12 - Secure Communications and Network Attacks Flashcards
What are some Secure Communication Protocols?
- IPsec: Used mainly in VPNs, provides encryption, access control, nonrepudiation, and message authentication.
- Kerberos: Offers SSO
- SSH: End-to-end encryption. Encrypts protocol.
- Signal Protocol: Provides end-to-end encryption for voice communications, videoconferencing, and text message services.
- Secure Remote Procedure Call (S-RPC): Authentication service that prevents unauthorized execution of code on remote systems.
- Secure Sockets Layer (SSL): Encryption protocol that protects the communications between a web server and web browser. Superseded by TLS.
- Transport Security Layer (TLS): Stronger encryption than SSL.
What are some Authentication Protocols?
- Challenge Handshake Authentication Protocol (CHAP): Uses challenge-response dialogue that can’t be replayed. reauthenticates during the session to verify identity.
- Password Authentication Protocol (PAP): Transmits creds in cleartext.
-
Extensible Authentication Protocol (EAP): Framework for authentication that allows for customized solutions.
- Protected Extensible Authentication Protocol (PEAP): Encapsulates EAP in a TLS tunnel.
- Lightweight Extensible Authentication Protocol (LEAP): Used WEP, supported frequent reauthentication and changing of WEP keys.
What is VoIP?
Encapsulates audio into IP packets to support telephone calls over TCP/IP network connections.
What are Phreakers? and what tools can they use?
Attackers who abuse the phone system like a hacker.
- Black Boxes: Custom-built circuit boards that manipulate line voltages to steal long-distance services.
- Red Boxes: Tape recorders that simulate tones of coins being deposited into a payphone.
- Blue Boxes: Device that is used to simulate 2600 Hz tones to interact directly with the telephone backbone system.
- White Boxes: a keypad device that is used to control the phone system.
What is Social Engineering?
Where an attacker gains trust in order to get valuable data or access.
Social engineering exploits human characteristics such as basic trust, a desire to help, a propensity to show off, being distracted, following orders, fearing reprimands, or “following orders”.
What is Multimedia Collaboration and what are some components of it?
Multimedia Collaboration is the use of various multimedia-supporting communication solutions to enhance distance collaboration and allows workers to work simultaneously.
- Remote Meeting: Any tool that allows for interaction between remote parties.
- Instant Meeting (IM): A mechanism that allows for real-time text-based chat between two users located anywhere on the internet. Some tools offer file transfer, multimedia, and other features. Some forms use peer-to-peer protocols others use a centralized server. Some also specialize in private, encrypted chats for enterprises (Slack, Teams).
What are some components for securing email?
Email is composed of servers that uses SMTP to communicate and clients that grab emails from their inboxes using POP3 or IMAP.
- Secure Multipurpose Internet Mail Extensions (S/MIME): Uses public-key encryption and digital signatures for authentication and confidentiality.
- MIME Object Security Services (MOSS): Uses MD2, MD5, RSA, and DES for encryption.
- Privacy Enhanced Email (PEM): Uses RSA, DES, and X.509 for authentication, integrity, confidentiality, and nonrepudiation.
- DomainKeys Identified Mail (DKIM): Confirms mail is valid based on the domain that sent it.
- Pretty Good Privacy (PGP): Uses a public-private key system to encrypt messages and files. Uses a variety of algorithms with a lot of grassroots support.
- Opportunistic TLS for SMTP Gateways (RFC 3207): Uses encrypted connections for mail servers.
- Sender Policy Framework (SPF): Confirms if a sender is authorized to send from that SMTP server.
What is an Open Relay?
An Open Relay is an email server that has not been properly configured to authenticate senders and just relays all emails.
These servers are prime targets for spammers and DoS attacks.
What are some common Remote Access Techniques?
- Service Specific: Gives users ability to remotely connect to just one service, such as email
- Remote Control: Allows users full control over a distant system.
- Screen Scraping/Scraping: Screen is scraped on a target machine and shown to a remote operator.
- Remote Node Operation: Remote user connects to remote access server and provides user network services.
What are some components to consider when planning your Remote Access Security?
- Remote Connectivity Technology
- Transmission Protection
- Authentication Protection
- Remote User Assistance
What are some secure Dial-Up Protocols?
- Point-to-Point (PPP): Full-duplex that transmits TCP/IP packets over various non-LAN connections. Can also support any LAN protocol. Provides authentication via CHAP and PAP.
- Serial Line Internet Protocol (SLIP): Developed to support TCP/IP comms over asynchronous serial connections. Rarely used anymore.
What are some Centralized Remote Authentication Services?
- Remote Authentication Dial-In User Service (RADIUS): Remote access server passes dial-up user logon creds to the RADIUS server for authentication. Uses ports 1812 and 2083.
-
Terminal Access Controller Access-Control System (TACACS+): Has 3 versions and uses port 49:
- TACACS: Integrates authentication and authorization processes.
- XTACACS: Keeps authentication, authorization, and accounting processes separate.
- TACACS+: Adds 2FA.
What is a Virtual Private Network?
A Virtual Private Network is a communication tunnel that provides point-to-point transmission of both authentication and data traffic over an intermediary untrusted network.
VPNs connect 2 endpoints over an insecure intermediary. Once connected, a client endpoint can access the host endpoint as if they were on the same network.
What is Tunneling?
The process of encapsulating unaccepted/unauthorized protocols within authorized protocols for secure transmission across untrusted networks.
Downsides: Can create more overhead needed, more bandwidth, and can cloak malicious activity
What are some protocols VPNs use?
- Point-to-Point Protocol: Creates a tunnel between 2 systems and encapsulates PPP packets. Offers authentication using protocols such as CHAP, PAP, and EAP. The initial tunnel negotiation process is not encrypted so the risk of interception is there.
- Layer 2 Forwarding/Tunneling Protocol: Developed by Cisco, Forwarding did not support encryption so Tunneling was deployed (it uses IPSec for its security mechanism.)
-
IP Security Protocol: Mostly widely used VPN protocol. Can only be used on IP networks and provides for authentication and encryption.
- Authentication Header (AH): Provides authentication, integrity, and nonrepudiation.
- Encapsulating Security Payload (ESP): Provides encryption for protecting the confidentiality of transmitted data.
- Tunnel Mode: Entire IP packet is encrypted and a new header is added for governing the transmission through the tunnel.
- Transport Mode: IP body is encrypted but the header is not.
What is a VLAN?
A Virtual Local Area Network is a network segmented network imposed by switches. This is done logically without altering the physical topology.
VLANs are used to control traffic for security or performance reasons. Segmented VLANs are protected from broadcasts from other networks and traffic can be filtered.
What is Virtualization
Technology that allows one or more OS’s within the memory of a single host computer. The OS’s being hosted are guest OS’s.
Provides scalability, recovery, and security for the host OS.
What is VM Escaping?
When software within a guest OS is able to breach the isolation protection provided by the hypervisor in order to violate the container of other guest OS’s or to infiltrate a host OS.
Ex. VENOM
What is a Virtual Application?
A software product that is deployed in such a way that it is fooled into believing it is interacting with a full host OS. It has been packaged/encapsulated in such a way to make it portable and it doesn’t have to be fully installed on a host OS.
What is Network Virtualization?
The combination of hardware and software networking components into a single integrated entity.
Software-Defined Networks (SDN) is a network design that is directly programmable from a central location, vendor-neutral, and open standards-based. Allows mix and match of hardware and allows the configuration to be controlled through a centralized management interface.
Virtual SAN allows multiple Storage devices into a consolidated storage container.
What is Network Address Translation?
Network Address Translation (NAT) is a mechanism for converting the internal IP addresses found in packet headers into public IP addresses for transmission over the internet.
- Can connect the entire network to the internet using a single/few leased public IP addresses.
- You can use Private IP addresses in a private network and still connect to the public internet.
- Hides the IP addressing scheme and network topography from the internet.
- Only traffic stemming from internal connections are allowed back into the network, everything else is automatically repelled (Stateful NAT).
What are the blocks of IP addresses considered private on the public internet but are frequently used on private NAT’d networks?
- 10.0.0.0 - 10.255.255.255 (a full Class A range)
- 172.16.0.0 - 172.31.255.255 (16 Class B ranges)
- 192.168.0.0 - 192.168.255.255 (class C ranges)
What are the different modes of NAT?
- Static: When an internal client’s IP address is assigned a permanent mapping to a specific external public IP address.
- Dynamic: Grants multiple internal clients access to a few leased public IP addresses.
What is APIPA?
Automatic Private IP Addressing (APIPA) assigns an IP address to a system in the event a DHCP assignment failure. IP range is 169.254.0.1 - 169.254.255.254 as well as the subnet mask of 255.255.0.0.
This could indicate an issue with the DHCP server or a malicious attack.
