Standards Flashcards
X.500
Directory services (DAP)
802.1x
Remote login (RADIUS)
Password is hashed with MD5 and sent to RADIUS server via UDP.
To encrypt, use TCP with TLS.
802.3
Ethernet. Specifically the Media Access Control sublayer of Layer 2.
802.11n vs. 802.11ac
Both are Wi-Fi transmission standards. Both use OFDM spread spectrum.
- 802.11n= fastest dual band ( both 2.4 and 5 Ghz).
- 802.11ac= fastest 5 Ghz. Supports directional beamforming.
802.15
Bluetooth
Virtual Circuit: Frame Relay
Layer 2 Packet switching Fast -- no error checking Utilizes ISDN (phone lines) Cheaper than T1 Supports multiple PVNs Requires DCE/DTE at each end Provides a Committed Information Rate Speed: T1 (1.5 Mbs) to T3 (45 Mbs)
Packet switching vs circuit switching
- packet switching: packets are distributed across the bandwidth. Billed by data transmitted.
- circuit switching: predefined narrow individual circuits in parallel. Billed by circuit, whether being used or not.
Virtual circuit: X.25
Layer 3 Older, therefore includes error checking because in the old days transmission media were not reliable. Packet switching Slow: error check, store and forward Requires DCE/DTE at each end Does not support multiple VPNs Speed: 2 Mbs
Virtual circuit: ATM
Layer 2
Utilizes vendor-provided end-to-end virtual circuits – either permanent or per-call.
Both packet switching and circuit switching
Fast, because it does not lookup addressing information, does not do error checking.
Uses fixed length cells
Utilizes IDSN or SONET
Instead of DCE/DTE, uses ATM switch at each end
Supports multiple PVNs
Supports voice, data and video at same time
Speed: 25-620 Mbs
Speed of T1
1.544 Mbs
Speed of T3
45 Mbs
ISDN BRI
Integrated Services Digital Network, Basic Rate Interface
Basic phone line service, primarily for single voice transmission
Good for single user
ISDN PRI
Integrated Services Digital Network, Primary Rate Interface
Premium phone line service, for multiple simultaneous voice and data transmissions
Good for offices (i.e. multiple users)
Digital Signature encryption standards
- RSA
- DSA (Digital Signature Algorithm)
- Elliptic Curve DSA for cell phones
802.11e
“e” for excellent quality.
Wireless Quality of Service: gives priority to delay-sensitive protocols like VoIP
802.11i
“I” for information security
Wireless security standard
ISO/IEC 14443
Smart card standard
Four fours, four sides to card
MPLS
Multi Protocol Layer Switching. Layer 3 and 2 New, replacing ATM and Frame Relay. Avoids the internet. Rent virtual circuits (Label Switch Paths) from vendor. Need two LSPs, one for each way. These use predefined shortcut addresses for routing, so not flexible like traditional IP routing. Use for office-to-office link, replacing VPN. Supports QoS. Speed: 2 Mbs-1 Gbs
iSCSI
High speed access to drives over ethernet
FCoE
Fiber Channel over Ethernet. Use fiber optics within data center for high speed access to servers and drives.
Class A network
16 million hosts, 127 networks
1.0.0.1 to 126.255.255.254
Class B network
65,000 hosts, 16,000 networks
128.1.0.1 to 191.255.255.254
Class C network
254 hosts, 2 million networks
192.0.1.1 to 223.255.255.254
Last octet of IP address
0 = network name 1 = gateway 2 = also can be gateway 3-254 = hosts 255 = broadcast to all the network
Kerberos
Single sign on
Uses AES
Uses LDAP to access AD for authentication
Weaknesses: plaintext storage of keys and all password hashes stored with same encryption key on server – all eggs in one basket
Microsoft default
SESAME
Similar to Kerberos but better: encrypted storage of user passwords
Uses PKI for authentication
Encrypted s
UNIX based
ISC2 cannons
Papa:
- Protect society
- Act honorably
- Provide service to principals
- Advance the profession
Graham-Denning Model
how many rules
Data security model
Primarily for integrity of financial transactions
8 rules: 4 for creating and deleting subjects & objects, 4 for rights (read, delete, etc.)
TLS/SSL process
Goal: confidential communication with authenticated web server.
- Client sends request to server.
- Server sends digital certificate. Certificate contains the server’s public key for confidential return of the session key, as well as a CA’s digital signature to prove the server’s authenticity.
- Client authenticates the server.
- Client generates a symmetric session key, encrypts it with the server’s public key, and sends it back to the server.
- The server decrypts the session key with its private key.
- The client and server communicate using encryption from the session key.
S/MIME
For public email.
Uses PKI for both signature and encryption
CAT3
10base-T,10 Mbps
CAT5
100Base-T, 100 Mbps, 100 M max distance
CAT5e
1000Base-T, 1000 Mbps, 100 M max distance
CAT6
1000Base-T, 1000 Mbps, 100 M max distance
IPSEC
Uses IKE (Internet Key Exchange) with ISAKMP & OAKLEY Used AES for confidentiality, SHA for integrity, HMAC for authentication
SONET
Synchronous Optical NETwork.
Two fiber optic rings in opposite directions
X.509 (International Telecommunications Union)
Digital signature standard
VPN protocol: PPTP
Most widely used VPN protocol, used by Microsoft. Uses PPP to encrypt data.
Obsolete?
Multiprotocol
VPN protocol: L2TP
Better than PPTP or L2F
Uses IPsec Transport mode to encapsulate
Multiprotocol & supports non-IP traffic
VPN protocol: L2F
Uses PPP to encrypt. Replaced by L2TP.
VPN protocol: MPLS
Multi-protocol Label Switching
Fast and efficient. Uses short labels to route packets through pre-defined routes.
PGP
Proprietary email protocol. Web of trust. Commercial version uses RSA, IDEA and MD5.
Shareware uses Diffie-Hellman, CAST, SHA.