Flashcards in Chapter 13 - Supplement - Sheet1 Deck (49):
Access Control List. Reside on routers to determine which packets are allowed to route through based on requesting device's source or destination IP address
Virtual Private Network. Makes a local host part of a remote network by using an ecrypted connection over a WLAN link
3 catagories of VPNs
Remote-access VPNS, site-to-site VPNs, Extranet VPNs
Remote Access VPNs
Allow remote users to scecurly access corporate network wherever and wheenever they need to.
Site to Site VPNs
AKA intranet VPNs. Allow a company to connect its remote sites to the corporate backbone securely over a public medium like the Internet.
Allow an org's suppliers, partners, and customers to be connected to hte corporate network in a limited way for business-to-business
Secure Sockets Layer. Protocol developed by netscape to encrypt data transmissions
A method used to establish a secure VPN connection
Method for establishing VPNs. Point-topoint tunneling protocol. Developed by Microsoft, Lucent Technologies, 3COM. Not found much anymore.
IP Security. Standard protocol for VPNs today.
TWo protocols within IPSec
AH, ESP. Authentication header and Enxapsulating Security Payload
Two modes of IPSec
Transport Mode, Tunneling Mode
Internet Security Association and Key Management Protocol. Framework for safely transferring key and authentication data
Symmetrical Key Encryption
Sender and receiver have the same key and use it to encrypt and decrypt all meessages.
Data Encryption Standard. Uses symmetrical encryption keys. No longer secure.
Triple Data Encryption Standard. Improvement on DES. Max encryption of just 168 bits of security (or 112 bits security, relatively speaking)
Advanced Encryption Standard. Official encryption standard i nthe US since 2002. Key lengths at 128, 192, or 256 bits.
Public Key Encryption
Uses the Diffie-Hellman algorithm, which uses a public key to encrypt data and a private key to decrypt it. Sender gets receipient's public key and encrypts data using it. Receiver decrypts using its private key.
Two types of encryption
Public Key Encryption, Symmetrical Key Encryption
Two examples of Public Key Encryption
RSA (Rivest, Shamir, and Aldeman) -- The company formed by the MIT professors who created it. And PGP (Pretty Good Privacy)
Six examples of methods to create remote-access connections
RAS, RDP, PPP, PPoE, ICA, SSH
Remote Access Services. Refers to the combination of hardware and software required to make a remote-access connection. Used by Microsoft
Remote Desktop Protocol. Used by Windows users, though other OSes can use it so long as they have an RDP client.
Point-to-point Protocol. Layer 2 protocol that provides authentication, encryption, and compression services to clients logging in remotely. ISPs use this to authenticate clients accessing via modem
Point-to-point protocol over ethernet. Extension of PPP. Encapsulates PPP frames within Ethernet frames.
Independent Computing Architecture. Protocol used bb Citrix Systems to provided communication between servers and clients. Primarily used for Citrix's WinFrame, which allows users to run Windows Applications on a WinFrame server from any OS.
SecureShell. Secure alternative to Telnet.
3 Ways a user can be identified via Single Sign On
Something they know (password), something they are (retinas, fingerprint, facial recognition), something they possess (Smart card)
Common user authentication methods
PKI, Kerberos, AAA, NAC, CHAP, MS-CHAP, EAP
Public Key Infrstructure. Method of user authentication. What we used on the web with a certificate authority (CA) and public / private keys to confirm someone's identity
Method of user authentication. Open source security system. Issues users tickets as they log in, which are used to access resources. Tickets expire but are renewed by the server. Dependent on all PCs in the system to have sync'd clocks.
Authentication Authorization and Accounting. Conceptual models for managing network security through one cenral location. Also AAAA, which adds auditing
Common implementations of AAA
RADIUS and TACACS+
Implementations of AAA. Remote Authentication Dial In user Service. Terminal Access Controllers Access-Control System Plus. Authe nticatio nand accounting service used for verifying users over various types of network connections. ISPs use RADIUS server to store usernames and passwords of their clients. Handles authentication on behalf of wireless APs, RAS servers, or LAN switches.
Differences between RADIUS and TACACS+
RADIUS combines user authentication and authorization into one profile. TACACS+ separates the two. TACACS+ utilizes TCP but RADIUS uses UDP (connectionless). TACACS is considered more stable and more secure.
Network Access Control. Authentication method. Secures network hosts before they're allowed to access the network.
Authentication Method. Challenge Handshake Authentication Protocol. Secure authentication protocol -- Username and password never cross the wire. Both client/server are configurecd with a shared securet. Server challenges client with a random data to encrypt via one-way hash to prove it's credentials.
Microsoft Challenge handshake Authentication Protocol. Just like CHAP, but Microsoft encryptes the shared secret locally, while CHAP stores it locally in cleartext.
Extensible Authentication Protocol. Authentication method. Extension of PPP. Provices additional authentication methods for remote-access clients, like smart cards, certificates, biometric schemes, voice recognition, etc.
What two types of addresses can access control lists filter?
IP Addresses, MAC addresses
Which encryption protocol works with both IPv4 and IPv6?
Which encryption protocol or standard allows you to create a private network on an
Which user-authentication method uses a public key and private key pair?
In an authentication system that uses private and public keys, who should have access
to the private key?
Only the owner of the key
Which authentication method relies on tickets to grant access to resources?
In computer security, what does AAA stand for?
Authentication, Authorization, and Accounting
Which network access security method is commonly used in wireless networks?
Which user-authentication method is available only in an all-Windows environment?