Chapter 11: Securing TCP/IP Flashcards Preview

Network+ > Chapter 11: Securing TCP/IP > Flashcards

Flashcards in Chapter 11: Securing TCP/IP Deck (63):
1

Plaintext/Cleartext

Data that is in an easily read or viewed format

2

Symmetric-Key Algorithm

Any encryption method that uses the same key for both encryption and decryption.

3

Assymetric-Key Algorithm

Any encryption method that uses different keys for encryption and decryption.

4

Block Cipher

-An encryption algorithm in which data is encrypted in "chunks" of a certain length at a time.
-Popular in wired networks

5

Stream Cipher

An encryption method that encrypts a single bit at a time.

6

Rivest Cipher 4 (RC4)

Was the dominant stream cipher for a time, but now is not.

7

Advanced Encryption Standard (AES)

A block cipher that uses a 128-bit block size and 128, 192, or 256 bit key size.

8

What is the most popular form of email encryption?

Public-Key Cryptography

9

Rivest Shamir Adleman (RSA)

An improved asymmetric cryptography algorithm that enables secure digital signatures.

10

IPsec

The Network layer encryption protocol.

11

Integrity

The process that guarantees that the data received is the same as originally sent.

12

Secure Hash Algorithm (SHA)

The primary family of cryptographic hash functions.

13

Two unsafe algorithms

SHA-1 and Message-Digest Algorithm version 5 (MD5)

14

Nonrepudiation

The receiver of info has a very high confidence that the sender of a piece of info truly is who the receiver thinks.

15

Digital Signature

An encrypted hash of a private encryption key that verifies a sender's identity to those who receive encrypted data or messages.

16

Certificate

A standardized type of digital signature that includes the digital signature of a third party (like GoDaddy) that guarantees that who is passing out this certificate truly is who they say they are.

17

Public-Key Infrastructure (PKI)

The system for creating and distributing digital certificates using sites like GoDaddy, VeriSign, etc.

18

Authentication

The process of positively identifying users trying to access data.

19

Authorization

Defines what an authenticated user can do with data.

20

Network Access Control (NAC)

Control over information, people, access, machines, and everything in between

21

Access Control List (ACL)

A clearly defined list of permissions that specifies what an authenticated user may perform on a shared resource

22

Mandatory Access Control (MAC)

Authorization method in which every resource is assigned a label that defines its security level.

23

Discretionary Access Control (DAC)

Authorization method based on the idea that there is an owner of a resource who may at his or her discretion assign access to that resource.

24

Role-Based Access Control (RBAC)

Authorization method that defines a user's access to a resource based on the roles the user plays in the network environment.

25

Point-to-Point Protocol (PPP)

Enables two point-to-point devices to connect, authenticate, and negotiate the network protocol the two devices will use.

26

The 5 Distinct Phases to a PPP Connection

1) Link Dead: No link yet.
2) Link Establishment: Link Control Protocol (LCP) communicates with the LCP on the other side of the PPP link.
3) Authentication: Username/Password
4) Network layer protocol: LCP uses a protocol called Network Control Protocol (NCP) to make proper connections
5) Termination

27

In a point-to-point connection, the side asking for the connection is the _______ and the other side is the ________.

Initiator, Authenticator

28

Password Authentication Protocol (PAP)

The oldest and most basic form of authentication.
Sends the passwords in cleartext!!

29

Challenge Handshake Authentication Protocol (CHAP)

A remote access authentication protocol that has the serving system challenge the remote client, which must provide an encrypted password.

30

MSCHAP

The most common authentication method for dial up.

31

Authentication, Authorization, and Accounting (AAA)

A security philosophy based upon the three words it is named with, ya know?

32

Remote Authentication Dial-In User Service (RADIUS)

-An AAA standard created to support ISP's with hundreds or thousands of modems in hundreds of computers to connect to a single central database.
-Either UDP 1812/1813 or UDP 1645/1646

33

3 Devices of RADIUS

1) Radius Server that has access to usernames/passwords
2) Network Access Servers (NAS) that control the modems
3) A group of systems that dial into the network.

34

What is the Microsoft RADIUS server?

Internet Authentication Service (IAS)

35

What is the Linux RADIUS server?

FreeRADIUS

36

Terminal Access Controller Access Control System Plus (TACACS+)

-A protocol developed by Cisco to support AAA in a network with many routers and switches.
-TCP port 49
-Similar to RADIUS, but separates authorization, authentication and accounting.

37

Kerberos

An authentication standard designed to allow different operating systems and applications to authenticate each other.

38

Key Distribution Center (KDC)

System for granting authentication in Kerberos.

39

Two processes of KDC

1) Authentication Server (AS)
2) Ticket Granting Service (TGS)

40

In Windows, the security token is called a __________.

Security Identifier (SID)

41

EAP-PSK

-Most popular form of authentication in wireless networks.
-Uses a shared secret code (password or whatever) stored on the WAP and the clients

42

EAP-TLS

-A protocol that defines the use of a RADIUS server as well as mutual authentication, requiring certificates on both the server and every client.
-Only used on wireless networks

43

EAP-TTLS

A protocol similar to EAP-TTLS, but only uses a single server-side certificate.

44

LEAP

Proprietary EAP used almost exclusively by Cisco wireless products.

45

802.1X

-A port-authentication network access control mechanism for networks.
-Uses EAP

46

Tunnel

-An encrypted link between two programs on two separate computers
-SSH creates encrypted tunnels

47

SSL vs. TLS

SSL is limited to a few applications, whereas TLS is not limited (for the most part)

48

IPsec

An authentication and encryption protocol suite that works at the Internet/Network layer

49

Transport Mode of IPsec

Only the actual payload of the IP packet is encrypted, and the IP header info is readable.

50

Payload

The primary data that is sent from a source network device to a destination network device.

51

Tunnel Mode of IPsec

Entire IP packet is encrypted and encapsulated into another packet.

52

Authentication Header (AH)

IPsec protocol for authentication

53

Encapsulating Security Payload (ESP)

IPsec protocol involved in authentication and encryption

54

Internet Security Association and Key Management Protocol (ISAKMP)

IPsec protocol used for establishing security associations that define things like the protocol used for exchanging keys.

55

Two widely used key exchanging protocols

Internet Key Exchange (IKE) and Kerberized Internet Negotiation of Keys (KINK)

56

Secure Copy Protocol (SCP)

One of the first protocols used to transfer data securely between two hosts.

57

Secure FTP (SFTP)

Designed as a replacement for FTP after SCP was discovered to suck.

58

OpenSSH

A series of secure programs developed to fix SSH's limitation of only being able to handle one session per tunnel.

59

Simple Network Management Protocol (SNMP)

-A set of standards for communication with network devices in order to manage them.
-UDP port 161

60

Management Information Base (MIB)

SNMP's version of a server

61

Cacti

An SNMP tool that enables you to query an SNMP-capable device for info.

62

Lightweight Directory Access Protocol (LDAP)

-Tool that programs use to query and change a database
-TCP port 389

63

Network Time Protocol (NTP)

-Gives the current time
-UDP port 123