Security - Protocols and Networking Flashcards
Describe how IPv6 offers security.
IPv6 features allow distributed applications to be secured at the packet level, while remaining transparent to applications that depend on TCP for communication.
The authentication header provides support for integrity, using a checksum or the contents of a packet. A hashing algorithm is used, whose results depend on a secret key known only to the sender and receiver. This can also be used to authenticate the sender.
The authentication header also provides a counter that is incremented for each new packet. This number is used by the receiver to counteract replay attacks.
The encapsulating security payload can be used to provide confidentiality by encrypting a packet, and includes a checksum for verifying integrity. Authentication may also be applied in this header.
What is SSL?
SSL is the standard for secure communications on the web, and makes use of TCP to provide both authentication and privacy through encryption. To use SSL, a server must have a certificate.
SSL is supported in core Java and in the Java EE platform through the Java Secure Sockets Extension (JSSE) packages.
SSL can be used underneath other application protocols to create protocols such as FTPs (for secure FTP), SMTPs (for secure mail transport) and LDAPs (for secure lookup).
(4 steps)
What are the steps in a typical SSL transaction?
- Client sends a message indicating what forms of communication the client’s browser can support, so that an encryption algorithm that both can support is used
- Authentication of both client and server can take place through an exchange of certificates (normally only the server authenticates itself, but it can request client authentication if required)
- Once validated, a shared means of encryption is established and a public key-based protocol can be used to establish a secret session key, which can then be used to encrypt communications
- A hash of all exchanged data is used to check the integrity or the communication (a nonce value can be employed to prevent replays and the cipher in use can be renegotiated from time to time)
(6 answers)
What are firewalls?
- Identifies and allows/rejects network traffic to or from a system
- Secures the computer’s ports
- Rejects communication from unknown or untrusted sources
- Provides a single point at which security and auditing can be imposed
- Cannot protect against internal attackers, or traffic that bypasses it
- Users may find ways around firewall measures, so they cannot be seen as a fix-all for security problems
What is a packet filter?
A packet filter is a firewall technique that examines incoming or outgoing network packets against a set of rules (e.g. banned words, untrusted network addresses, certain protocols) and then accepts or rejects accordingly.
What is stateful packet inspection?
Stateful packet inspection is an advanced firewall technique that tracks the state of each communication between the two sides of the firewall and uses this information to decide which packets are legitimate.
What is an application gateway?
An application gateway is a firewall type that acts as a proxy server and provides a layer of authenticity between the user and the desired service, so that unauthorised use of the service can be rejected.
It can also check incoming packets for unauthorised or dangerous content.
What is a Virtual Private Network (VPN)?
A VPN allows private communications over a public network. The firewall will typically use IPSec to authenticate the user.
VPN is a form of tunnelling.
What is tunnelling?
Tunnelling is using a protocol that is wrapped in another protocol, allowing communication over a network that does not support the wrapped protocol directly. End-to-end encryption takes place between the two ends of the tunnel, creating a private network of sorts.
It is easy to add users to a virtual connection, so they scale much better than leased lines.
