15. Security+ SY0-501: Implementing Secure Protocols
How does Hashing authentication work in case of routing updates?
--A hashing algorithm is run on a routing update using the configured key. The result is added to the end of the routing update. --The neighbor runs hashing algorithm on the received update and it's local key which result a hash digest. --If the created hash digest matches with the received hash digest then the router accepts the update.
What kind of security does EIGRP authentication gives?
--It helps to prevent DoS attacks --Other devices (not neighbors) can read the EIGRP messages --however they cannot form neighborship
What is a key chain? What are it's advantages?
--It is a collection of keys, each identified with a key ID that is associated. --Each key can be configured to be used in a specified timewindow = time-based key chain.
What is the difference between IGP and BGP security?
BGP specifies the neighbor there is a smaller chance for threats. The existing TCP session still can get hijacked.
Protocols that can run over SSL/TLS
HTTPS, SMTP, LDAP, POP3, or IMAP
Vulnerabilities of SSL/TLS
Heart Bleed Bug and protocol downgrade or fallback.
How does OSPFv3 authentication work?
OSPFv3 using IPSEC for authentication and Encapsulating Security Payload (ESP) for authentication and encryption.
While the _____ protocol assumes that your email is being accessed only from one application, _______ allows simultaneous access by multiple clients. This is why ______ is more suitable for you if you're going to access your email from different locations or if your messages are managed by multiple users.
POP3 / IMAP /IMAP
DNSSEC does not provide
confidentiality of DNS data. There are no protections against DoS or DDoS attacks. SSL/TLS and IPsec are not adequate in themselves.
AuthNoPriv
is a cryptographic HMAC, SHA1 or preferably SHA2, to secure authentication credentials and provide integrity, but no data encryption.
Protocol downgrade or fallback
is presently the highest probabilistic vulnerability.
Secure Shell 2 (SSH2) can be used in
voice and video, time synchronization, e-mail and web, file transfer, directory services, remote access, DNS, routing, switching, network address allocation, and subscription services.
The Heartbleed bug
was and is a severe vulnerability specific to the popular OpenSSL versions 1.0.1 to 1.0.1f.
NTPv4
which is covered in RFCs 5905 and 5906, supports both IPv4 and IPv6 and the more recent Autokey security model.
Secure Sockets Layer and Transport Layer Security (SSL/TLS)
*is standardized by IETF. *is the most ubiquitous certificate-based peer authentication in use on the Internet. *The only mandatory cipher suite includes RSA for authentication, AES for confidentiality, and SHA for integrity and digital signatures.
What is the difference between plain text and MD5 authentication in OSPF?
--MD5 hash is calculated using the key-string (up to 16 characters) and the key-id --you could have a separate key for each interfaces
By default, the POP3 protocol works on two ports:
--Port 110 - this is the default POP3 non-encrypted port --Port 995 - this is the port you need to use if you want to connect using POP3 securely
By default, the IMAP protocol works on two ports:
--Port 143 - this is the default IMAP non-encrypted port --Port 993 - this is the port you need to use if you want to connect using IMAP securely
By default, the SMTP protocol works on three ports:
--Port 25 - this is the default SMTP non-encrypted port --Port 2525 - this port is opened on all SiteGround servers in case port 25 is filtered (by your ISP for example) and you want to send non-encrypted emails with SMTP --Port 465 - this is the port used if you want to send messages using SMTP securely
Which routing protocols support plain text authentication?
--The Routing Information Protocol Version 2 (RIPv2) --Open Shortest Path First version 2 (OSPFv2) --Intermediate System to Intermediate System (IS-IS)
Autokey in NTPv4
-authenticates servers to clients using the NTP and public key cryptography, asymmetric. Its design is based on the premise that IPsec schemes cannot be embraced as is since it compromises timekeeping accuracy. -It is the solution in lieu of IPsec and PKI schemes.
Lightweight Directory Access Protocol/Secure (LDAPS)
LDAP was based on X.500, but it's a lighter cross-platform and standard-based solution. LDAP servers are easy to install, maintain, and optimize, but they're without solid security of the queries, updates, and valuable information in the LDAP directory. LDAPS is LDAP over SSL/TLS.
Simple Network Management Protocol (SNMPv3)
deservedly has a bad security reputation, especially the past versions, 1 and 2c, which are both clear-text protocols and use community strings for authorization. All versions of SNMP use a tree-structured management information base, or MIB.
Secure Real-time Transport Protocol (SRTP)
extends the RTP protocol by providing enhanced security techniques. It provides encryption, integrity, and authentication verification of data and messages transported by RTP. It was released in 2004 by Cisco Systems and Ericsson.
The Internet Message Access Protocol (IMAP)
is a mail protocol used for accessing email on a remote web server from a local client.
Open Shortest Path First (OSPF)
is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs), operating within a single autonomous system (AS). It is defined as OSPF Version 2 in RFC 2328 (1998) for IPv4.
Post Office Protocol version 3 (POP3)
is a standard mail protocol used to receive emails from a remote server to a local email client. It allows you to download email messages on your local computer and read them even when you are offline.
Border Gateway Protocol (BGP)
is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet. The protocol is classified as a path vector protocol.
An interior gateway protocol (IGP)
is a type of protocol used for exchanging routing information between gateways (commonly routers) within an autonomous system (for example, a system of corporate local area networks).
S/MIME (Secure/Multipurpose Internet Mail Extensions)
is a widely accepted method, or more precisely a protocol, for sending digitally signed and encrypted messages. It allows you to encrypt emails and digitally sign them.
The MD5 message-digest algorithm
is a widely used hash function producing a 128-bit hash value. Although MD5 was initially designed to be used as a cryptographic hash function, it has been found to suffer from extensive vulnerabilities.
Secure File Transfer Protocol (SFTP)
is an IETF designed version of File Transfer Protocol that provides secure data access and transfer over a Secure Shell 2 channel. It's a function of the Secure Shell Protocol and it's also called SSH File Transfer Protocol. Both the commands and the data are encrypted.
Enhanced Interior Gateway Routing Protocol (EIGRP)
is an advanced distance-vector routing protocol that is used on a computer network for automating routing decisions and configuration. The protocol was designed by Cisco Systems as a proprietary protocol, available only on Cisco routers.
File Transfer Protocol/Secure (FTPS)
is essentially the file transfer protocol with SSL security. It extends the FTP protocol by adding SSL/TLS functionality. It's also called FTP over TLS and FTP Secure. It's typically server-to-server deployed. It uses AES, RSA/DSA, and X509v3 certificates. It can be deployed explicitly or implicitly.
Secure Shell 2 (SSH2)
is preferable to SSH1 whenever possible. It uses symmetric encryption for the bulk data encryption and asymmetric algorithms in their key management processes. It uses DH - Diffie-Hellman - for key exchange.
Hypertext Transfer Protocol/Secure (HTTPS)
is the most widely used protocol on the Internet for any secure commercial transaction, financial service, contract, agreement, file transfer protection, and voice and video service. It is basically HTTP over SSL/TLS.
Network Time Protocol (NTPv3)
is the secure version of the Network Time Protocol that runs on top of TCP to ensure accurate local synchronous reference to radios and atomic clocks on the Internet. It's capable of synchronizing distributed clocks within milliseconds over long time periods.
Simple Mail Transfer Protocol (SMTP)
is the standard protocol for sending emails across the Internet.
3 attributes of SFTP - Secure File Transfer Protocol
it's IETF-designed version of FTP. It's a function of Secure Shell, also called SSH File Transfer Protocol or that both the commands and data are encrypted or that it's platform-independent or slower than SCP.
The three modes of SNMPv3 operation
noAuthNoPriv, AuthNoPriv, and AuthPriv.
Domain Naming System/Secure (DNSSEC)
protects users from DNS attacks and forces systems to detect DNS attacks. Almost everything in DNSSEC is digitally signed, a public key cryptography, to allow for authentication and integrity of the origin of the data.
Secure RTP also defends against
replay attacks by leveraging a message index to verify new messages.
With explicit FTPS,
selected parts or components are encrypted for communication.
S/MIME provides for cryptographic security services
such as authentication, message integrity, and non-repudiation of origin (using digital signatures). It also helps enhance privacy and data security (using encryption) for electronic messaging.
With implicit FTPS,
the entire communication is encrypted.
Even though SCP and SFTP use the same SSH encryption,
the file transfer speed of SFTP is slower than SCP because of the back-and-forth nature of the protocol.
An NTP association is formed when
two peers exchange messages and one or both of them create and maintain an association that can operate in one of five modes.
AuthPriv
uses an HMAC for integrity and secure authentication credentials, and also encryption (AES) for data.
noAuthNoPriv
uses no cryptographic hash or encryption. It's passwords only.
Secure Real-time Transport Protocol (SRTP) uses
variants of the Advanced Encryption Standard - AES - algorithm to encrypt and decrypt all incoming and outgoing messages. The authentication mechanism uses a Hash-Based Message Authentication Code - HMAC - using a cryptographic hash function and secret key to validate the message authenticity and integrity.