Chapter 10 - Securing TCP/IP

Question 1

Any encryption that uses the same key for encryption and decryption is called a ______.

Answer 1

Symetric key.

Question 2

RC4 is a _____ cipher.

Answer 2

Stream.

Question 3

In a PKI method, which key encrypt the data?

Answer 3

The public key.

Question 4

The process of verifying with a high degree of certitude that the sender is who the receiver thinks he or she would be.

Answer 4

Nonrepudiation.

Question 5

A hash function is by definition a _______.

Answer 5

one-way function.

Question 6

In order to have a PKI you must have a ______.

Answer 6

Root authority.

Question 7

Which type of access contol requires a label to define its sensitivity? MAC, DAC or RBAC.

Answer 7

MAC.

Question 8

If you saw traffic runinng on UDP port 1812 and 1813, what AAAA standard would you know was running?

Answer 8

RADIUS.

Question 9

Which authentication standard is highly time sensitive?

Answer 9

Kerberos.

Question 10

What are the 5 area of security?

Answer 10

Encryption, integrity, nonrepudiation, authentication, authorization.

Question 11

Name some symetric block cypher.

Answer 11

AES (Advanced Encryption Standard), DES (Data Encryption Standard), 3DES, Blowfish, IDEA (Internation Data Encryption Algorithm).

Question 12

Name a stream cipher.

Answer 12

RC4 (Rivest Cipher 4).

Question 13

Name some hash funtions.

Answer 13

MDA5 (Message Digest Algorythm), SHA-1 (Secure Hash Algorythm), SHA-2, SHA-3.

Question 14

What is a digital signature?

Answer 14

A hash of the public key encrypted by the private key.

Question 15

What is a PKI?

Answer 15

A PKI is a Public Key Infrastructure. When you try to connect to a service, it sends you a digital certificate (that contains the digital signature of the CA and the public key of the server). You verify this certificate with the root and process with the connection.

Question 16

What are the for type of autorisation mechanism?

Answer 16

ACL (Access Control List).
MAC (Mandatory Access Control).
DAC( Disretionnary Access Control).
RBAC (Role Base Access Control).

Question 17

What is PAP?

Answer 17

Password Authentication Protocol. Transmit the password and username over the connection in plain text.

Question 18

What is CHAP?

Answer 18

Challenge Handshake Authentication Protocol. It uses a shared secret (usually the password) and hash it prior to sending it over the network. Both devices must know the shared secret prior in order for CHAP to work. MS-CHAP is the updated version of CHAP.

Question 19

What is AAA?

Answer 19

Authentication, Autirixation and Accounting.

Question 20

What is RADIUS?

Answer 20

Remote Authentication Dial-In User Service. It’s a AAA standard. A RADIUS server supports multiple NAS that can each support multiple connections.

Question 21

What is TACACS+?

Answer 21

Terminal Access Controller Access Control System Plus. It’s a AAA standard. It’s used by Cisco router and Switches for remote connection.

Question 22

What is Kerberos?

Answer 22

Kerberos is a AAA standard that is not linked to PPP. It requires a KDC (Key Distribution Center) that does 2 jobs : AS (Authentication Server) and TGS (Ticket Granting Server). When a user first connect, it send a hash of it’s username and passwork to the AS. If it matches, the AS sends the client a TGT (Ticket Granting Ticket) and a Time Stamp. The TGT is sent to the TGS that gives access to the ressources via a token. The token has a limited life span.

Question 23

What is a KDC?

Answer 23

Key Distribution Center.

Question 24

What is a AS?

Answer 24

Authorisation Server.

Question 25

What is a TGS?

Answer 25

Ticket granting server.

Question 26

What is SSH?

Answer 26

Secure Shell. It is a way to securely connect to a computer. Can also be used to create VPN and tunnels. It uses RSA to exchange PKI. It create a session ID to encrypt the communication using AES.

Question 27

What is SSL?

Answer 27

Secure Socket Layer. An application level encyption scheme that works with older applications. TLS (Transport Layer Security) is the upgrade of SSL.

Question 28

What is IPsec?

Answer 28

The only Internet layer encryption protocol. Widspread with IPv6, it can also be used with IPv4 for transport and tunnel mode.

Question 29

What is SNMP?

Answer 29

Secure Network Management Protocol. Collect data from MIP (Management Information base) enabled devices.

Question 30

What is HTTPS?

Answer 30

Hyper Textr Transfer Protocol Serure.

Question 31

What is LDAP?

Answer 31

Lightweight Directory Access Protocol. Used to exchange and update database. Heavely used by AD.