Domain 4: Communication and Network Security: Day 6
What do EAP-FAST use for security?
It uses a Protected Access Credential (PAC), which acts as a pre-shared key.
Secure Shell (SSH) servers listen on what port and protocol?
TCP port 23
What provides confidentiality
AES
What network technology uses fixed-length cells to carry data?
ATM
Which endpoint security technique is the most likely to prevent a previously unknown attack from being successful?
Application Whitelisting
What is the most secure type of firewall?
Application-layer Proxy Firewall
Which of the following authentication protocols uses a three-way authentication handshake?
CHAP
What is the most secure type of EAP?
EAP-TLS
What network cable type can transmit the most data at the longest distance?
Fiber Optic
Restricting Bluetooth device discovery relies on the secrecy of what?
MAC Address
Which transmission mode is supported by both HDLC and SDLC?
Normal Response Mode (NRM)
What provides integrity
SHA-1
Which device operates at Layer 2 of the OSI model?
Switch
PEAP (Protected EAP),
This is not requiring client-side certificates.
PPP (Point-to-Point Protocol)
This protocol is based on High-Level Data Link Control (HDLC)
What do EAP-TLS uses for authentication.
Tunnel
Which protocol should be used for an audio streaming server, where some loss is acceptable?
UDP
Which wireless security protocol is also known as the RSN (Robust Security Network), and implements the full 802.11i standard?
WPA2
What is the authentication protocol in WAP
Wireless Transport Layer Security (WTLS), which is based on TLS.
What WAN Protocol has no error recovery, relying on higher-level protocols to provide reliability?
X.25
EAP-MD5
is one of the weakest forms of EAP. It offers client → server authentication only this makes it vulnerable to man-in the-middle attacks and password cracking attacks.
TLS (Transport Layer Security)
is the latest version of SSL, equivalent to SSL version 3.1
L2TP (Layer 2 Tunneling Protocol)
combines PPTP and L2F; L2TP focuses on authentication; uses IPsec to provide encryption
Encapsulating Security Protocol (ESP)
confidentiality
What are the security features do PPP have?
confidentiality, integrity, and authentication
what do security flaws do SLIP have
confidentiality, integrity, or authentication
LEAP (Lightweight Extensible Authentication Protocol)
is a Cisco-proprietary protocol released before 802.1X was finalized
SLIP (Serial Line Internet Protocol)
is a Layer 2 protocol that provides IP connectivity via asynchronous connections such as serial lines and modems
PAP (Password Authentication Protocol)
is a very weak authentication protocol. It sends the username and password in cleartext.
EAP (Extensible Authentication Protocol).
is designed to provide authentication at Layer 2; 802.1X is "Port Based Network Access Control
IPSec: Transport mode
protects the IP data (layers 4-7) only, leaving the original IP headers unprotected.
IPSec: Tunnel mode
provides confidentiality (ESP) and/or authentication (AH) to the entire original packet, including the original IP headers.
EAP-TTLS (EAP Tunneled Transport Layer Security),
simplifies EAP-TLS by dropping the client-side certificate requirement, allowing other authentication methods for client-side authentication but less secure when omitting the client-side certificate
A drawback of CHAP is that
the server stores plaintext passwords of each client. An attacker who compromises a CHAP server may be able to steal all the passwords stored on it
PPTP (Point-to-Point Tunneling Protocol)
tunnels PPP via IP. GRE(Generic Routing Encapsulation) to pass PPP via IP and and uses TCP for a control channel
EAP-TLS (EAP-Transport Layer Security)
uses PKI, requiring both server-side and client-side certificates.
CHAP (Challenge-Handshake Authentication Protocol)
uses a three-way authentication, is not susceptible to replay attacks.
EAP-FAST (EAP-Flexible Authentication via Secure Tunneling)
was designed by Cisco to replace LEAP';
Secure Sockets Layer (SSL)
was designed to protect HTTP data
Wireless Application Protocol (WAP)
was designed to provide secure Web services to handheld wireless devices such as smart phones
