securityflashcards

Question 1

C.I.A. of Security

Answer 1

Confidentiality, Integrity, Availability

Question 2

Confidentiality

Answer 2

Assurance that data is handled and shared only among those who are authorized and permitted to see it. In Security+ context generally refers to the method that the data is handled and stored

Question 3

Integrity

Answer 3

Assurance that data is authentic, complete, un-altered, correct, and can be relied upon. In S+ connotation, Integrity is on of the primary indicators of security of lack of security.

Question 4

Availability

Answer 4

Assurance that the SYSTEMS used for storing, processing, and delivery of information will be accessible to those who have a legitimate need for it. (Conversly, those who do not have a legitimate need cannot access it.

Question 5

Operational Model of Security

Answer 5

Protection = Prevention + Detection + Response

Question 6

Least Privilege

Answer 6

Give only the absolute minimum rights and privileges needed

Question 7

Layers of Security

Answer 7

Multiple barriers working in conjunction help eliminate single points of failure

Question 8

Diversity of Defense

Answer 8

Layers of security should be implemented using dissimilar methods and vendors. Layers should be so dissimilar that if one layer is penetrated, the next layer cannot be penetrated using the same method

Question 9

Security Through Obscurity

Answer 9

Ice cream hidden in the back of the freezer will be found

Question 10

Keep it Simple (Stupid) (KISS)

Answer 10

1. Turn off nonessential services, etc 2. Complex systems are difficult to secure

Question 11

Access Control

Answer 11

The ability of a subject to interact with an object

Question 12

Access Control List (ACL)

Answer 12

A list stating who has specific types access to what

Question 13

Discretionary Access Control (DAC)

Answer 13

Access control based on identity of subjects or groups to which they belong *Certain subjects (eg ““Owner””) may pass permissions on to any other subject

Question 14

Mandatory Access Control (MAC)

Answer 14

Access control based on levels of sensitivity assigned to objects (Labels) and formal levels of authorization (ie clearance) of subjects.

Question 15

Mandatory Access Control (MAC)

Answer 15

Access control based on levels of sensitivity assigned to objects (Labels) and formal levels of authorization (ie clearance) of subjects. These relationships are strictly enforced

Question 16

Role-Based Access Control (RBAC)

Answer 16

Access control based on subjects being assigned certain roles. Access control is managed at the role level instead of the subject level.

Question 17

Authentication

Answer 17

Verifying the identity of a subject Note: Does NOT infer any test for any permissions, only the identity.

Question 18

3 general Authentication methods

Answer 18

1. Something you know (ie password) 2. Something you have (ie token) 3. Something you are (ie biometrics)

Question 19

Kerberos

Answer 19

Network authentication protocol. Default for all versions of Windows since 2000. Authentication can be by certificate or by username and password. Conceptually; a client, a service, and a trusted 3rd party (Kerberos). Allows one-time authentication, for access to many trusting services. Kerberos is time-monitored to ensure no “replay” authentication attemps succeed. Note: NO “permissions” requested or given - Kerberos TGT does return ALL of the client’s SIDs, which is placed in a “security token” and presented to servers providing services to ascertain permissions.

Question 20

Ticket, Authentication Server(AS)

Answer 20

One of the components of Kerberos. The Ticket Authentication service issues a TGT (Ticket Granting Ticket), which the client can use in future communications with Kerberos to prove pre-authentication and obtain

Question 21

Kerberos Time-based

Answer 21

5 minutes skew in Windows, 10 minutes in other applications. If the client’s time is not within the permissible skew, authentication is denied

Question 22

Replay Attack

Answer 22

Any attack in which an attacker records an authentication or other credentials, to be replayed later to spoof the secure service. Typically, the attacker will couple a replay attack with a DoS attack on one of the stations, so the hijacked station is unaware of the attack

Question 23

CHAP

Answer 23

Challenge Handshake Protocol - a vendor-neutral protocol, in which the server and the client are able to complete a handshake and obtain authentication over a PPP network connection, without the client’s password EVER crossing the network. CHAP and PAP were the two methods of authentication - but PAP is no longer used, because the login and password were passed with clear text. CHAP involves a “3-way handshake.” CHAP is the highest level of password security that non-microsoft clients can use. CHAP does not natively support data encryption, certificates, or tokens (See MSCHAP)

Question 24

CHAP challenge/response (3-way handshake)

Answer 24

After the TCP link hanshake is completed, CHAP (1) The “authenticator” (server) sends a random challenge message to the peer (2) The peer responds by creating a value (from the Challenge seed) obtained by doing a one-way hash, using the bits in the client’s password, and returns this value to Server (3) Sever performs the same hash, using the bits in the proported client’s password - and if the returned value matches the local calculation, authentication is granted. This challenge-response is repeated periodically. CHAP suffers compared to MS-CHAP V2, in that the authentication is one-way. Client has NO WAY of knowing that server is not an imposter. In addition, CHAP is highly subject to client’s with weak passwords.

Question 25

Certificate Multi-factor authentication

Answer 25

Uses more than one authentication mechanism at the same time (ie ATM card + PIN)

Question 26

Token

Answer 26

Hardware device? used in authentication (something you have) (e.g. RSA secureToken)

Question 27

Security Token

Answer 27

A list of all of the user and group SIDs (including Universal group membership), which is presented by client to service when requesting access to a resource

Question 28

Multifactor Authentication

Answer 28

Uses more than one authentication mechanism at the same time (ie ATM card + PIN)

Question 29

Mutual Authentication

Answer 29

Authentication of both sides of a communication. Helps prevent man-in-the-middle attacks. CHAP and MS-CHAP both suffer from single-sided authentication. With MS-CHAP V2, this was corrected and now, as soon as client completes the 3-way handshake with server, client challenges server with another 3-way handshake - result “Mutual Authentication”

Question 30

Information Assurance

Answer 30

IA is the practice of managing information-related risks by ensuring CONFIDENTIALITY, INTEGRITY, AUTHENTICITY, AVAILABILITY, AND NON-REPUDIATION. IA is the process of insuring that AUTHORIZED USERS have access to AUTHORIZED INFORMATION at the AUTHORIZED TIME.

Question 31

DoD Information Assurance

Answer 31

The Department of Defense implemented its version of IA, with the DoD instruction 8570.01-M, which mandates levels of training and certifications for all DoD, Civil service, and Contractors involved in DoD IT.

Question 32

Information Security

Answer 32

Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, and destruction. Protection = Prevention + Detection + Response

Question 33

Nonrepudiation

Answer 33

Nonrepudiation is a way to guarantee that information received is from the source indicated. This must be legally enforceable. This is usually accomplished by “digitally signing” of messages, computer programs and other data. Guarantee that senders cannot deny they sent a message

Question 34

TCP 3-way Handshake

Answer 34

SYN -> Establishes a “Session” between two computers over a network. The first SYN is from the initiator to the desired target, and includes a “Syn” number to reference in future conversations. The Syn/Ack is from the target machine symbolizing that it is ready to establish a connection and is holding a session open. This returns the target’s intended Syn number, and Ack’s the sender’s Syn number (+1), the Ack/Syn is from the initiator, acknowledging the target’s Syn number (+1) and repeating it’s own Syn number for reference. Once completed, the “session” will be maintained until the transmission is completed. (See SYN Attack)

Question 35

DOS Attack

Answer 35

Denial of Service Attacks aim to disrupt the availability of services or to distract a station while an intruder hyjacks a session

Question 36

SYN Flood / SYN Attack

Answer 36

DOS attack exploiting the TCP 3-way handshake. A multitude of SYN requests are sent to the target. The target responds with a SYN/ACK and waits for a default period for an ACK. The attacker will never reply so the target may use up all it available connections.

Question 37

DDOS Attack

Answer 37

Distributed Denial of Service attacks rely on using multiple computers to conduct DOS attacks. A Smurf attack is a classical example of a DDoS, but not often used, now. Modern DDoS attacks are carried out by “BOT-Herders” using hundreds or even thousands of hijacked mom-and-pop PCs

Question 38

Backdoor/Trap Door

Answer 38

NOT Synonymous terms. A backdoor is typically a program, such as BackOrifice, that opens and holds a dynamic port number open while the intruder uses that port number to “respond” to the backdoor program. A trapdoor is code segements that were deliberatedly coded into the security or OS, to be used by the coder at a future date. Modern hyjacking methods sometimes allow intruders to “patch” a trapdoor, then return later to exploit it.

Question 39

Root kit

Answer 39

A dangerous, but hard to invoke attack. It is NOT viral, it requires someone with “root” permissions (Administrators, in Windows), to install it. Once installed, it is virtually undetectable, because it hides itself in the OS that is trying to detect it. Typically, it requires that the computer be booted from a CD or other OS source, to detect and remove it. Root kits, once installed have full system permissions, and controls the OS of the host. Root kits are typically stealthy, and do nothing to alarm the host system of its presence.

Question 40

Sniffing

Answer 40

In Data security, sniffing is employed by the attacker and by the defender. Sniffers are specially configured computers which set their NIC cards to Promiscuous mode, then listen-in on all of the traffic on the network. Most sniffers have filters and traps to watch for key strings before beginning a capture; most also have the capability of translating the machine language of the network into human-readable form, and interpret it. In a fully-switched network, sniffers do not work, because the nature of the switch is to avoid passing packets out on ports that are not being addresses.

Question 41

Spoofing

Answer 41

Making data look like it’s coming from a different source than it is.

Question 42

Smurf Attack

Answer 42

DOS attack where the attacker sends ICMP echo requests to the broadcast address of a network with the From address spoofed to be the IP address of the target.

Question 43

Man-in-the-Middle Attack

Answer 43

An attack in which the attacker will intercept communications between two parties and, sometimes, modify the messages between them

Question 44

Replay Attack

Answer 44

Attackers “record” portions of conversations (eg authentication sequences) and then replay them at a later time

Question 45

Brute-force attack

Answer 45

A method of finding a cryptographic or other key by systematically trying all possible combinations of keys

Question 46

Indirect attack

Answer 46

A method of breaking a cryptographic or other system by attacking the implementation of the system/algorithm rather than the system itself (ie using a weakness in a key exchange to find a key rather than using a brute-force attack)

Question 47

Dictionary attack

Answer 47

A method of finding a key by trying many commonly used or probable keys (ie guessing a password using all the words in an English dictionary)

Question 48

Birthday Attack

Answer 48

A brute force attack that takes advantage of the Birthday Paradox to simplify the attack.

Question 49

Birthday Paradox

Answer 49

Tradition thinking about cryptographics assumes the complexity for a purely random population - and the numbers are overwhelming. The “Birthday Problem” or “Birthday Paradox,” however, points out that just a a population people does not have purely random outcomes equal to the population, but rather, in a room with 23 people, there is a better than 50-50 chance that there are two people who have the same birthday (NOT random population). As the number of people in the room increases, the “randomness” DECREASES, until at about 57 people, the probability of the same birthday approaches 99%, In the same way, the English (French,,,,) language is NOT PURELY RANDOM. The non-randomness of the “population” (language, number system, …) makes the brute force cryptographic attack far less of an obstacle.

Question 50

Buffer overflow exploit

Answer 50

Programmers must set aside space for users’ input, then process that input. Since your 8GB of memory is one, long string, programmers “create” an empty space, ask for input, stuff the input into the “empty” space, and then “JUMP” to the next memory cell past the previously empty buffer space to read and process the user input. Exploiters look for lazy or uninformed programmers who do not TEST the user’s input before stuffing it into the empty buffer. If the exploiter can find the right place, they can craft an input that is LONGER then the programmer intended. The programmer unwittingly stuffs it into the buffer (space) and overflows the buffer over his own code. When the program executes the JUMP, it begins executing the EXPLOIT CODE.

Question 51

Virus

Answer 51

Malicious software that self-replicates by copying itself to other executable files. A virus, unlike a WORM, must have a host file and a willing user to execute the host file.

Question 52

Trojan

Answer 52

Malicious software that masquerades as useful software. Trojans rely on the end-user to run them.

Question 53

Logic-bomb

Answer 53

Malicious software installed by an authorized user that is designed to drop it’s payload at a designated time or after a set of conditions ha been met

Question 54

Worm

Answer 54

Malicious, self-replicating software that runs stand-alone/without the need for a host file or a willing user to propogate it.

Question 55

Social Engineering

Answer 55

Con-artistry. An indirect attack on a system that relies on the inherent trusting nature, or gullibility of human beings.

Question 56

War-driving

Answer 56

Listening for the presence of wireless networks while driving

Question 57

Telnet

Answer 57

Standard, insecure TCP/IP remote terminal session protocol

Question 58

Telnet Standard Port #

Answer 58

23

Question 59

SSH

Answer 59

Secure Shell - developed by the xNIX world to replace Telnet, which was their main means of remote management. SSH is functionally a secure version of Telnet.

Question 60

SSH Standard Port #

Answer 60

22

Question 61

Tunneling

Answer 61

The encapsulation of one packet in another, The inner packet is often encrypted and could not be forwarded by standard routers. The outer packet looks like a standard packet which can be handled by typical routers. Encapsulation can allow you to obfuscate communications or to change the network transport method. The contents of the data traveling within a tunnel only needs to be understood by the tunnel end-points

Question 62

PPTP

Answer 62

Point-to-Point Tunneling Protocol. As the name implies, appears to operate in the Data Link (Layer 2), but the protocol functionally operates in the Session (Layer 5)

Question 63

PPP

Answer 63

Point-to-Point Protocol - is to data transmission, what DHCP is to host configuration. It is the foundation for ALL modern transmission methiods. (PPtP, l2tP). PPP was developed for serial communications (Modem, X.25, and ISDN), but its decendents are everywhere present in network communications.

Question 64

GRE

Answer 64

Generic Routing Encapsulation(GRE). GRE is an IP Prototcol, which can encapsulate, encapsulate IPSEC tunnels, or be encryped by IPSEC (GRE over IPSEC –AND– IPSEC over GRE). It is NOT used in an L2TP/IPSEC VPN (it is often found used with PPTP Tunneling). GRE is often referred to as GRE protocol 47 - this does NOT refer to PORT 47. Firewall passthrough is automatically enabled when PPTP passthrough is enabled. PPTP works by sending a regular PPP session to the peer with the Generic Routing Encapsulation (GRE) protocol. A second session on TCP port 1723 is used to initiate and manage the GRE session.

Question 65

PSTN

Answer 65

Public switched telephone network = POTS

Question 66

POTS

Answer 66

Plain Old Telephone Service = PSTN

Question 67

L2TP

Answer 67

Layer 2 Tunneling Protocol (Current version L2TP V3). ACTS LIKE a layer 2 (the test calls it layer 2 or DataLink), but is actually a Layer 4 session layer. It always uses UDP packets to send the Payload and L2TP header, with PPP packets enclosed. L2TP authenticates the USER, but has no encryption. Typically IPSEC is used within the L2TP, to encrypt. IPSEC authenticates the HARDWARE. Therefore L2TP over IPSEC authenticates BOTH user and hardware. Requires UDP port 1701. ANY PROTOCOL, and even “private” IP addresses can be carried inside the tunnel.

Question 68

L2TP Control Port #

Answer 68

UDP 1701

Question 69

PPTP Port Number

Answer 69

TCP 1723. Do NOT open UDP port 1723!

Question 70

802.16

Answer 70

Wireless MANs, typically called “WiMAX”, is a family of protocols. 10-16 GHz line-of-sight band. 802.16a is 2-11 GHz band, and non-line-of-sight. Current version is 802.16e, which uses scalable OFDMA (orthogonal frequency division multiple access) in the 1.25 MHz to 20 MHz (note MHz, not GHz - this removes most line-of-sight requirements)

Question 71

WEP

Answer 71

Wired Equivalent Privacy - fails. WEP can be cracked by modern equipment in minutes. Superceeded by WPA and WPA2. It is still being used widely (probably obsolete equipment or ease of implementation). Sometimes referred to as Wireless Encryption Protocol. Uses 40 or 128bit RC4 stream cipher with Static shared secret, variable initialization vector.

Question 72

40 or 128bit RC4 stream cipher

Answer 72

The most widely used stream cipher, used in SSL and WEP. Also used in WPA for wireless cards and TLS. Simple and fast - but very easy to crack. By Ron Rivest or RSA security. There are also RC2, RC5, And RC6 versions by Ron. RC4 uses 2 parts, Permutation and 2-8bit index pointers. The Permutation uses a random keylength from 40 to 256 bits.

Question 73

VPN

Answer 73

Virtual Private Network- an encrypted tunnel between two nodes over a public network.

Question 74

IPSec

Answer 74

IETF Intenet Protocol Security - Actually a suite of protocols, which encrypts each IP packet (ESP), signs each packet header (AH), or BOTH. Operates in a “shim” at the bottom of layer 3, after all ARP and IP/UDP packetization is completed (and before DataLink layer framing). This provides transparent protection for otherwise unprotectable protocols (Telnet, FTP, Printer packets). Uses an IPSEC Policy to selectively determine which protocols are to be “IPSECed” and which ones pass through without IPSEC. Can provide data confidentiality, data integrity, and (machine) authentication between systems. Initial session keys (SA - Security Association) are pre-negotiated with IKE (UDP Port 500). IKE use the Diffie-Hellman Key Exchange and is a partner protocol to Oakley. IPsec has two defined methods?transport and tunneling?and these two methods provide different levels of security.IPsec also has three modes of connection: host to server, server to server, and host to host.

Question 75

IPSec Transport Method

Answer 75

IPSEC has two modes, ONE of which is defined while creating the IPSEC policy. In the default mode “This policy does not define endpoints,” IPSEC can be multi-point-to-multi-point, giving unrestricted access to hardware with appropriate IPSEC Policies. If you add endpoint IP addresses, IPSEC will be in “Tunnel Mode.” In Tunnel mode, only the endpoints can communicate. This is typically used for router-to-router. In Transport mode, IPSEC is said to be “secure end-to-end.” In tunnel mode, the link from the host to the router is not secured (unless a second IPSEC is defined to include the host) and IPSEC is said to be NOT end-to-end secure.

Question 76

IPSec Tunneling Mode

Answer 76

IPSEC has two modes, ONE of which is defined while creating the IPSEC policy. In the default mode “This policy does not define endpoints,” IPSEC can be multi-point-to-multi-point, giving unrestricted access to hardware with appropriate IPSEC Policies. If you add endpoint IP addresses, IPSEC will be in “Tunnel Mode.” In Tunnel mode, only the endpoints can communicate. This is typically used for router-to-router. In Transport mode, IPSEC is said to be “secure end-to-end.” In tunnel mode, the link from the host to the router is not secured (unless a second IPSEC is defined to include the host) and IPSEC is said to be NOT end-to-end secure.

Question 77

Content protection

Answer 77

Obfuscation of the data within a conversation “protected movie dvd”

Question 78

Context protection

Answer 78

Obfuscation of the identity of the sender and receiver of data

Question 79

Diffie-Hellman Key Exchange

Answer 79

D-H The D-H is a method where two strange computers can agree on a secure password, over a non-secure network, which can subsequently be used for IPSEC encryption. It is the first step of a secure conversation. Because the D-H keys are changed with each conversation (or even with each packet), brute force attacks are not effective. The main vulnerability is if the seed is not complex enough and/or if the “random number” generator is not random (none are), and the attacker can guess the next random number. If a shared-secret is used for the key, it is also vulnerable to a man-in-the-middle attack, because there is no authentication (at this time). Use of password seeds and/or certificates for seeds can minimize the man-in-the-middle vulnerability.

Question 80

Authentication Header (AH)

Answer 80

IPsec uses two protocols to provide traffic security.when added to an IP datagram, ensures the integrity of the data and also the authenticity of the data?s origin. By protecting the non-changing elements in the IPheader,the AH protects the IPaddress,which enables data-origin authentication

Question 81

Encapsulating Security Payload (ESP)

Answer 81

IPsec uses two protocols to provide traffic security.when added to an IP datagram, ensures the integrity of the data and also the authenticity of the data?s origin. By protecting the non-changing elements in the IPheader,the AH protects the IPaddress,which enables data-origin authentication

Question 82

Internet Security Association and Key Management Protocol (ISAKMP)

Answer 82

For key management and exchange, three protocols exist: ? Internet Security Association and Key Management Protocol (ISAKMP) ? Oakley ? Secure Key Exchange Mechanism for Internet (SKEMI). These key management protocols can be collectively referred to as Internet Key Manage-ment Protocol (IKMP) or Internet Key Exchange (IKE).

Question 83

Secure Key Exchange Mechanism for Internet (SKEMI) or (SKEME) or (TLS-KEM)

Answer 83

For key management and exchange, SKEME is an alternative key exchange mechanism to Oakley. SKEME is faster and less secure than Oakley. (Trades off security for performance)

Question 84

IEEE 802.1x

Answer 84

802.1x is NOT and abbreviation for other 802.11 etc protocols. It is, instead, an add-on security mechanism. 1x is typically used with wireless, because of the extreme security shortcomings of all of the other wireless security methods. 1x can, however, be implemented in wired networks. In a nutshell, 1x turns the wireless network into a VPN. All traditional wireless security protocols leave the hardware-only authentication up to the access point - 1x limits the access point to a “way-station” In addition, authentication in 1x is about people security, and is left up to the domain security mechanism. 1x redefines the client as a “supplicant,” the access point as an “authenticator,” and a RADIUS or IAS server as the “Authentication Server.” From there, authentication follows the same procedures as a VPN with a RADIUS server. The access point’s role in this is to filter packets through the port, as long as it is “unauthorized” and remove the filter when authorized by the RADIUS server.

Question 85

RADIUS

Answer 85

Remote Authentication Dial-In User Service. Although RADIUS (and IAS in Microsoft) now supports any kind of network connecton, the name reflects when it was invented. RADIUS has may roles, from managing RAS dial-up clients, via RADIUS policies, to providing internal and external authentication services for VPN access, and now for 802.1x. RADIUS does not authenticate - it handles relaying the authentication requests to the authenticating domain controller.

Question 86

AAA or AAAA

Answer 86

Authentication, Authorization, and Accounting (Sometimes combined with Auditing - AAAA). The three legs of security. The first step is Authentication, then determine if Authorization is granted, then account for all access and/or attempted access.

Question 87

Authentication

Answer 87

Establish the digital identity the client (in “mutual Authenticaton,” establishes the identity of the sevice to the client)

Question 88

Authorization

Answer 88

Grant specific types of privileges or permissions of an authenticated entity to specific resource

Question 89

Accounting

Answer 89

Track the use of network resources by authenticated users

Question 90

DIAMETER

Answer 90

DIAMETER is a proposed name for the new AAA protocol suite (A play on words - 2xRADIUS=DIAMETER. Diameter is the upgrade path for RADIUS. It is not “backward compatible”, but it provides an upgrade path. Adds TCP, STCP, IPSEC, and TLS to the access protocols (vs UDP-only). Has many other upgrades.

Question 91

TACACS+

Answer 91

Terminal Access Controller Access-Control System - Another AAA mechanism, which has been developed to replace RADIUS. Uses TCP port 49 (instead of UDP) and actually contains 3 protocols that can exist on different servers. Cisco and Apple are big on TACACS+

Question 92

Port 49

Answer 92

TCP Port 49 is used for TACACS+

Question 93

RADIUS ports

Answer 93

Microsoft: UDP 1812 for authentication, 1813 for accounting; IANA/Cisco: UDP 1645 for authentication and 1646 for accounting. Most Radius servers monitor all of these

Question 94

Port 1812

Answer 94

Microsoft: UDP 1812 for authentication, 1813 for accounting; IANA/Cisco: UDP 1645 for authentication and 1646 for accounting. Most Radius servers monitor all of these

Question 95

Port 1813

Answer 95

Microsoft: UDP 1812 for authentication, 1813 for accounting; IANA/Cisco: UDP 1645 for authentication and 1646 for accounting. Most Radius servers monitor all of these

Question 96

Port 1645

Answer 96

Microsoft: UDP 1812 for authentication, 1813 for accounting; IANA/Cisco: UDP 1645 for authentication and 1646 for accounting. Most Radius servers monitor all of these

Question 97

Port 1646

Answer 97

Microsoft: UDP 1812 for authentication, 1813 for accounting; IANA/Cisco: UDP 1645 for authentication and 1646 for accounting. Most Radius servers monitor all of these

Question 98

Kerberos Port #

Answer 98

Current version V5; TCP 88 is “assumed” to be Kerberos, and is therefore exempt from all IPSEC. Port 88 is for the KDC, but port 749 must also be opened for the admin server. KDC runs on EVERY DC.

Question 99

MIT Kerberos Maximum Time Delta

Answer 99

10 minutes

Question 100

Microsoft Kerberos Maximum Time Delta

Answer 100

5 minutes

Question 101

monkey-in-the-middle

Answer 101

Another term for “Man-in-the-middle”

Question 102

snoop

Answer 102

solaris built in sniffer

Question 103

tcpdump

Answer 103

unix built in sniffer

Question 104

nessus

Answer 104

Tenable Network Security Vulnerability Scanner. Free, with a 7-day delay on vulnerability scripts, which are released almost daily. Cand be immediately available and downloaded for a fee. Checks for remote cracker; open mail relays; missing patches; default, blank, dictionaly or weak passwords; DoS against the TCP/IP stack and by using mangled packets; port scans, and various attacks on scanned ports.

Question 105

wireshark

Answer 105

Free network sniffer (formerly ethereal, just renamed because or a copyright suite). Very similar to Unix TCPDUMP

Question 106

2 Roles of KDC

Answer 106

The KDC (Key Distribution Center) performs: (1) AS - Authentication Server (2) TGS - Ticket Granting Server

Question 107

Ticket Granting Ticket (TGT)

Answer 107

Cached Authentication Credential from TGS allows client to request Session Ticket

Question 108

Session Ticket

Answer 108

Authentication Credential from KDC allows client access to resource server

Question 109

EAP

Answer 109

EAP (not, itself, a protocol, but rather the hooks and handles for deploying extended authenication methods), defined by RFC 3748, is an authentication framework providing a functionality for a variety of authentication mechanisms. It does not provide encryption itself, but rather the ability to utilize several encryption methods within an authentication construct.

Question 110

EAP-TLS

Answer 110

EAP-TLS is considered a very secure form of authentication as it employs the security of TLS, which is the successor to SSL, and makes use of both server-side and client-side certificates. Although considered very secure (especially when client-side certificates are stored on devices like Smart Cards), the overhead of this form of authentication keeps it from being a more frequently implemented solution.

Question 111

EAP-TTLS

Answer 111

EAP-TTLS (Tunneled Transport Layer Security) also provides very good security utilizing Public Key Infrastructure (PKI) certificates on the authentication server only to create a tunnel between the client and the server.

Question 112

PEAP

Answer 112

PEAP is the result of a joint development effort from Microsoft, Cisco Systems, and RSA Security. Like EAP-TTLS, it provides security via server-side PKI certificates. There are at least two sub-types of PEAP certified for the WPA and WPA2 standard: PEAPv0/EAP-MSCHAPv2 (Microsoft Challenge Handshake Authentication Protocol) and PEAPv1/EAP-GTC (Generated Token Card)

Question 113

TLS

Answer 113

Transport Layer Security. new version of ssl

Question 114

supplicant

Answer 114

IEEE 802.1x standard to help authenticate and secure both wireless and wired LANs..802.1x uses three terms that you need to know. The user or client that wants to be authenticated is called a supplicant. The actual server doing the authentication, typically a RADIUS server, is called the authentication server. And the device in between, such as a wireless access point, is called the authenticator. the authenticator can be simple and dumb - all of the brains have to be in the supplicant and the authentication server. The protocol in 802.1x is called EAP encapsulation over LANs (EAPOL).

Question 115

authenticator

Answer 115

IEEE 802.1x standard to help authenticate and secure both wireless and wired LANs..802.1x uses three terms that you need to know. The user or client that wants to be authenticated is called a supplicant. The actual server doing the authentication, typically a RADIUS server, is called the authentication server. And the device in between, such as a wireless access point, is called the authenticator. the authenticator can be simple and dumb - all of the brains have to be in the supplicant and the authentication server. The protocol in 802.1x is called EAP encapsulation over LANs (EAPOL).

Question 116

LEAP

Answer 116

Cisco’s “Lightweight EAP” utilized in 802.1x. It is much less secure than EAP-TLS and PEAP (Protected EAP). EAP-TLS is strong, but requires a certificate on the client (supplicant), PEAP is strong, but requires only a certificate on the authentication server. It uses MS-Chap V2 over a TLS tunnel to protect the initial contact by the supplicant. After the initial connection, the authentication server deposits a certificate cookie on the supplicant.

Question 117

EAP over IP (EAPoIP)

Answer 117

EAP is, itstelf simply an enhanced methodology fo establishing Authentication (The A). It can be carried over numerous protocols, but it is typically carried over TLS or PPP. EAPoIP is still in the draft stages, but defines an authentication protocol which is carried over raw IP (V4 or V6) using UDP by preference, but TCP is ok also. EAPoIP makes initial authentication less complicated, but it must be strongly protected by an outside mechanism such as IPSEC AH and ESP.

Question 118

EAP-MD5-CHAP

Answer 118

Extensible Authentication Protocol, using Message Digest Algorithm/Challenge-Handshake Authentication Protocol to authenticate (MD5 is essentially the same as CHAP)

Question 119

stream cipher

Answer 119

A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream. (As opposed to “Block Cipher” for most cipher systems.) Stream cipher is typically very fast, with little system impact - but it is highly suscpetable to cracking, because of the pseudo-random key (not truly random). Only one stream cypher, One Time Pad (OTP) has been certified for secure encryption, but it is a very heavy burden on the system, and defeats the purpose of the stream cipher.

Question 120

Carrier Protocol

Answer 120

RE:TUNNELING The protocol used by the network (IP on the Internet) that the information is traveling over

Question 121

Encapsulating Protocol

Answer 121

RE: TUNNELING This term includes both the tunneling protocol (PPTP,L2TP) and the encrypting protocol (IPSec,Secure Shell [SSH]) that is wrapped around the original data

Question 122

Passenger Protocol

Answer 122

RE: TUNNELING The original data being carried

Question 123

3 protocols required for tunneling

Answer 123

(1) Carrier Protocol (2) Encapsulating Protocol (3) Passenger Protocol

Question 124

2 types of VPNs

Answer 124

site-to-site and remote access. Site to site goes from one IP address to another. Remote access can connect multiple IP addreses

Question 125

VPDN

Answer 125

virtual private dial-up network

Question 126

POP

Answer 126

Point of Presense. An access point to the internet, can be in the ISP, external to an ISP (sometimes an ISP has thousands of POPs), or leased from a carrier or aggregator.

Question 127

TACACS+ Transport Protocol

Answer 127

TCP

Question 128

RADIUS Transport Protocol

Answer 128

UDP

Question 129

TACACS Transport Protocol

Answer 129

UDP

Question 130

PPTP Transport Protocol

Answer 130

TCP

Question 131

L2TP Transport Protocol

Answer 131

UDP

Question 132

L2TP uses _______ for encrypted tunnels

Answer 132

IPSec

Question 133

PPTP only works over ___ networks

Answer 133

IP

Question 134

IPSec Layer

Answer 134

Network

Question 135

IPSec Mode where only the data(payload) is encrypted

Answer 135

Transport Mode

Question 136

IPSec Mode where data and IP headers are encrypted

Answer 136

Tunnel Mode

Question 137

IKE

Answer 137

Internet Key Exchange is used to authenticate the two ends of a secure tunnel by providing a secure exchange of a shared key before IPSec transmissions begin.

Question 138

HMAC

Answer 138

Hashed Message Authentication Code

Question 139

MIME

Answer 139

Multi-Purpose Internet Mail Extensions

Question 140

S/MIME encryption algorithms

Answer 140

DES, 3DES, RC2

Question 141

PGP

Answer 141

Pretty Good Privacy Asymetric (Public Key Cryptography) encryption and signing system. Uses “web of trust” as opposed to “Hierarchical trust” (based on “certificate authorities”). Supports Encryption, authentication and Integrity. Subject to spoofing.

Question 142

DNSBL

Answer 142

DNS Blackhole List

Question 143

FCrDNS - Forward Confirmed reverse DNS

Answer 143

Verifies that an email’s originating IP address matches the fqdn used in the email’s “from address” by doing a reverse DNS lookup on the IP, a nslookup on the fqdn, and then comparing.

Question 144

zero day

Answer 144

a vulnerability that is not known to the security public and therefore no protections, patches, or detection signatures exist for it

Question 145

ciphertext attack

Answer 145

a vulnerability of all crypto-systems, but mainly PGP and Open-PGP. In this attack, the cryptoanalyst works from the cipher text alone, but is able to gather enough data to infer the rest. Especially weak, if the same cipher or key is used to sign and encrypt the email

Question 146

PGP can fall victim to a _________________ attack,which occurs when a hacker creates a message and sends it to a targeted userid with the expectation that this user will then send the message out to other users.When a targeted user distributes a message to others in an encrypted form,a hacker can listen to the transmitted messages and figure out the key from the newly created ciphertext.

Answer 146

Ciphertext attack

Question 147

Bastion Host

Answer 147

System located in a DMZ or connected to the internet that has been hardened against hackers

Question 148

DNS Zone Transfer

Answer 148

If DNS zone transfer security is not set, an attacker can learn the infrastructure from a DNS zone transfer to a rogue DNS server. This can be accomplished from the command line, using NSLOOKUP | ls -d , which will dump an entire zone transfer. Most DNS managers secure against these.

Question 149

Intranet

Answer 149

Every part of a network that lies on the inside of the last firewall from the Internet

Question 150

proxy server

Answer 150

a server that sits between an intranet and its Internet

Question 151

extranet

Answer 151

Networking zone walled off from the general public, but open to certain authenticated hosts. Access to an extranet does not give access to the intranet.

Question 152

honeypot/net

Answer 152

honeypot is a computer system/network that is deliberately exposed to public access for the express purpose of attracting and distracting attackers.

Question 153

IDEA Key Length

Answer 153

128 bits

Question 154

DES Key Length

Answer 154

56 bits

Question 155

DES Blocksize

Answer 155

64 bits

Question 156

IDEA blocksize

Answer 156

64 bits

Question 157

IDEA Trivia

Answer 157

used in PGP,

Question 158

Skipjack trivia

Answer 158

NSA for clipper and capstone chips, requires key escrow (ie nsa has your secrets)

Question 159

skipjack key length

Answer 159

80 bits

Question 160

skipjack blocksize

Answer 160

64 bits

Question 161

gost trivia

Answer 161

russian,

Question 162

gost key size

Answer 162

256 bits

Question 163

blowfish trivia

Answer 163

designed to be fast on 32bit procs

Question 164

blowfish key length

Answer 164

up to 448 bits

Question 165

RC 5

Answer 165

RSA variable length block-cipher

Question 166

RC 4

Answer 166

RSA variable length stream cipher

Question 167

size of MD5 hash

Answer 167

128 bits

Question 168

SHA 1 Hash Size

Answer 168

160 bits

Question 169

MAC

Answer 169

Message authentication code is a key-dependent one-way hash

Question 170

PGP

Answer 170

freeware electronic-mail security program, originally designed by Philip Zimmermann [1652]. It uses IDEA for data encryption, RSA (with keys up to 2047 bits) for key management and digital

Question 171

LFM

Answer 171

Log File Monitor is an IDS that reads log files to determine if the network is under attack

Question 172

SIV

Answer 172

System Integrity Verifier is an IDS that notifies when essential files have changed

Question 173

KHMAC

Answer 173

Key Hashing for Message Authentication Code is used to digitally sign packets on IPSec connections

Question 174

Number of Rounds for DES

Answer 174

16

Question 175

Number of rounds for 3DES

Answer 175

48

Question 176

L2TP Port

Answer 176

1701

Question 177

Kerberos Port

Answer 177

88

Question 178

802.11 Media Access method

Answer 178

CSMA/CA

Question 179

802.3 Media Access Method

Answer 179

CSMA/CD

Question 180

WEP Low Security key size

Answer 180

nominally 64 bits

Question 181

WEP high security key size

Answer 181

128 bits

Question 182

Bluetooth promiscuous security mode

Answer 182

SM1

Question 183

Bluetooth security modes

Answer 183

SM1(promiscous)

Question 184

Microsoft’s Tunneling Protocol

Answer 184

PPTP

Question 185

AH Port

Answer 185

50

Question 186

ESP Port

Answer 186

51

Question 187

L2TP Packet Header Protocol Field Number

Answer 187

115

Question 188

TCP Packet Header Protocol Field Number

Answer 188

6

Question 189

UDP

Answer 189

17

Question 190

ICMP

Answer 190

1

Question 191

IGMP

Answer 191

2

Question 192

SMIME RFC #s

Answer 192

2632 , 2634

Question 193

Port 50

Answer 193

IPSEC in ESP (TCP port 50)

Question 194

Port 51

Answer 194

IPSEC in AH (TCP port 51)

Question 195

IPSEC in AH and ESP Ports

Answer 195

TCP 50 for ESP and TCP 51 for AH plus UDP 500 for IKE

Question 196

Port 500

Answer 196

UDP Port 500 IKE (ISAKMP) for IPSEC in VPN Tunnels. Used for Key exchange and sync betweeen endpoints, used for negotiation of the IPSEC Security Association (SA)

Question 197

Port 22

Answer 197

SSH (Secure Shell replaces Telnet)

Question 198

Port 88

Answer 198

Kerberos V5 KDC Listening Port (Client uses random port) May be UDP or TCP (if packet is over 2KB)

Question 199

Port 1701

Answer 199

L2TP UDP/TCP Operates in OSI Layer 2, the Data Link Layer, but is, in fact a Session Layer (layer 4) Protocol.

Question 200

Port 1723

Answer 200

PPTP uses UDP/TCP port 1723

Question 201

IPSEC OSI Layer

Answer 201

IPSEC operates in layer 3 (Network) - actually at the interface between layer 3 and layer 2, where all packetizing is completed.

Question 202

OTP definition

Answer 202

One-time-Pad - considered the MOST difficult symetric (or “private key”) encryption to crack. Each file uses a diffferent random number.

Question 203

AES definition

Answer 203

Advanced Encryption Standard - one of the newest encryption methods, uses Rijndael algorythm 128bit 192 bit and 256 bit are typically used. The U.S. Government specifies AES 192 or 256 for highly sensitive data

Question 204

PaaS

Answer 204

Platform as a service (PaaS) is a cloud computing model that delivers applications over the Internet. In a PaaS model, a cloud provider delivers hardware and software tools – usually those needed for application development – to its users as a service. A PaaS provider hosts the hardware and software on its own infrastructure. As a result, PaaS frees users from having to install in-house hardware and software to develop or run a new application.