Chapter 13 Flashcards
(35 cards)
The first line of defense is something called_________ which broadly refers to ways to let people securely access your resources. p432
security filtering
Typically reside on routers to determine which devices are allowed to access them based on the requesting device’s Internet Protocol (IP) address. p432
Access Control Lists (ACL)
When configuring ACLs between the Internet and your private network to mitigate security problems, it’s a good idea to include these four conditions: p433
Deny any addresses from your internal networks.
Deny any local host addresses (127.0.0.0/8).
Deny any reserved private addresses.
Deny any addresses in the IP multicast address range (224.0.0.0/4)
The first is a concept which basically means encapsulating one protocol within another to ensure that a transmission is secure is called. p434
tunneling
The lion’s share of us use IP, known as a_________ which can be encapsulated within a _________like Internet Protocol Security (IPSec); if you took a look at these packets individually, you would see that they’re encrypted. p434
payload protocol
delivery protocol
What is a Virtual Private Network (VPN). p435
reason we use a VPN is so that our host will traverse an insecure network (Internet) and become local to the remote network.
What are the three types of VPNs p436
Remote access VPNs
Site-to-site VPNs
Extranet VPNs
This security protocol was developed by Netscape to work with its browser. p436
Secure Sockets Layer (SSL)
SSL was merged with other Transport layer security protocols to form a new protocol called p436
Transport Layer Security (TLS)
What is SSL VPN p437
is really the process of using SSL to create a Virtual Private Network (VPN). A VPN is a secured connection between two systems that would otherwise have to connect to each other through a non-secured network.
What is L2TP p437
Layer 2 Tunneling Protocol (L2TP), which was created by the Internet Engineering Task Force (IETF). It comes in handy for supporting non-TCP/ IP protocols in VPNs over the Internet.
What is Point to Point Tunneling Protocol (PPTP) p437-38
PPTP is a VPN protocol that runs over port 1723 and allows encryption to be done at the Application (data) level.
PPTP acts by combining an unsecured Point to Point Protocol (PPP) session with a secured session using the what? p438
Generic Routing Encapsulation (GRE) protocol
GRE tunnels have the following characteristics. p439
Uses a protocol-type field in the GRE header so any layer 3 protocol can be used through the tunnel
Stateless and has no flow control
Offers no security
Creates additional overhead for tunneled packets at least 24 bytes
What is IPSec p439
IP Security (IPSec) was designed by the IETF for providing authentication and encryption over the Internet. It works at the Network layer of the OSI model (Layer 3) and secures all applications that operate in the layers above it.
What are the two major protocols working in IPSec. p439
Authentication Header (AH) Encapsulating Security Payload (ESP)
The AH protocol within IPSec is compatible with networks running Network Address Translation (NAT). T/F p439
False
This protocol real value is it’s ability to provide a framework for safely transferring key and authentication data independent of the key generation technique encryption algorithm and authentication mechanism. p440
(ISAKMP) Internet Security Association and Key Management Protocol
Contains information required to execute security services such as header authentication and payload encapsulation. p440
(SA) Security Association
Encryption works by running the data through a special encryption formula called what?p441
Key
IBM came up with a most widely used standard called what? p442
Data Encryption Standard (DES)
This standard encrypts three times and it allows us to use one,two or three separate keys. p442
Triple Data Encryption Standard (3DES or TDES)
Three-key TDES has a key length of 168 bits (56 times 3) but due to a complex type of attack known as? p442
meet-in-the-middle
NIST stands for what? p442
National Institute of Standards and Technology (NIST)
