Securing TCP/IP

Question 1

5 areas of TCP/IP Security

Answer 1

Encryption - scramble, mix up or change data
Integrity - data is received is the same as data sent
nonrepudiation - person can not deny they took a specific action
authentication - verify person accessing data
authroization - what can authorized person do with data

Question 2

symmetric-key algorithm

Answer 2

same key for both encryption and decryption

Question 3

asymmetric-key algorithm

Answer 3

different key for encryption and decryption

Question 4

block cipehers

Answer 4

name of most symmetric key algorithms

- encrypt chunks of data of a certain length at a time

Question 5

DES

Answer 5

Data Encryption Standard
64 bit block
56 bit key
susceptible to brute-force attacks

Question 6

stream ciphers

Answer 6

takes a single bit and encrypts it on the fly

Question 7

RC4

Answer 7

Rivest Cipher 4

• fast easy to use and free
• stream cipher

Question 8

AES

Answer 8

Advanced Encryption Standards

• block cipher
• 128, 192 or 256 bit key size

Question 9

public-key cryptography

Answer 9

primary asymmetric key algorithm

Question 10

encryption at each layer

Answer 10

1 - no encryption at this layer except bigger WAN tech like SONET
2 - no encryption done at this layer
3 - only IPSec, typically software that encrypts the IP packet, new outer layer encapsulates and encrypts inner packet
4 - neither TCP or UDP offers any encryption
5, 6, 7 - important encryption standards such as SSL and TSL

Question 11

hash

Answer 11

mathmatical function that you run on a string of binary digits of any length that results in a value of some fixed length (often called a checksum or message digest)

Question 12

cyptographic hash

Answer 12

• one way function
• hash is irreversible
• can be used to verify file integrity

Question 13

md5

Answer 13

message-digest algorithm version 5

- 128-bit message digest

Question 14

SHA

Answer 14

secure hash algorithm

• includes sha-1, sha-2, and sha-3
• sha-1 produces 160-bit message digest
• sha-2 has four variants
  
  • sha-224 (224 bit message digest)
  • sha-256
  • sha-384
  • sha-512
• sha-3 comes in 4 variants
  
  • sha3-224
  • sha3-256
  • sha3-384
  • sha3-512

Question 15

CRAM-MD5

Answer 15

tool for server authentication

Question 16

digital signature

Answer 16

a hash of the public key encrypted by the private key

Question 17

certificate

Answer 17

standardized type of file that includes a public key with a digital signatuure, and the digital signature of a trusted 3rd party

Question 18

NAC

Answer 18

Network Access Control

• usually prevents computers lacking anti-malware and patches from accessing the network
• creates policies that define what individiual systems can do on the network

Question 19

ACL

Answer 19

Access Control List

• clearly defined list of permissions that specifies what an authenticated user may perform on a shared resource
• three ACL models: mandatory, discretionary and role based

Question 20

Mandatory Access Control

Answer 20

MAC

• every resource is assigned a label that defines it security level
• if user lacks level, they don’t get access
• used in OS to determine what programs have access to other programs stored in RAM

Question 21

Discretionary Access Control

Answer 21

DAC

- resource owner controls access

Question 22

Role-based Access Control

Answer 22

RBAC

- managed by groups

Question 23

PPP

Answer 23

Point-to-Point Protocol

• enables to PPP devices to connnect, authenticate with a user/pass and netgotiate network protocol to use
• two methods of authentication, PAP and CHAP

Question 24

PAP

Answer 24

Password Authentication Protocol

- PPP protocol that simply transmits the user/pass in plaintext

Question 25

CHAP

Answer 25

Challenge Handshake Authentication Protocol - PPP protocol relies on a shared secret, usually a password that both ends of the connection knows - client creates a hash of password, sends to host - host compares has to password - periodically repeats the entire process to prevent man-in-the-middle attacks

Question 26

Microsft CHAP

Answer 26

MS-CHAPv2 - most common authentication method for dialup connections - offers most security

Question 27

AAA

Answer 27

Authentication, Authorization, and Accounting - port authentication - alooows remote users authentication to a particular point of entry (port) to another network

Question 28

RADIUS

Answer 28

Remote Authentication Dial-In User Service - created to support ISPs with thousands of modems to connect to a central database - consists of 3 devices - server that has access to a database of usernames and passwords - number of Network Access Servers (NASs) that control themodems - and a group of systems that in some way connect ot the network

Question 29

RADIUS server programs

Answer 29

IAS - Internet Authentication Service for MS Server | FreeRADIUS - Unix/Linux

Question 30

RADIUS ports

Answer 30

UDP port 1812 and 1813 | UDP 1645 and 1646

Question 31

TACACS+

Answer 31

Terminal Access Controller Access Control SYstem Plus - created by cisco to support AAA in a network with many routers and switches - very similar to RADIUS but uses port 49 by default - separates AAA into 3 parts - uses PAP, CHAP and MD5, but can use Kerberos

Question 32

Kerberos

Answer 32

an authentication protocol for TCP/IP networks with many clients all connected to a single authenticating server, no PPP - used in MS domains - uses UDP or TCP port 88 - KDC (key distribution center) has two process - Authentication Server (AS) - Ticket-granting Service (TGS) - token includes Security Identifier (SID) plus SIDs for groups the user is a member of - uses timestamps - if KDC goes down, no one has access - timestamps require everyones clocks are synced

Question 33

Single-sign On

Answer 33

ability to log in only one time and use the same token to access any resource

Question 34

SSH

Answer 34

Secure Shell | - use PKI in the form of an RSA key

Question 35

tunnel

Answer 35

secure links between tow programs on separate computers

Question 36

SSL

Answer 36

Secure Sockets LAyer - requires server with certificate - uses symmetic-key cipher - creates encrypted tunnel between SSL server and client

Question 37

TLS

Answer 37

Transport Layer Security - upgrade to SSL - works with almost any application

Question 38

IPsec

Answer 38

internet Protocol Security - works at internet/network layer - dominant encryption suite - works in transport mode and tunnel mode - transport - only payload of packet is encrypted - tunnel - entire packet is encrypted and placed inside another packet

Question 39

CRLs

Answer 39

Certificate Revocation Lists | - third party that tracks if certs have been revoked

Question 40

SCP

Answer 40

Secure Copy Protocol | - transfer data securely between two hosts using SSH

Question 41

SFTP

Answer 41

replacement for FTP - uses FTP over SSH - TCP port 23

Question 42

SNMP

Answer 42

Simple Network Management Protocol - queries state of SNMP capable devices - uses agents (special client programs) to collect network information from a management information base (MIB) - v1 & v2 unencrypted - v3 encrypted

Question 43

LDAP

Answer 43

Lightweight Directory Access Protocol - tool that programs use to query aqnd change a database used by the network - can talk to Active Directory and other directory service providers to query and change items uses TCP and UDP port 389

Question 44

LDAPS

Answer 44

- secure version of LDAP - now depricated used TCP port 636

Question 45

NTP

Answer 45

Network Time Protocol | - gives current time

Question 46

In PKI wihch key encrypts the data

Answer 46

public

Question 47

In order to have PKI, you must have

Answer 47

root authority