to
route packets between client-server
applications via a proxy server.
A Cross-Site Request Forgery (CSRF) represents an attack method developed to fool a victim into
loading a Web page that contains a malicious request.
A cross-site scripting attack exploits the trust most users place in
accessing a Web-site.
Cross-site scripting attacks commonly occur in two basic forms,
when an attacker embeds a script in data pushed to the user as a result of a
GET or POST request (first order)
or when the script is retained in long-term storage before being activated (second order).
DNS rebinding represents an attack on
the insecure binding between DNS
host names and network addresses.
Through a DNS rebinding attack, the attacker is able to bypass a same-origin-
policy restriction because
both the victim and attacker have the same host name,
Time of Check/Time of Use (TOC/TOU) represents two types of attacks
that are based on
changes in principals or permissions
Another attack that warrants attention is the wildcarding attack. This attack
occurs when
access controls are set in error and open a security hole for unintended access. For example, if access control rules are set to *.edu, any .edu site can access the users resources
RMON
Remote monitoring
There are 3 main areas that the security architect needs to consider regarding
security in the virtualised infrastructure that they manage.
Oversight
Maintenance
Visibility
- Compare the frequency range of a person’s voice to the size of the
passband in a voice communications channel obtained over the
telephone. Which of the following accounts for the difference between
the two?
A. The telephone company uses Gaussian filters to remove
frequencies below 300 Hz and above 3300 Hz because the primary
information of a voice conversation occurs in the passband.
B. The telephone company uses low-pass and high-pass filters to
remove frequencies below 300 Hz and above 3300 Hz because
the primary information of a voice conversation occurs in the
passband.
C. The telephone company uses packet filters to remove frequencies
below 500 Hz and above 4400 Hz because the primary
information of a voice conversation occurs in the passband.
D. The telephone company uses low-pass and high-pass filters to
remove frequencies below 500 Hz and above 4400 Hz because
the primary information of a voice conversation occurs in the
passband.
The correct option is B
The frequency range of a person’s voice typically varies between 0 and 20 kHz, while a telephone channel has a passband of 3 kHz. The telephone company uses low-pass and high-pass filters to remove frequencies below 300 Hz and above 3300 Hz because the primary information of a voice conversation occurs in the passband. This allows more channels to be multiplexed onto a wideband circuit.
- What is the data rate of a PCM-encoded voice conversation?
A. 128 kbps
B. 64 kbps
C. 256 kbps
D. 512 kbps
The correct option is B
The data rate of PCM-encoded voice conversation is 64 kbps.
- How many digitized voice channels can be transported on a T1 line?
A. Up to 48
B. Up to 12
C. Up to 60
D. Up to 24
The correct option is D
There can be up to 24 digitized voice channels on a T1 line.
- How many T1 lines can be transported on a T3 circuit?
A. 12
B. 18
C. 24
D. 36
The correct option is C
Up to 24 T1 lines can be transported on a T’3 circuit.
- The three advantages accruing from the use of a packet network in comparison to the use of the switched telephone network are a potential
lower cost of use, a lower error rate as packet network nodes perform
error checking and correction, and
A. the ability of packet networks to automatically reserve resources.
B. the greater security of packet networks.
C. the ability of packet networks to automatically reroute data calls.
D. packet networks establish a direct link between sender and receiver.
The correct option is C
Three advantages associated with the use of packet networks in comparison to
the use of the public switched telephone network include a potential lower cost
of use, a lower error rate as packet network nodes perform error checking and
correction, and the ability of packet networks to automatically reroute data calls.
- Five VolP architecture concerns include
A. the end-to-end delay associated with packets carrying digitized voice,
jitter, the method of voice digitization used, the packet loss rate, and
security.
B. the end-to-end delay associated with packets carrying digitized voice,
jitter, attenuation, the packet loss rate, and security.
C. the end-to-end delay associated with packets carrying digitized voice,
jitter, the amount of fiber in the network, the packet loss rate, and
security.
D. the end-to-end delay associated with packets carrying digitized voice,
jitter, the method of voice digitization used, attenuation, and security.
The correct option is A
Five VolP architecture concerns include the end-to-end delay associated with
packets carrying digiticed voice, jitter, the method of voice digitization used, the
- What is the major difference between encrypting analog and digitized
voice conversations?
A. Analog voice is encrypted by shifting portions of frequency, making
the conversation unintelligible.
B. Digitized voice is generated by the matrix addition of a hixed key to
each digitized bit of the voice conversation.
C. Analog voice is encrypted by shifting portions of amplitude to
make the conversation unintelligible.
D. Digitized voice is encrypted by the modulo-2 addition of a fixed
key to each digitized bit of the voice conversation.
The correct option is A
Analog voice is encrypted by shifting portions of frequency to make the conversation
unintelligible. In comparison, the encryption of digitized voice occurs by the
modulo-2 addition of a random key to each digitized bit of the voice conversation.
- In communications, what is the purpose of authentication?
A. Establishing a link between parties in a conversation or transaction.
B. Ensuring that data received has not been altered.
C. Securing wireless transmission.
D. Verifying the other party in a conversation or transaction.
The correct option is D
Authentication is the process of verifying the other party in a conversation or
transaction.
- What is the purpose of integrity?
A. Integrity is a process that ensures data received has not been altered.
B. Integrity is a process that ensures a person stands by his beliefs.
C. Integrity is a process that ensures that the amount of data sent
equals the amount of data received.
D. Integrity is a process that ensures data received has been encrypted
The correct option is A
Integrity is a process that ensures data received has not been altered.
- The key purpose of the Session Initiation Protocol (SIP) is to
A. define the protocol required to establish and tear down
communications, including voice and video calls flowing over a
packet network.
B. define the signaling required to establish and tear down
communications, including voice and video calls flowing over a
PSTN.
C. dehne the protocol required to establish and tear down
communications, including voice and video calls flowing over a
circuit-switched network.
D. Define the signalling required to establish and tear down the communications, including voice and video calls flowing over a packet switched network
The correct option is D
SIP defines the signalling required to establish and tear down communications
to include voice and video calls flowing over a packet network.
- Briefly describe the H.323 protocol.
A. It represents an umbrella recommendation from the ITU that covers a variety of standards for audio, video, and data communications
across circuit-switched networks.
B. It provides port-based authentication, requiring a wireless device
to be authenticated prior to its gaining access to a LAN and its
resources.
C. It defines the protocol required to establish and tear down
communications, including voice and video calls flowing over
packet network.
D. It represents an umbrella recommendation from the ITU that covers a variety of standards for audio, video, and data communications
across packet-based networks and, more specifically, IP-based
networks.
The correct option is D
The H.323 standard can be considered to represent an umbrella recommendation
from the International Telecommunications Union (ITU) that covers a variety
of standards for audio, video, and data communications across packet-based
networks and, more specifically, IP-based networks such as the Internet and
corporate Intranets.
- What is the difference between RTP and RTCP?
A. RTP defines a standardized port for delivering audio and video
over the Internet, while the RTCP provides out-of-band control
information for an RTP port.
B. RTP defines the protocol required to establish and tear down
communications, including voice and video calls flowing over a
packet network, while the RTCP provides out-of-band control
information for an RTP port.
C. RTP defines a standardized packet format for delivering audio and
video over the Internet, while the RTCP provides out-of-band
control information for an RTP flow.
D. RTP defines a standardized port for delivering audio and video
over the Internet, while the RTCP defines the protocol required to establish and tear down communications, including voice and video calls flowing over a packet network.
The correct option is C
The Real Time Protocol (RTP) defines a standardized packet format for delivering audio and video over the Internet, while the RTCP provides out-of-band
control information for an RTP flow.
- List the components defined by the H.323 standard.
A. Terminal, gateway, gatekeeper, multipoint control unit (MCU),
multipoint controller, multipoint processor, and H.323 proxy
B. Path, gateway, gatekeeper, multipoint control unit (MCU),
multipoint controller, multipoint processor, and H.323 proxy
C. Terminal, gateway, gatekeeper, multipoint control unit (MCU),
multipoint transmitter, multipoint receiver, and H.323 proxy
D. Protocol, terminal, gatekeeper, multipoint control unit (MCU),
multipoint controller, multipoint processor, and H.323 proxy
The correct option is A
The H.323 standard defines the following components: Terminal, Gateway,
Gatekeeper, MCU (Multipoint Control Unit), Multipoint Controller, Multipoint
Processor, and H.323 Proxy.
- What are some of the major functions performed by a security modem?
A. Allows remote access to occur from trusted locations, may encrypt
data, and may support Caller ID to verify the calling telephone
number.
B. Allows remote access to occur trom any location, may encrypt data,
and may support Caller ID to verity the calling telephone number.
C. Allows remote access to occur from a mobile location, may encrypt
data, and may support Caller ID to verify the calling telephone
number.
D. Allows remote access to occur from trusted locations, may encrypt
data, and may identify the calling telephone number.
The correct option is A
A security modem represents a special type of modem that allows remote access
to occur from trusted locations, may encrypt data, and may support caller ID to
verify the calling telephone number.
- The major difference between a router and firewall lies in three areas:
A. Ipecaion, af parkers based he outine ables, sho degree of packet
B. The transter of packets based on absolute addresses, the degree of
packet inspection, and acting as an intermediate device by hiding
the address of clients from users on the Internet.
C. The transter of packets based on routing tables, the degree of packet
inspection, and acting as an intermediate device by hiding the
address of clients from users on the Internet.
D. The transfer of packets based on routing tables, the degree of
packet inspection, and creating a DMZ behind Internet-facing
applications.
The correct option is C
The major difference between a router and firewall lies in three areas: the transfer
of packets based on routing tables, the degree of packet inspection, and acting
as an intermediate device by hiding the address of clients from users on the
Internet, a technique referred to as acting as a proxy.
- What is the purpose of an intrusion detection system (IDS)?
A. To hide the address of clients from users on the Internet.
B. To detect unwanted attempts to access, manipulate, and even
disable networking hardware and computers connected to a
network.
C. To detect and respond to predefined events.
D. To prevent unauthorized access to controlled areas within a site or
a building.
The correct option is B
An IDS represents hardware or software that is specifically designed to detect
unwanted attempts at accessing, manipulating, and even disabling networking
hardware and computers connected to a network. In comparison, an IPS
represents an active system that detects and responds to predefined events. Thus,
the IPS represents technology built on an IDS system. This means that the
ability of the IPS to prevent intrusions from occurring is highly dependent on
the underlying IDS.
- What are the two methods that can be used for wireless LAN
communications?
A. Peer-to-peer and infrastructure
B. Peer-to-peer and cloud
C. Cloud and infrastructure
D. Peer-to-peer and remote
The correct option is A
Wireless LANs can communicate is two different ways referred to as peer-to-
peer and infrastructure.
- What is the benefit of WPA over WEP for enhancing wireless LAN
security?
A. WPA permits the equivalent of wired network privacy and includes
the use of TKIP to enhance data encryption.
B. WPA implements a large portion of the IEEE 802.11i and includes
the use of TKIP to enhance data encryption.
C. WPA implements a large portion of the IEEE 802.11i and includes
the use of IKE to enhance data encryption.
D. WPA implements IEEE 802.11a and g and includes the use of
IKE to enhance data encryption.
The correct option is B
The original security for wireless LANs, referred to as Wired Equivalent Privacy
(WEP), permits the equivalent of wired network privacy and nothing more.
WEP was broken by several persons many years ago. WPA represents a security
protocol created by the Wi-Fi Alliance to secure wireless transmission and was
created in response to the security weakness of WEP. This protocol implements
a large portion of the IEEE wireless security standard referred to as 802.11i
and WPA included the use of the Temporal Key Integrity Protocol (TKIP) to
enhance data encryption.
- What is the purpose of the IEEE 802.1X standard?
A. To provide port-based authentication.
B. To provide port-based authorization.
C. To detect and respond to predefined events.
D. To secure wireless transmission.
The correct option is A
The IEEE 802.1X standard provides port-based authentication, requiring a
wireless device to be authenticated prior to its gaining access to a LAN and
its resources. Under this standard, the client node is referred to as a supplicant
while the authenticator is usually an access point or a wired Ethernet switch.
