CISSP Domain 4 Flashcards
1
Q
Communication and Network Security
A
OSI and TCP/IP Models Protocol types and security issues LAN, WAN, MAN, Intranet, and extranet technologies Cable types and data transmission types Network devices and services Communications security management Telecommunications devices and technologies Wireless technologies Network Encryption Threats and attacks Software defined routing Content distribution networks Multilayer protocols Convergent network technologies
2
Q
Telecommunications
A
the electromagnetic transmission of data among systems
3
Q
OSI Reference Model
A
ISO standard 7498 provides important guidelines used by vendors, engineers, developers, and others.
4
Q
Encapsulation
A
Message moves down one stack and up another through the OSI model
5
Q
Application Layer 7
A
works closest to the user and provides file transmissions, message exchanges, terminal sessions, and much more.
Does not include applications
passes instructions and data
6
Q
Application Layer protocols
A
SMTP HRRP DNS IRC LDP
7
Q
Presentation Layer 6
A
puts information in a format
common means of representing data in a structure
8
Q
Presentation layer works as a
A
Translator.
Not concerned with the meaning of data,
but syntax and format
9
Q
Presentation Layer formats
A
TIFF
GIF
JPEG
Compression
10
Q
Presentation Layer handles
A
data compression and encryption
Only layer without protocols
11
Q
Session Layer 5
A
Responsible for establishing a connection between two applications, maintaining it during the data transfer, and controlling the release of the connections.
12
Q
Session Layer phases
A
Establish connection
data transfer
connection release
restart and connection if necessary
maintenance of the session.
13
Q
Session Layer Protocols
A
Password Authentication Protocol (PAP)
Point to Point Tunneling Protocol (PPTP)
Network Basic Output System (NetBIOS)
Remote Procedure Call (RPC)
14
Q
Session Layer modes
A
Simplex
Half Duplex
Full Duplex
15
Q
difference between Session and Transport layers
A
Session is between 2 applications
Transport is between 2 computers
16
Q
Security issue with RPC
A
lack of authentication or weak authentication
17
Q
Session Layer protocols are
A
the least used in a network environment
Should be disabled
18
Q
ATM
A
Asynchronous Transfer Mode
19
Q
OSI Layers vs TCP/IP Layers
A
Application Application
Presentation
Session
___________________________________
Transport Host to Host
___________________________________
Network Internet
___________________________________
Data Link Network Access
Physical
20
Q
Network Attacks can be
A
used as a channel for an attack
or
be the target of attack
21
Q
Transport Layer 4
A
When 2 computers communicate
Handshaking process
22
Q
Transport Layer provides
A
reliable data transfer error detection correction recovery flow control Optimization end to end data transport services establishes logical connection between two computers
23
Q
Transport Layer Protocols
A
TCP Transport Control Protocol
UDP User Datagram Protocol
IPX
24
Q
TCP vs UDP
A
connection vs best effort
25
Network Layer 3
inserts address and routing to packet's header
26
Network Layer Protocols
IP Internet Protocol
ICMP Internet Control Message Protocol
RIP Routing Information Protocol
OSPF Open Shortest Path First
IGMP Internet Group Management Protocol
BGP Border Gateway Protocol
27
Data Link Layer 2
```
formats in order to transmit over
Token ring
ATM
Ethernet
ATM
FDDI
```
28
Data Link sub layers
Logical Link Control LLC
Media Access Control MAC
29
Data Link LLC is defined in ISO
802-2
Flow control and Error checking
30
Ethernet is defined in ISO
802.3
31
Data Link MAC knows if the network is
Ethernet, Token Ring, or ATM
32
Token Ring is ISO is
802.5
33
Wireless LAN ISO is
802.11
Not to be confused with 802.1 for authentication
34
Data Link Protocols
```
Point to Point Protocol (PPP)
ATM
Layer 2 Tunneling Protocol (L2TP)
FDDI
Ethernet
Token Ring
```
35
IEE 802 Layers
LLC
MAC
36
Network Cards bridge the
Data Link and Physical Layers
37
Data Link Layer unit of data
Frame
38
Physical Layer 1
converts bits into voltage for transmission
39
Physical Layer controls
Synchronization
Data rates
Line Noise
Transmission Techniques
40
Presentation Layer Standards
American Standard Code for Information Interchange (ASCII)
Extended Binary Coded Decimal Interchange Mode (EBCDOC)
Tagged Image File Format (TIFF)
Joint Photographic Experts Group (JPEG)
Motion Picture Experts Group (MPEG)
Musical Instrument Digital Interface (MIDI)
41
Bridges and Switches understand only up to the
Data Link Layer
42
Repeaters only understand traffic at the
Physical Layer
43
Layer 3 device works at the
Network Layer
44
Distributed Network Protocol 3
Designed for use in SCADA systems
Not a general purpose protocol
No routing functionality
45
SCADA systems
Hierarchical architecture
Sensors connected to Remote Terminal Units (RTUs)
RTUs aggregate data and relay to the SCADA master
46
Remote Terminal Unit
In Distributred Network Protocol 3, SCADA, the RTU relays information to the SCADA
Control instructions and configurations changes are sent from SCADA to RTUs
47
SCADA master
It the Human Machine Interface (HMI)
48
Controller Area Network Bus
Run most automobiles worldwide
49
TCP/IP: Model
IP is a network layer protocol and provides routing services
50
Main protocols of Transport Protocol
TCP and UDP
51
Socket
Is the combination of protocol (TCP or UDP), port, and IP address.
52
Well Known Ports
0-1023
53
Registered Ports
1024-49151
54
Dynamic Ports
49152-65535 available to be used by any application on an "as needed" basis
55
TCP Handshake
1 Syn
2 Syn//ACK
3. ACK
TCP must setup connection before any data is sent
56
SYN flood
SYN packets sent with never an ACK.
Floods system with SYN packets
Denial of Service attack
57
Syn Flood defenses
SYN caches
delays allocation of a socket until handshakes are complete.
58
Segment vs Datagram
TCP is segment
UDP is Datagram
59
IP 4 vs IP 6 bits
IP4 is 32 bit
IP6 is 128 bit
60
IP 4 Class Ranges
A is 0.0.0.0 to 127.255.255.255
First byte is network remaining for hosts
B is 128.0.0.0 to 191.255.255.255
First 2 bytes are network and the remaining are hosts
C is 192.0.0.0 to 223.255.255.255
First 3 are network and the last one is hosts
D is 224.0.0.0 to 239.255.255.255
Used for multicast addresses
E 240.0.0.0 to 255.255.255
Reserved for research
61
CIDR
Classless Interdomain Routing
Provides flexibility to increase of decrease class sized
62
TTL
Time to Live
Keeps packets from traversing a network forever
63
TOS
Type of Service
Prioritizes different packets
64
IP 6
Has IPSEC built in
allows scoped addresses
Does not require NAT
65
Teredo
Intersite Tunneling Mechanism using UDP encapsulation
66
ISATAP
Intrasite tunneling mechanism
67
Danger of Teredo
Attackers can use open ports for unintended traffic in and out of the network
68
802.1AR
MAC security standard (MACSec)
Provides a unique ID for a device
EAP-TLS digital certificate
Only communication over network is device authentication
69
MACsec
provides hop by hop protection at layer 2
Only authenticated and trusted devices on the network can communicate with each other.
70
EAP-TLS authentication framework
Each device compliant with 802.1AR comes with a built in device identifier (iDevID)
71
802.1AE
Provides data encryption, integrity, and origin authentication
72
802.1AF
Key agreement
carries out key agreement functions for the session keys used for data encryption
73
RADIUS
Remote Authentication Dial In Service
Authenticates devices by digital certificates using 802.1AR EAP-TLS
74
TPM
Trusted Platform Module
75
Converged Protocols
VOIP
FCoE
MPLS
ISCSI
76
FCoE
Fiber Channel over Ethernet
allows fiberchannel frames to ride on Ethernet
Mostly used in SAN storage
Not common
77
MPLS
Multiprotocol Label Switching
Frequently used to create Layer 2 VPNs
Called a layer 2.5 protocol
Data Link 2 and Network 3
78
Internet Small Computer System Interface
ISCSI
Encapsulates SCSI data to TCP segments
79
IP Convergence
addresses specific type of converged protocols
Transitions services from disparate media and protocols to IP
80
Baseband
One channel transmission
81
Broadband
Uses several channels
82
Analog vs Digital
Analog signals are measured in amplitude and frequency
Digital signals represent binary digits
83
ASTM
Asynchronous Transfer Mode
Data Link layer framed with start and stop indicators
Transfer data in a stream
Synchronous employs timing mechanisms
84
Asynchronous Communication Characteristics
```
No timing component
Surrounds each bit with processing bits
Parity bit used for error control
Each byte requires three bits of instruction
start stop parity
```
85
Synchronous Communication Characteristics
Timing component for data transmission synchronization
Robust error checking, commonly through
Cyclic Redundancy Checking (CRC)
Used for high speed, high volume transmissions
Minimal overhead compared to asynchronous communication
86
Coaxial Cable
copper core that is surrounded by a shielding layer and grounding wire.
more resistant to electromagnetic interference (EMI)
87
Attenuation
loss of signal strength as it travels
88
Cross Talk
signals of one wire spill over to the signals of another wire
89
Bus topology types
Linear
Tree
90
Star Topology
all nodes connect to a central device
Ethernet
91
Mesh Topology
multiple connection routes
92
MTU
Maximum Transmission Unit
How much data a frame can carry
93
Token Passing
24 bit control frame used to control which computers communicate.
Token is passed from computer to computer.
Only the computer with the token can put frames on the wire.
used by token ring and FDDI technologies
Do not have problems with collisions
94
CSMA
Used by ethernet
Carrier Sense Multiple Access with Collision Detection
Fasterthan token passing
Wireless uses
CSMA/Collision Avoidance
Each computer signals its intent to transmit data before it actually does so.
95
Signal collisions between 2 machines are detected by
increased voltage on the line
96
A collision domain is
a group of computers contending or competing for the same shared communication medium
97
Broadcast domains
are sets of computing nodes that all receive a layer 2 broadcast frame
98
Internetwork
When 2 distinct LANs are connected by a router
99
WAN
When 2 LANs are connected by a data link layer technology such as frame relay or ATM, they are a WAN
100
Ethernet is defined by
Contention based technology using a shared medium
Uses broadcast and collision domains
Uses CSMA CD or CA
Supports full duplex communication
Can use twisted pair, coaxal, or fiber optic cabling
Defined by standard IEEE 802.3
101
FDDI
developed by ANSI
usually used as a backbone using fiber optic cabling
provides fault tolerance by offering a second counter rotating ring
primary ring sends data clockwise
secondary ring transmits data counterclockwise and invoked only if the primary goes down
Each node is connected to both rings
102
FDDI 2
provides fixed bandwidth that can be allocated for specific applications
103
Copper Distributed Data Interface
CDDI can work over UTP cabling
104
IEEE 802.3 802.4 802.5
Ethernet is 802.3
FDDI is 802.4
Token ring is 802.5
105
IGMP
Internet Group Management Protocol
used to report multiport group membership to routers
When a user access multicast traffic, they become a member of a multi cast group.
106
Frame
Data that is not fully encapsulated
107
ARP
Address Resolution Protocol
When data link layer receives a frame, the network layer has already assigned a destination IP
ARP broadcasts a frame requesting the MAC address for the destination IP.
108
ARP table cache poisoning
Goal is to receive packets intended for another computer
This is a masquerading attack
109
DHCP Discover
Client broadcast on the network to discover the DHCP server
110
DHCP Offer
Server's response to DHCP discover seeking an IP address
111
DHCP Request
Client responds to confirm its acceptance of an IP address
112
DORA process
```
DHCP
Discover
Offer
Request
Acknowledgement
```
113
DHCP snooping
method to shield networks from unauthenticated DHCP clients
Switches can direct clients to legitimate DHCP servers
Ensures DHCP servers can assign IP Addresses only to selected systems, identified by their MAC addresses
114
RARP
for diskless workstations to obtain IP addresses
115
BootP
Bootstrap Protocol for diskless workstations to obtain IP addresses
BootP is an enhancement to RARP
116
ICMP
Internet Control Message Protocol
```
IP's messenger boy
delivers status messages
reports errors
replies to certain requests
reports routing information
PING
```
117
PING
Ping is an ICMP utility to test connectivity to another system
Echo replies
118
ICMP attacks
data can be inserted to ICMP packets
119
ICMP tunneling
sets up covert channel to send data illegitimately
120
Simple Network Management Protocol
used to view network status, traffic flows, and hosts
121
2 components of SNMP
managers and agents
Manager is server that polls devices
Community string is a password
122
Community String
a password for SNMP
Community strings are sent in clear text in SNMP v1 and v2
123
SNMP ports
161 and 162
Should be closed to untrusted networks
Version 3 of SNMP has encrypted passwords
124
DNSSEC
implements PKI and digital signatures which allows DNS servers to validate the origin of a message to ensure it is not spoofed and potentially malicious
125
DNS Splitting
DNS in DMZ handles external hostname to IP addresses.
Internal DNS handles internal hostname to IP addresses
126
Domain grabbing and cyber squatting
stolen domain registration
127
SASL
Simple Authentication and Security Layer
protocol independent framework for performing authentication
128
Email Relaying
mail servers in DMZs may not be locked down enough
This enables spammers to spoof email via loosely configured relays
129
Phishing
social engineering
130
SPF
Sender Policy Framework
131
Spear Phishing Attack
zeroes in on certain people
132
Whaling attack
zero in on a big fish
133
Private IP Address ranges
10. 0.0.0 to 10.255.255.255 Class A
172. 16.0.0 to 172.31.255.255 Class B
192. 168.0.0 to 192.168.255.255 Class C
134
3 types of NAT
Static Mapping a pool of public IP addresses configured. Private addresses are statically mapped to specific public addresses
Dynamic Mapping Pool of IP addresses works as first come first serve
Port Address Translation Only one public IP address for all systems
135
Distance Vector Routing
routing decisions based on distance (or number of hops) and a vector (direction)
Looks only at the number of hops
RIP is a distance vector routing protocol
136
Link State Routing
sees more than just number of hops
OSPF is a Link State Routing Protocol
137
Routing Information Protocol
RIP
outlines how routers exchange routing table data. calculates the shortest difference.
Considered legacy
138
Open Shortest Path First
OSPF
link state
allows for a hierarchical routing network
OSPF has replaced RIP
139
Interior Gateway Routing Protocol
IGRP distance vector routing protocol
| proprietary to CISCO
140
Enhanced Interior Gateway Protocol
EIGRP
Cisco proprietary
faster routing than IGRP
141
Spanning Tree Algorithm STA
adds intelligence to bridges
Ensures frames do not circle networks forever.
provides redundant paths
assigns priority valuies
142
Source Routing
tell the bridges where to send the packets
143
PBX
Public Branch Exchange
private telephone switch
144
Phreaker
Phone Hacker
Uses default passwords to enter PBX switches
145
Types of firewalls
```
Packet Filtering
Stateful
Proxy
Dynamic Packet Filtering
Kernel Proxy
```
146
Three firewall arcitectures
Screened Host
Multihome
Screened Subnet
147
Packet Filtering Firewalls
based on network level protocol values
configured with ACLs
dictate type of traffic
148
First generation firewalls
Packet filtering
| Only have capability of reviewing protocol header at network and transport layers
149
Ingress filtering
Inbound traffic filtering
150
egress filteringq
outbound traffic filtering
151
Stateless inspection
Packet filtering
| device does not understand the content packets are working within
152
Firewall used at the edge of a network
Packet filtering
| gets the obvious junk
153
Weaknesses of packet filtering
Cannot prevent attacks that employ application specific vulnerabilities or functions
have limited logging functionality
do not support advanced user authentication
cannot detect spoofed addresses
not able to detect packet fragmentation attacks
154
Advantages of packet filtering
scalable
not application dependent
high performance
commonly used as first line of defense
155
Stateful firewalls
remembers and keeps track of packets until connection is closed
Keeps state of connection
156
Stateful Inspection Firewall Characteristics
Maintains a state table that tracks each communication session
Provides a high degree of security and does not introduce the performance hit that application proxy firewalls introduce
Is scalable and transparent to users
Provides data for tracking connectionless protocols such as UDP and ICMP
Stores and updates the state and context of data within the packets
157
Proxy firewalls
Middleman
intercepts and inspects messages before delivering them
Stands between a trusted and untrusted network.
Breaks the communication channel
158
Circuit level proxy
creates a connection between two communicating systems.
Works at the session layer of the OSI model
cannot look into contents of a packet
Considered application dependent
Traffic appears to have come from the proxy
159
Application Level Proxy
inspect the packet up through the application layer
Understands the packet as a whole
can make access decisions based on content
Understands services and protocols
can distinguish commands
Has one proxy per protocol
160
Characteristics of application level firewalls
extensive logging capabilities
| capable of authenticating users directly
161
Disadvantages of using application level proxy firewalls
not generally well suited to high bandwidth or real time applications
tend to be limited in terms of support for new network applications and protocols
They create performance issues because of the per-packet processing requirements.
162
SOCKS
a circuit level proxy gateway
| provides secure channel between 2 computers
163
Dynamic Packet Filtering Firewalls
Creates an ACL that allows and external entity to communicate with an internal system via a high numbered port
Without this, you would punch holes in your firewalls for ports above 1023
164
Kernel Proxy Firewalls
faster than application level proxy firewalls
| Connection between internal and external is broken
165
Fifth generation Firewall
Kernel Proxy Firewall
166
Next Generation Firewalls
Incorporates a signature based IPS engine
| Connects to external data sources such as Active Directory
167
Firewall type and OSI layer
```
Packet Filtering Network Layer
Stateful Network Layer
Application Level
Proxy Application Layer
Circuit Level
Proxy Session Layer
Dynamic packet filtering Network Layer
Kernel Proxy Application Layer
Next Generation Multiple Layers
```
168
Bastion Host
highly exposed device most likely to be targeted by attackers
Can be on the public side of a DMZ or directly connected to an untrusted network
Should have all unnecessary services and accounts disabled and administrative tools removed
169
Dual Homed Firewall
device that has 2 interfaces
One connected to one network and one connected to another network
Should have packet forwarding and routing turned off
170
Screened Host
firewall that communicates directly with perimeter router and internal network
171
Screened subnet
2 firewalls create a DMZ
172
Masquerading or spoofing
attacker modifies a packet header to have the source address of a host inside the network to be attacked.
No reason for a packet with an internal address to come in from the outside.
173
Fragmentation Attacks
IP Fragmentation
Teardrop attack
Overlapping fragment attack
174
IP Fragmentation attack
Flaws within IP are exploited.
Causes DoS attacks
175
Teardrop Attack
Malformed fragments are created by the attacker
When reassembled, cause system instability
176
Overlapping Fragment attack
overwrites a previously approved fragment and executes an attack on the victim system.
177
Source routing
the packet defines the network path. bypasses the router.
Source routing is often disabled
178
Honeypot
intended to be exploited by attackers
| Usually sits in the screened subnet or DMZ
179
Tarpits
slow down attacker
180
Unified Threat Management
provide multiple functionalities in a single network appliance
Considered all in one devices
181
Issues with UTM products
Single point of failure for traffic
Single point of compromise
Performance issues
182
Content Distribution Networks
multiple servers distributed across a large region optimized for users closest to it.
More resistant to Denial of Service attacks
183
Software Defined Networking
dynamically route traffic to services and platforms
184
Drivers in SDN
Cloud Computing
Big Data
Mobile computing
185
Control Planes
Where the internetwork routing decision are made
Part of the router that runs the routing protocol like OSPF.
Responsible for discovering the topology of the network and maintaining routing tables
186
Forwarding plane
where traffic forwarding decisions are made
Follows the directions of the control plane
Control plane is the strategic, methodical planner of traffic routing.
Forwarding plane is the tactical, fast executioner of those plans
187
Control Plane vs Forwarding Plane
Control plane is central
| Forwarding is in each device
188
Approaches to SDN
Open
API
Overlay
189
Intranet vs extranet
strictly internal vs internal with external links
Extranets are often used in business to business communication
190
Value Added Networks
Use EDI for internal communications and with other companies
commonly used with supplier companies to provide inventory for like Target, Walmart
191
EDI
Electronic Data Interchange
Provides structure and organization for electronic documents, orders, invoices, purchase orders, and data flow
192
Metropolitan Area Networks
usually a backbone that connects LANs to eachother and LAN to WAN, the internet, and telecommunication networks
193
SONET
Synchronous Optical Networks
Majority of Metropolitan Area networks are SONET or FDDI
194
SONET is a standard for
telecommunications transmissions over fiber optic cables
SONET is self healing. If a break in a line occurs, it can use a backup redundant ring
195
VPLS
Virtual LAN Service is a multipoint, Layer 2, VPN that connects 2 or more customer devices using ethernet bridging techniques
VPLS emulates a LAN over a managed IP/MPLS network
196
Wide Area Networks
When a computer on one network needs to communicate with a network on the other side of the country or in a different country altogether, WAN technologies kick in
197
Asynchronous Transfer Mode (ATM)
Telecommunication packets that travel on SONET
High speed network technology used in WAN implementations by carriers, ISPs, and telephone companies
198
Telecom History
```
Copper lines carry purely analog signals
T1 lines carry up to 24 conversations
T3 lines carry up to 28 T1 lines
Fiber Optics over SONET networks
ATM over SONET
```
199
Dedicated link
also called a leased line or point to point link
Link is not shared with any other entities
200
STDM
Statistical time division Multiplexing
Transmits several types of data simultaneously across a single transmission line such as T1 or T3
201
CSU/DSU
Required when digital equipment will be used to communicate with telecommunication lines
Converts data from routers, switches, and multiplexers to be transmitted over service provider digital lines
202
Two main types of switching
Circuit switching and packet switching
203
Circuit Switching
Sets up a virtual connection that acts like a dedicated link between 2 systems
204
Packet switching
is not dedicated
flow may use various routes
205
Circuit switching characteristics
Connection oriented virtual links
Traffic travels in a predictable and consistent manner
Fixed delays
Usually caries voice oriented data
206
Packet switching characteristics
packets can use many dynamic path
traffic is usually bursty in nature
variable delays
usually carries data oriented data
207
Frame relay
a WAN technology that operates at the data link layer
uses packet switching technology to let multiple companies and networks share the same WAN medium
Is considered legacy
208
Permanent Virtual Circuit PVC
like a private line with agreed upon availability
has guaranteed bandwidth
209
Switched Virtual Circuits SVCs
similar to dial up connections
Variable bandwidth
210
Quality of Service
distinguishes between different classes of messages and assigns priority levels
211
QOS has 3 levels
Variable bit Rate VBR
Unspecified bit rate UBR
Available Bit Rate ABR
212
Synchronous Data Link Control
used in networks that use dedicated leased lines with permanent physical connections
213
HDLC
a framing protocol that is used mainly for device to device communication
214
Point to Point Protocol PPP
a data link protocol that carries out framing and encapsulation for point to point connections
encapsulation of multiprotocol packets
Often used in telecom
215
PPP authenticattion
PAP Password Authentication Protocol
CHAP Challenge Handshake Authentication Protocol
EAP Extensible Authentication Protocol
216
Password Authentication Protocol PAP
Insecure as it sends passwords in cleartext
If must be used, use it over an encrypted connection
217
Link Control Protocol LCP
establishes, configures, and maintains connections
Used to carry out encapsulation format options
handles variable limits on packet sizes, detects loopback sizes
218
Data Link Protocols
control how devices talk to eachother
219
HSSI
High Speed Serial Interface
| used to connect multiplexers and routers to high speed communication services such as ATM and frame relay
220
SIP
Session Initiation Protocol
sets up and breaks down call sessions
Application Layer Protocol that can work over TCP or UDP
A signaling protocol widely used for VOIP communication sessions
221
Components needed for VOIP
an ip telephony device
a call processing manager
voicemail system
gateway
222
SPIT
Spam over Internet Telephony
223
ISDN
Integrated Service Digital Network
224
PPTP
Point to Point Tunneling Protocol
Used to secure PPP connections
Encapsulates PPP
225
PPTP authentication
PAP
CHAP
MS-CHAP
EAP TLS
226
MPPE
Microsoft Point to Point Encryption
227
PPTP limitations
Restricted to IP
cannot support multiple connections
can be used for system to system communication but not gateway to gateway
PPTP relies on PPP functionality for a majority of its security functions
Never became an industry standard
228
Layer 2 Tunneling Protocol
combines features of PPTP and Cisco's Layer 2 Forwarding (L2F)
L2TP tunnels PPP traffic over various network types
(IP, ATM, X25)
not just restricted to IP
Integrates with IPSec to provide confidentiality, integrity, and potentially another layer of authentication
229
IP:Sec
A suite of protocols developed to protect IP traffic
bolts onto IP 4
PPTP and L2TP work at the data link layer.
IPSec works at the network layer
230
Protocols that make up IPSEC
Authentication Header (AH)
Encapsulating Security Payload (ESP)
Internet Security Association and Key Management Protocol (ISAKMP)
231
Can be used separately or together in IPSec
AH and ESP
232
HAIIPE
High Assurance Internet Protocol Encryptor
is a Type 1 encryption device based on IP
secure gateway that allows 2 enclaves to exchange date over an untrusted network
works at the Network layer
has largely replaces link layer encryption
233
Transport Layer Security VPN
Works at the session layer
used mainly to protect HTTP traffic
already embedded in most web browsers
234
IPSEC can be configured
to provide transport adjacency
| more than one security protocol (ESP and AH) is used in a VPN tunnel
235
Iterated runneling
an IPSEC tunnel tunneled through another IPSec tunnel
236
Common types of VPN tunnel
TLS portal VPN
| TLS tunnel VPN
237
TLS portal VPN
single standard TLS connection to a website
called a portal because a single location provides access to other resources
remote user accesses TLS/VPN gateway using a browser, is authenticated, and presented with a webpage for services
238
TLS Tunnel VPN
Individual uses a web browser to securely access multiple network services including applications and services that are not web based
239
PPTP summary
Works in a client server model
Extends and protects PPP connections
Works at the data link layer
Transmits over IP networks only
240
Layer 2 Tunneling Protocol Summary
```
Hybrid of L2F and PPTP
Extends and protects PPP connections
Works at the data link layer
Transmits over multiple types of networks, not just IP
Combined wiht IPSec for security
```
241
IPSec Summary
Handles multiple VPN connections at the same time
Provides secure authentication and encryption
Supports only IP Networks
Focuses on LAN to LAN communication rather than user to user communication
Works at the network layer, and provides security on top of IP
242
Transport layer Security TLS Summary
Works at the session layer and protects mainly web and email traffic
Granular access control and configuration available
Easy deployment since TLS is already embedded in web browsers
Can only protect a small number of protocol types
Not an infrastructure level VPN solution
243
Password Authentication Protocol
| AP)
used by remove users to authenticate over PPP connections
Provides identification and authentication
Credentials are sen to the authentication server after a connection has been established via PPP
Authentication server has a database to authenticate users
PAP security is the least secure because credentials are sent in cleartext
244
Challenge Handshake Authentication Protocol (CHAP)
addresses vulnerabilities found in PAP
uses a challenge/response instead of having the user send password over the wire
Server sends a one time challenge (NONCE)
Challenge is encrypted
245
MS CHAP
Microsoft version of CHAP provides mutual authentication functionality
Has 2 versions that are incompatible
Not vulnerable to P
man in the middle attacks because it continues the challenge/response activity
246
Extensible Authentication Protocol
supported by PPP provides a framework to enable many types of authentication techniques.
Can use one time passwords, token cards, biometrics, Kerberos, digital certificates
247
Wireless FHSS vs DSSS
FHSS uses only a portion of the total bandwidth available.
DSSS uses all available bandwidth
248
Ad Hoc wireless LAN
No APs
called infrastructure WLAN used to extend an existing wired network
acts as a wireless hub stream symmetric cipher
249
WEP deficiencies
use of static encryption keys
ineffective use of initialization vectors
Lack of packet integrity assurance
250
Protocol used by WEP
RC4
251
Temporal Key Integrity Protocol TKIP
backward compatible with WLAN devices
TKIP generates new dynamic keys
Made to increase security of WE{ or replace it without the need for hardware upgrade
252
Tools to crack WEPs
AirSnort
WEPCrack
253
Lightweight Extensible Authentication Protocol
CISCO proprietary
254
EAP TLS
used by Microsoft and others
| Authenticates by digital certificates
255
Protective EAP
is server side only EAP
256
MIME
Multipurpose Internet Mail Extensions
| specifies how multimedia and email binary attachments are to be transferred
257
S MIME
Secure MIME is a standard for encrypting and digitally signing email and providing secure transmission
258
Pretty Good Privacy
PGP
Phil Zimmerman freeware email security program
First widespread public key encryption program
is a complete cryptosystem that protects email and files
Can use RSA public key encryption for key management and IDEA symmetric cipher for bulk encryption of data
Uses MD5 hashing algorithm,
authentication by using public key certificates
259
Web of trust
Used by PGP instead of Certificate Authorities (CA)
260
HTTP Secure
HTTP running over Secure Sockets Layer (SSL)or TLS.
261
Secure Sockets Layer
uses public key encryption and provides data encryption, server authentication, message integrity, and optional client authentication
SSL developed by Netscape and not open community pits security protocol
262
POODLE
Padding Oracle On Downgraded Legacy Encryption attach in 2014 was death for SSL Forces SSL to downgrade its security for the sake of interoperabiity
263
Secure Shell SSH
functions as a type of tunneling mechanism
provides terminal like access to remote computers. SSH is a program and protocol that can be used to log into another computer over a network
264
Denial of Service
compromises the availability of a system
| results in a service or resource degraded or made unavailable to legitimate users
265
Malformed Packets
Ping of death
ICMP echo attack
early networks did not enforce the maximum length of a ICMP packet which is 65536 bytes. Operating systems could not handle packets larger
266
Flooding
overwhelm the target computer with packets.
267
SYN flooding
exploits the three way handshake that TCP users
268
Distributed Denial of Service
High volume DOS
uses an army of hijacked or zombie computers
Best defense is a content based distribution network
269
Sniffing
Is the attack of confidentiality of your data
| Requires NICs to be in promiscuous mode
