Flashcards in Chapter 4: Secure Communications and Network Attacks Deck (74)
What are secure communication protocols?
Protocols that provide security services for application-specific communications channels.
List example secure communication protocols.
SKIP, swIPe, S-RPC, SSL, TLS, SET
What is SKIP?
Simple Key management for Internet Protocol. Designed to integrate with IPSec. Functions at layer 3. Can encrypt any subprotocol of TCP/IP. Replaced by IKE in 1998.
What is swIPe?
Software IP Encryption. Layer 3 protocol for IP. Provides authentication, integrity, and confidentiality using an encapsulation protocol.
What is S-RPC?
Secure Remote Procedure Call. An authentication service used to prevent unauthorized execution of code on remote systems.
What is SSL?
Secure Sockets Layer. Developed by Netscape to protect communications between web server and client. Session oriented. Deployed using 40 or 128 bit keys. Superceded by TLS.
What is TLS?
Transport Layer Security. Similar to SSL, but stronger.
What are the features of SSL and TLS?
Permits secure communications over an insecure network
Supports one way authentication
Supports two way authentication using digital certificates
Often implemented as the initial payload of a TCP pacakge, allowing it to encapsulate all higher level protocols.
Can be implemented at lower levels (3) to operate as a VPN. This is called OpenVPN.
What is SET?
Secure Electronic Transaction. Based on RSA and DES. Security protocol for transmission of transaction data over the internet. Not widely accepted. SSL/TLS sessions are preferred for secure e-commerce.
What is CHAP?
An authentication protocol. Challenge Handshake Authentication Protocol. Encrypts username/passwords in a dialog that can't be replayed. Periodically reauthenticates transparently to the user.
What is a VPN?
A virtual private network. A communications tunnel that provides point-to-point transmission of both authentication and data traffic over an intermediary untrusted network.
What problems exist with tunneling?
It's generally inefficient because the tunnelling protocol has its own error detection, handling, acknowledgement, and session management.
It can create larger or additional packets on the network that use additional network bandwidth.
It is point-to-point and doesn't handle broadcast traffic.
Tunnelling makes it difficult to impossible to monitor network traffic.
List 4 VPN protocols
PPTP, L2F, L2TP, IPSec.
What is a VLAN used for?
Hardware imposed network segmentation. Used to logically segment a network without changing its physical topology
What are the traffic management functions of a VLAN?
Control and restrict broadcast traffic / block broadcasts between subnets and VLANs
Isolate traffic between entwork segments
Reduce a network's vulnerability to sniffers
Protect against broadcast storms
What forms of remote access are typical for telecommuting?
Using a modem to dial up directly to a remote access server
Connecting to a network over the internet through a VPN.
Connecting to a terminal server through a thin-client connection
List the security considerations in granting remote access capabilities.
1) Remote access users should be stringently authenticated before being granted access
2) Only users who specifically need remote access for their assigned work tasks should be granted permission to use it
3) All remote communications should be protected from interception and eavesdropping, generally through encryption
What are the security concerns if secure communications channels are not established for remote access?
1) Anyone with a remote connection can atempt to breach the security of the organization, bypassing physical security controls
2) Telecommuters might use insecure or less secure systems to connect
3) Remote systems might be exposed to malicious code and might bring malware into the internal LAN
4) Remote systems might be less physically secure and be used by unauthorized entities
5) Remote systems might be more difficult to troubleshoot
6) Remote systems might be harder to upgrade or patch due to infrequent/slow connections
What is VoiP?
Voice over internet protocol.
What are the problems of VoiP?
1) Caller ID is easy to falsify
2) Call manager/VoiP systems have their own vulnerabilities
3) Man-in-the-middle attacks can be performed
4) Deploying VoiP on the same network as traditional clients can make 802.1X attacks possible, as well as VLAN and VoIP hopping.
What should the organization policy be with regard to modems?
No unauthorized modems can be allowed on any system connected to the private network.
What is RADIUS?
Remote Authentication Dial In User Service,, used to centralize authentication of rmote dial-up connections.
What is TACACS?
An alternative to RADIUS. Integrates authentication and identification processes. Get more from p165.
What is NAT?
Network address translation.
What are the benefits of NAT?
1) Connect an entire network using only one or a few public IPs
2) Can use private IPs on the internal network
3) Hides the IP addressing scheme and network topology from the Internet
4) Restricts connections so that only traffic stemming from internally originating connections are allowed back into the network, automatically repelling most attacks.
Describe Automatic Private IP Addressing
A method of assigning an IP address when DHCP fails. Primarily a Windows feature. Uses the Class B 169.254.X.X. Allows systems to communicate across the same broadcast domain, but not with any systems that have correctly configured IPs.
What is Circuit Switching?
A dedicated physical pathway is created between two communicating parties. Originally used for telephone calls.
What is Packet Switching?
Data is broken up into packets which are individually addressed and sent across intermediate networks.
Describe a DS-0 line
A dedicated line with a speed of 64 Kbps to 1.544 Mbps. A partial T1.