Protocols

Question 1

DHCP

Answer 1

Dynamic Host Configuration Protocol. IOS DHCP Secured IP Address Assignment, combats DHCP spoofing attacks, use case network address allocation attack scenarios

Question 2

NTP

Answer 2

Network Time Protocol - use case in time synchronization - port 123, or 1023

Question 3

DNS

Answer 3

Domain Name System - uses TCP/UDP Port 53. resolves Internet names to IP addresses. Consists of clients and servers that provide name translation services.
Uses authoritative servers that host DNS zones, which are the domain namespaces of the org and the subdomains and hosts. Can be primary or secondary servers. Zone file is a mapping of host names to IP addresses and is used to make the name-to-IP address translation
Most common attack - DNS cache poisoning

Question 4

DNS-SEC

Answer 4

Domain Name System Security Extensions - also uses Port 53. Used with secure domain name resolution and for preventing cache poisoning
RRSIG - resource record signature
DNSKEY record
NSEC - next secure secord
NSEC3 - enables DNS resolvers to verify hash values stored

Question 5

SNMPv3

Answer 5

Simple Network Management Protocol, version 3 - all versions use UDP ports 161, 162. Basis for many network management tools. Uses SNMP agents that respond to queries, can send traps. SNMPv1 and SNMPv2 lacked security, just clear passwords. version 3 has robust flexible encryption

Question 6

SSH

Answer 6

Secure Shell protocol - uses TCP port 22. Direct replacement for Telnet and other non-secure remote terminal programs. Designed to run in a tunneling mode, enables any application to run in an encrypted SSH tunnel. Don’t use Telnet

Question 7

FTP

Answer 7

File Transfer Protocol - uses TCP Ports 20, 21. Enables file upload and download from an FTP server. Inherently non-secure, unencrypted.

Question 8

FTPS

Answer 8

File Transfer Protocol, Secure. Uses TCP Port 990. Secure FTP that can be used over a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) secure session connection.

Question 9

SFTP

Answer 9

SSH File Transfer Protocol, functions similarly to normal FTP, but all data is encrypted through an SSH tunnel on port 22. Not the same as FTP or FTPS, does not use SSL or TLS. More common than FTPS

Question 10

SRTP

Answer 10

Secure Real-time Transport Protocol (SRTP) - uses the same port number as RTP - UDP 5004. Critical component of telephone over IP (VoIP). RTP is insecure.

Question 11

HTTP

Answer 11

Hypertext Transfer Protocol (HTTP) - runs on Port 80. enables users to access Web resources on the Internet. not secure by itself.

Question 12

HTTPS

Answer 12

Hypertext Transfer Protocol over SSL/TLS - runs on TCP port 443. sends normal HTTP traffic over an encrypted SSL or TLS connection. HTTPS essential for e-commerce, subscription services.

Question 13

SSL

Answer 13

Secure Sockets Layer - encryption, authentication services between hosts. TCP port 443.

Question 14

TLS

Answer 14

Transport Layer Security - TCP port 443. More secure upgrade of SSL, very similar though. Require a back and forth interaction, a SSL/TLS handshake.
1. Client hello. 2. Server hello. 3. Key exchange. 4. Finish

Question 15

POP3

Answer 15

Post Office Protocol, version 3 - port 110. Non-secure e-mail client protocol used to receive email through client apps. download all the email in the box, then delete the mail from the server. only one connection at a time to the user’s inbox.

Question 16

IMAP4

Answer 16

Internet Message Access Protocol version 4 - Port 143. Non-secure client e-mail protocol, more widely used than POP3. Can connect to an organizational or Web-based e-mail server, download email messages. Allows multiple connections to the server from multiple user clients, e-mail not automatically deleted from server.

Question 17

SMTP

Answer 17

Simple Mail Transfer Protocol - TCP Port 25. Server side email protocol used to send email messages from an org’s email server. No built-in security mechanisms. No authentication between hosts, relies on external authentication such as LDAP. Vulnerable to SMTP relay attack

Question 18

LDAP

Answer 18

Lightweight Directory Access Protocol (LDAP)

Question 19

LDAPS

Answer 19

Lightweight Director Access Protocol over SSL. LDAPv3 is better, has secure extensions

Question 20

POP3S

Answer 20

POP3 over SSL/TLS - port 995

Question 21

IMAPS

Answer 21

IMAP over SSL/TLS - port 993

Question 22

SMTPS

Answer 22

SMTP Secure - port 465

Question 23

STARTTLS

Answer 23

Older version of SMTPS, uses port 587

Question 24

WEP

Answer 24

Wired Equivalent Privacy - wireless cryptographic protocol, easily cracked, first security iteration of 802.11

Question 25

RC4

Answer 25

Rivest Cipher version 4, built into WEP. Rapidly encrypts 1 bit at a time, uses 40-bit to 2048-bit keys. RC4 is not necessarily a weak protocol and is found in other secure implementations, but was poorly implemented in WEP.

Question 26

WPA

Answer 26

Wi-fi Protected Access, a stopgap measure to replace WEP. Uses dynamic keys, larger key sizes, can be open mode, require authentication to a RADIUS server (WPA-ENT), or use of a pre-shared key (PSK), called WPA Personal. Uses the Temporal Key Integrity Protocol (TKIP) for generating encryption keys, can use dynamic keys

Question 27

WPA2

Answer 27

Wi-fi protected access 2 - first official implemetnation of thge 802.11i wireless security protocol standard. Replaces TKIP with AES, 128-bit symmetric block cipher, more robust and backwards compatible. Has WPA2 Peronal (pre-shared key_ and WPA2-Enterprise. WPA/WPA2 passphrase is not the key itself, different from WEP

Question 28

AES

Answer 28

Advanced Encryption Standard - used by wide variety of encryption applications. NIST standard. Rijndael encryption algorithm, much stronger than previous symmetric algorithms used like RC4. Used in WPA2, uses the Counter Mode Cipher Block Chaining Message Authentication Code Protocol, or Counter mode/CBC-MAC Protocol (CCMP). CCMP uses a 128-bit key and a 128-bit block size, 48-bit initialization vectors. larger IV helps prevent replay attacks

Question 29

WPA3

Answer 29

Wi-Fi Protected Access 3, released in 2018. Simultaneous Authentication of Equals (SAE) replaces PSK for encryption. SAE automatically forces every WPA3-capable device to use a Diffie-Hellman-style authentication/encryption process

Question 30

WPS

Answer 30

Wi-fi protected setup - enable anyone to join a WPS-capable device by pressing two buttons. Or could use a fixed eight-digit PIN code, only 7 digits are used though, the 8th is a checksum, and the 7 digits are confirmed in two groups…. only about 11,000 guesses to crack a WPA pin code, bad.

Question 31

802.1X

Answer 31

IEEE (Institute of Electrical and Electronics Engineers) standard, can be used in wired networks as well. A port-based access control method, can use a wide variety of security protocols, and is more of a framework.
A wireless client device is known as a ‘supplicant’ in an 802.1X environment
A WAP that uses 802.1X authentication methods is called the ‘authenticator’
The source providing authentication servers to the network is the ‘authentication server’
Can use EAP, EAP-TLS, EAP-TTLS, PEAP, LEAP, and EAP-FAST

Question 32

EAP

Answer 32

Extensible Authentication Protocol - a security framework that provides for varied authentication methods. Several different variations, some older and some better.

Question 33

EAP-TLS

Answer 33

EAP Transport Layer Security - primary EAP variation for years, uses the same TLS protocol used on secure web pages. Requires both a server-side certificate and a client-side certificate. Client-side are an administrative headache, as every device must have a unique one. Ultimate in 802.11 security.

Question 34

EAP-TTLS

Answer 34

EAP Tunneled Transport Layer Security - completely different from EAP-TLS, goes beyond the TLS protocol, adding a tunnel to provide better security, only requires a server-side certificate. Functionally equivalent to PEAP

Question 35

PEAP

Answer 35

Protected Extensible Authentication Protocol, another version of EAP that uses TLS, addressed problems with EAP, developed as an open protocol by Microsoft, RSA, Cisco. Similar to EAP-TTLS, requires a digital certificate on the server side to create secure TLS tunnel. Different versions of PEAP, all typically use digital certificates or smart cards.

Question 36

LEAP

Answer 36

Lightweight Extensible Authentication Protocol, proprietary developed by Cisco, used in wireless Cisco LAN devices for authentication
Uses dynamic WEP keys, provides for mutual authentication between wireless clients and a centralized RADIUS server. Has been replaced by EAP-FAST

Question 37

EAP-FAST

Answer 37

Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling, which addresses security issues with LEAP. Also Cisco. It is lightweight, but uses TLS tunnels to add security during authentication.

Question 38

RADIUS Federation

Answer 38

Remote Authentication Dial-In User Service Federation - a federated system involves the use of a common authentication system and credentials database that multiple entities use and share. A RADIUS federation could connect those systems wirelessly using RADIUS servers

Question 39

IPSec

Answer 39

Internet Protocol Security - a security protocol developed to provide security services (authentication and encryption) for IP traffic. Three major protocols make up IPsec:
AH - Authentication Header
ESP = Encapsulating Security Payload
ISAKMP = Internet Security Association and Key Management

Question 40

AH

Answer 40

Authentication Header - IPsec protocol, provides authentication and integrity services for IP traffic, and can be used on the entire IP packet, including the header and data payload

Question 41

ESP

Answer 41

Encapsulating Security Payload - takes care of encryption services, can provide protection for the entire IP packet, depending on the IPSec mode used, transport or tunnel.
-In Transport mode, header information is not encrypted so that hosts and network devices can read it
-In tunnel mode, IP traffic is encapsulated and sent outside of a LAN, across WAN links to other networks. This is what happens in VPN implementations that use IPsec.
ESP is typically only used in tunnel mode.

Question 42

ISAKMP

Answer 42

Internet Security Association and Key Management Protocol - used to negotiate a mutually acceptable level of authentication and encryption methods between two hosts. Acceptable level of security is called the security association between two hosts. an SA defines the encryption type and method, algorithms used, types of cryptographic keys and key strengths, and so on.
Internet Key Exchange (IKE) Protocol - IKEv2 now, is used in ISAKMP to negotiate the SA between hosts. IKE uses UDP Port 500.