Chapter 2 - Telecommunications and Network Security Flashcards Preview

My Notes of CISSP CBK > Chapter 2 - Telecommunications and Network Security > Flashcards

Flashcards in Chapter 2 - Telecommunications and Network Security Deck (157)
Loading flashcards...
61

Open System Authentication

most basic form of wireless authentication

62

Shared Key Authentication

encrypt a shared secret between the access point and the wireless client - WEP can be decrypted by an attacker in a very short time.

63

WiFi Protected Access

WPA - RC$ 128 bit uses temporal key integrity protocol - uses different key for each packet - mutual authentication. WPA2 certified IEEE 802.11i

64

EAP-TLS

Extensible Authentication Protocol, Transport Layer Security - mutual authentication with digital certificate - too much overhead

65

EAP_TTLS

tunneled TLS - digital certificates are used but no client-side certificate but less secure

66

EAP-PEAP

protected EAP - similar to EAP-TLS but non digital certificate

67

IEEE 802.11

802.11b legacy - first ratified version of WiFi 802.11a - not compatible with b 802.11g-frequency band of b and speed of a - 52Mbps. compatible with b

68

Bluetooth

short range low-power wireless specification

69

ARP

Address resolution protocol - given layer 3 IP address determines layer 2 MAC address - does not require authentication - maps 32 bit IPv4 to 48 bit hardware addresses. RARP - finds IP address

70

PPP

Point to Point protocol - used to connect a device to a network over a serial line to a network. ISPs use PPP to allow dial up users access to the Internet - supports authentication, Password Authentication Protocol, CHallenge handshake protocol, and Extensible Authentication protocol

71

Broadband wireless

IEEE 802.16 WiMax - 2Mbps to 10 Mbps - allows users to connect to wireless base stations miles from where they are located and obtain MAN access. Uses AES to protect confidentialilty with authentication options including EAP

72

Fiber Optics

uses glass or plastic to transmit light - light source, optical cable and light detector. 40gig/second, not easily intercepted

73

Firewalls

filters traffic based on a set of rules that enforce administrative security policies. Placed between entitites with different trust domains.complex to admister and manage. Filter by address or service. Should not mount file systems via NFS. 3rd generation firewalls - statefull inspection

74

NAT

Network Address Translation - change source address of outgoing packet to a different address. PAT - translate all source port number in the packet to a unique value

75

Static packet filetering

examine's static criteria - blocking all packets with Port number 79(finger) is an example

76

Stateful Inspection or Dynamic Packet FIltering

examines each packet in the context of the session allowing dynamic adjustments

77

Proxies

mediates communications between untrusted end-points and trusted end points - creates illusion that the traffic orginated from the proxy firewall hiding the trusted internal client from potential attackers

78

IPSec

IP security is a suite of protocols for communicating securely with IP by providing mechanisms for authenticating and encrypting. Transport mode - client to server, tunnel mode - firewall to firewall. HAIPE is an extension of IPSec. Does not allow system to select security protocols.

79

AH

Authentication Header is used to prove the identity of the sender and ensure that the transmitted data has not been tampered with using hash - ensures integrity not confidentiality - Encapsulating Security Payload - provides intergirty and confidentiality.

80

ESP

Encapsalating security payload encrypts IP packets and ensures their integirty

81

Security Association

SAs work in one direction and defines mechanisms that an endpoint will use to communicate

82

IKE

Internet key exchange - proves identity to each other - shared secret, public key encryption or revised mode of Public Key encryption is Phase 1. Phase 2 - security associations established. Like IPSEC - authentication with pre-shared key, public key, certificate based

83

PPTP

Point to Point Tunneling Protocol relies on generic routing encapsulation (GRE) to build the tunnel between end points - drives encryption key from the user's password

84

L2TP

Layer 2 Tunneling Protocol allows caller over a serial line using PPP to connect over the internet to a remote network - does not provide encryption

85

SSH

Secure Shell allows users to securely access resources on remote computers over an encrypted tunnel - supports authentication

86

SOCKS

popular circuit proxy used to access a remote server - application gateway acts as a connection proxy

87

SSL/TLS

SSL 3.0 and TLS 1.1 are compatible with SSL being a session encryption tool - creates a tunnel back to home office. At Application layer - 40 bit and 128 bit. Client side authentication. SSLv2 uses signed certificates

88

XMPP

Extensible Messaging and Presence Protocol. Jabber is an open instance messaging protocol and formalized XMPP

89

IRC

Internet Relay Chat - Port 194, RFC 1459 - unecrypted

90

RADIUS

Remote AUthentication Dial-in User Service - authentication protocol used mainly in network environments , or for similar services requiring single signon for layer 3, Port 1812, 1813 RFC 2865