Flashcards in Network+ Chapter 13 Deck (25):
________typically reside on routers to determine which packets are allowed to route through them based on the requesting devices's source or destination IP.
ch 13 pg 432
Access Control Lists (ACLs)
What 4 things should you do when configuring ACLs between the internet and your private network to mitigate security problems?
Ch 13 pg 433
Deny any address from your internal networks
Deny any local host address(127.0.0.0/8)
Deny any reserved private addresses
Deny addresses in the IP multicast address range (188.8.131.52/4)
Ch 13 pg 434
Encapsulating one protocol within another to ensure that a transmission is secure.
The Network+ exam will test your understanding of the following tunneling protocols?
Ch 13 pg 434
VPNs (Virtual Private Network)
SSL (Secure Socket Layer)
SSL VPN (Secure Socket Layer Virtual Private Network)
Layer 2 Tunneling Protocol (L2TP)
Point to Point Tunneling Protocol(PPTP)
Generic Routing Encapsulation(GRE)
Internet Protocol Security (IPSec)
____________ allow remote users like telecommuters to securely access the corporate network wherever and whenever they need to.
Host-to-Site (Remote-Access) VPN's
What is one of the most common reasons why users can connect to the internet and not their office?
The users don't have the correct VPN address and password.
_________VPN allow an organization's suppliers, partners, and customers to be connected to the corporate network in a limited way for business-to-business b2b communications.
Who created L2TP?
Internet Engineering Task Force (IETF).
Which port does PPTP use and what is its function?
PPTP is a VPN protocol that runs over port 1723 and allows encryption to be done at the Application (data) level.
_____________is a tunneling protocol that can encapsulate many protocols inside IP tunnels. Some examples would be routing protocols such as EIGRP and OSFP and the routed protocol IPv6.
Generic Routing Encapsulation (GRE)
Which two modes does IPSec work in?
transport mode and tunneling mode.
_____________defines procedures and packet formats to establish, negotiate, modify, and delete security associations
Internet Security Association and Key Management Protocol (ISAKMP)
______________is a Layer 2 protocol that provides authentication, encryption, and compression services to clients logging in remotely.
(p. 446). Wiley
Point-to-Point Protocol (PPP)
_____________is an extension of PPP. Its purpose is to encapsulate PPP frames within Ethernet frames.
Point-to-Point Protocol over Ethernet PPPoE
What has been the preferred method of encryption in the US since 2002 and has key lengths of 128,192,256 bits.
Advanced Encryption Standard (AES)
_______________is not a protocol but refers to the combination of hardware and software required to make a remote-access connection.
Remote Access Services (RAS)
_____________allows users to connect to a computer running Microsoft's Remote Desktop Services, but a remote computer must have the right kind of client software installed for this to happen.
Remote Desktop Protocol (RDP)
What are 3 things you need to do when a user leaves the organization?
Leave the account in place.
Delete the account.
Disable the account.
What are some passwords formats that you should never use?
The word password Proper names
Your pet's name
Your spouse's name
Your children's names
Any word in the dictionary
Define Multifactor authentication?
Multifactor authentication is designed to add an additional level of security to the authentication process by verifying more than one characteristic of a user before allowing access
What are 3 ways a user can be identified by using Multifactor authentication?
By something they know (password)
By something they are (retinas, fingerprint, facial recognition)
By something they possess (smart card)
______________is a system that links users to public keys and verifies a user's identity by using a certificate authority (CA).
Public Key Infrastructure (PKI)
___________is a computer network authentication protocol which works on the basis of 'tickets' to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.
What are two major differences between TACACS + and RADIUS:
RADIUS combines user authentication and authorization into one profile, but TACACS + separates the two.
TACACS + utilizes the connection-based TCP protocol, but RADIUS uses UDP instead.