Securing TCP/IP Chapter 10

Question 1

Define Remote Authentication Dial-in User Service (RADIUS)

Answer 1

System that enables remote users to connect to a network services (dialup)

Question 2

Define Kerberos

Answer 2

Open authentication standard best known for serving as the authentication protocol in Windows domains

Authentication Protocol for TCP/IP networks with many clients all connected to a single authenticating server. Has no connection to PPP

Question 3

Define Encryption

Answer 3

Process that attempts to make some data unreadable to anyone but the owner or intended recipients. Generally the data is scrambled and unscrambled with cryptographic keys. Encryption plays a critical role in securing traffic set across open networks such as the internet.

Question 4

Define Integrety

Answer 4

Protecting data from being changed or deleted without authorization. In networks integrity is mainly verified with checks that ensure data sent to a recipient is unchanged when it its received at the destination host.

Question 5

Define Nonrepediation

Answer 5

Not being able to deny having sent a message

Question 6

Define Authentication

Answer 6

Process of verifying credentials of user attempting to access a system. Most common set of credentials are user name and password.

Question 7

Define Authorization

Answer 7

A step in the AAA philosophy during which clients permissions are decided upon. Having access to only what you need access to.

Question 8

Define Symmetric Key Encryption

Answer 8

Any encryption method that uses the same key for both encryption and decryption.

Question 9

Define Asymmetric Key Encryption

Answer 9

Encryption method in which the key used to encrypt a message and the key used to decrypt it are different or Asymmetrical.

Question 10

Define Hash

Answer 10

Fix length value that a hash function computes from its input. Hashes have many important jobs in computing but in networking they are primarily used for authentication and ensuring data integrity.

Question 11

Define Digital Signature

Answer 11

A hash of a message which has been encrypted and attached to the message. The hash is encrypted with the signers private key. The recipient can decrypt the hash and use with he signers public key and use the hash to confirm the message was not altered. Verifies senders identity and integrity of the message.

Question 12

Define Certificate

Answer 12

Digitally sign electronic document issues by a trusted third party, a certificate authority (CA), attesting to the identity of the holder of a specific cryptographic public key.

Question 13

Define Public Key Infrastructure (PKI)

Answer 13

System for creating and distributing digital digital certificates issues by trusted third parties such as DigiCert GoDaddy or Sectigo

Question 14

What are Network Access Controls (NAC) used for?

Answer 14

Usually prevents computers lacking antimalware and patches from accessing the network. Also creates policy which are separate from windows policy’s that define what individual systems can do on the network. Including network access, segregation of portions of the network, etc.

Question 15

What makes up AAA ?

Answer 15

Authentication, Authorization and Accounting

Security philosophy where in a user trying to connect to a network must first present some form of credential in order to be authenticated and then must have limitable permissions within the network. The authenticating server should also record session information bout the client.

Question 16

Define Accounting

Answer 16

Accounting keeps track of user activity while users are logged in to a network by tracking information such as how long they were logged in, the data they sent or received, their Internet Protocol (IP) address, the and the different services they accessed.

Question 17

Define Point-to-Point Protocol (PPP)

Answer 17

A protocol that enables two devices to connect, authenticate with the user name and password, and negotiate the network protocol the two devices will use

Question 18

Define MS-CHAP V2

Answer 18

Microsoft’s dominants variation of the CHAP protocol, uses a slightly more advanced encryption protocol. Most security in regards to PAP, CHAP and MS-CHAP

Question 19

Define Challenge Handshake Authentication protocol (CHAP)

Answer 19

A remote access authentication protocol. Has the serving system challenge the remote client, which must provide an encrypted password.

Question 20

Define Password Authentication Protocol (PAP)

Answer 20

The oldest and most basic form of authentication and also the least safe because it sends passwords in clear text.

Question 21

Define a Network Access Server (NAS)

Answer 21

System that controls the modems in a RADIUS network.

Question 22

Define Terminal Access Controller Access Control System + (TACACS+)

Answer 22

Cisco protocol to support AAA in a network with many routers and switches. It is similar to RADIUS in function, but uses TCP Port 49 by default and separates AAA into different parts.

Question 23

Define Key Distribution Center (KDC)

Answer 23

System for granting authentication in Kerberos. The KDC stores secret keys for users and services

Question 24

Define Authentication Server

Answer 24

In Kerberos the system that authenticates but does not authorize the client after verifying the submitted credentials, the server gives the client ticket-granting ticket.

Question 25

Define Ticket-Granting Ticket (TGT)

Answer 25

Sent by an authentication server in a Kerberos setup, if the credentials match sent by the client match those in its database, the client uses the TGT to request authorization for network resources from the Ticket Granting Server

Question 26

Define Secure Shell (SSH)

Answer 26

Terminal emulation program that looks like Telnet but encrypts the data. SSH has replaceed Telnet on the internet.

Question 27

Define SSH Tunnel

Answer 27

Encrypted link between SSH Processes on two sepereate computers. Once an SSH link between a server and a client is established, anything you enter into the client application is encrypted sent to the server decrypted and then acted upon.

Question 28

Define Tunnel

Answer 28

Encrypted link between two programs from two separate computers

Question 29

Define Secure Sockets Layer and Transport Layer Security SSL/TLS

Answer 29

SSL is a protocol developed by Netscape for securing websites. Final version was 3.0 before the name was changed to TLS.

TLS hosts used public key cryptography to secure securely negotiate a cypher and symmetric key over an unsecure network, and symmetric key to encrypt the rest of the session.

Question 30

Define Internet Protocol security (IPsec)

Answer 30

Network layer encryption protocol

Question 31

Define Secure Copy Protocol (SCP)

Answer 31

One of the first programs to use SSH to send encrypted data, might have replaced FTP if it didnt have some flaws

Question 32

Define SSH File Transfer Protocol (SFTP)

Answer 32

Replacement for FTP released after many of the inadequacies of SCP such as inability to see files on other computer.

AKA Secure STP

Question 33

Define Simple Network Managment Protocol (SNMP)

Answer 33

Set of standards for communications with network devices such as switchs, routers, waps connected to TCP/IP Network. Used for network management.

Question 34

Define Lightweight Directory Access Protocol (LDAP)

Answer 34

Protocol used to query and change a database used by the network. Uses TCP Port 389 by default