Securing TCP/IP Chapter 10 Flashcards
(34 cards)
Define Remote Authentication Dial-in User Service (RADIUS)
System that enables remote users to connect to a network services (dialup)
Define Kerberos
Open authentication standard best known for serving as the authentication protocol in Windows domains
Authentication Protocol for TCP/IP networks with many clients all connected to a single authenticating server. Has no connection to PPP
Define Encryption
Process that attempts to make some data unreadable to anyone but the owner or intended recipients. Generally the data is scrambled and unscrambled with cryptographic keys. Encryption plays a critical role in securing traffic set across open networks such as the internet.
Define Integrety
Protecting data from being changed or deleted without authorization. In networks integrity is mainly verified with checks that ensure data sent to a recipient is unchanged when it its received at the destination host.
Define Nonrepediation
Not being able to deny having sent a message
Define Authentication
Process of verifying credentials of user attempting to access a system. Most common set of credentials are user name and password.
Define Authorization
A step in the AAA philosophy during which clients permissions are decided upon. Having access to only what you need access to.
Define Symmetric Key Encryption
Any encryption method that uses the same key for both encryption and decryption.
Define Asymmetric Key Encryption
Encryption method in which the key used to encrypt a message and the key used to decrypt it are different or Asymmetrical.
Define Hash
Fix length value that a hash function computes from its input. Hashes have many important jobs in computing but in networking they are primarily used for authentication and ensuring data integrity.
Define Digital Signature
A hash of a message which has been encrypted and attached to the message. The hash is encrypted with the signers private key. The recipient can decrypt the hash and use with he signers public key and use the hash to confirm the message was not altered. Verifies senders identity and integrity of the message.
Define Certificate
Digitally sign electronic document issues by a trusted third party, a certificate authority (CA), attesting to the identity of the holder of a specific cryptographic public key.
Define Public Key Infrastructure (PKI)
System for creating and distributing digital digital certificates issues by trusted third parties such as DigiCert GoDaddy or Sectigo
What are Network Access Controls (NAC) used for?
Usually prevents computers lacking antimalware and patches from accessing the network. Also creates policy which are separate from windows policy’s that define what individual systems can do on the network. Including network access, segregation of portions of the network, etc.
What makes up AAA ?
Authentication, Authorization and Accounting
Security philosophy where in a user trying to connect to a network must first present some form of credential in order to be authenticated and then must have limitable permissions within the network. The authenticating server should also record session information bout the client.
Define Accounting
Accounting keeps track of user activity while users are logged in to a network by tracking information such as how long they were logged in, the data they sent or received, their Internet Protocol (IP) address, the and the different services they accessed.
Define Point-to-Point Protocol (PPP)
A protocol that enables two devices to connect, authenticate with the user name and password, and negotiate the network protocol the two devices will use
Define MS-CHAP V2
Microsoft’s dominants variation of the CHAP protocol, uses a slightly more advanced encryption protocol. Most security in regards to PAP, CHAP and MS-CHAP
Define Challenge Handshake Authentication protocol (CHAP)
A remote access authentication protocol. Has the serving system challenge the remote client, which must provide an encrypted password.
Define Password Authentication Protocol (PAP)
The oldest and most basic form of authentication and also the least safe because it sends passwords in clear text.
Define a Network Access Server (NAS)
System that controls the modems in a RADIUS network.
Define Terminal Access Controller Access Control System + (TACACS+)
Cisco protocol to support AAA in a network with many routers and switches. It is similar to RADIUS in function, but uses TCP Port 49 by default and separates AAA into different parts.
Define Key Distribution Center (KDC)
System for granting authentication in Kerberos. The KDC stores secret keys for users and services
Define Authentication Server
In Kerberos the system that authenticates but does not authorize the client after verifying the submitted credentials, the server gives the client ticket-granting ticket.