Network + Chapter 13

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

SSL and IPsec

2 important port numbers of security protocols to know.

FTP and Telnet

2 protocols that don't have the ability to encrypt passwords.

Usernames and passwords

2 things that are vital to network security because their whole purpose is to control initial access to it.

Expire

The way passwords should be managed so that users can change their password every 30 to 45 days.

Password

A credential that must be managed, composed of a combination of alphanumeric and special characters.

Port filtering

ACL can also provide this type of filtering on port numbers as well as IP addresses.

ISAKMP

Ability to provide safely transferring key and authentication data independent of the key generation technique, encryption algorithm, and authentication mechanism. It's integrated into IPsec.

Password Management features

Built in features such as Automatic Account Lockouts, and Password expiration. They help ensure your system remains secure and that passwords cannot be easily hacked with crack programs.

Strong password

Combination of numbers, letters, and special characters is used to make a password a?

PPTP

Combines an unsecured PPP session with a secured session using the GRE protocol.

RADIUS

Combines user authentication and authorization into one profile. It uses UDP

ICA

Downside of this protocol is that it tends to be slow because of the huge amount of translation required to enable the client and server to communicate with each other properly.

3DES

Has a key length of 168 bits but due to an attack known as man-in-the-middle, it really provides only 112 bits and arms you with 80 bits of effective security. Problem is that it's slow.

ISAKMP (Internet Security Association and Key Management Protocol)

Defines procedures and packet formats to establish, negotiate, modify, and delete security associations.

Multifactor Authentication

Designed to add an additional level of security to the authentication process by verifying more than one characteristic of a user before allowing access to a resource.

Security

Difference between VPN and LAN (VLAN) and WAN.

ESP

IPsec protocol that provides both authentication and encryption abilities.

Authentication Header (AH)

IPsec protocol that serves up authentication services only no encryption.

Private key

In PGP encryption a matching encryption key that is needed that the recipient has that can decrypt the session key and decrypt the document.

Private key

In SSH this cryptographic key is kept in secret, its never transferred through the network during authentication.

Digital certificate

Known also as a digital ID which verifies the sender of the message when the original sender does not have a public key so the message can be sent anyway.

PPP (Point-to-Point Protocol)

Layer 2 protocol that provides authentication, encryption, and compression services to clients logging in remotely.

VPN

Tunneling protocol that makes your local host part of the remote by using the WAN link that connects you to the remote LAN, and have access to remote LANs resources and that access is very secure.

PPTP

Tunneling protocol that uses two different protocols, and actually opens up two different network sessions. Not secure.

L2TP

Tunneling protocol that works at Layer 2 (Data Link Layer) implemented if you happen to have two non TCP/IP networks that need to be connected via the Internet.

WAN

Two or more remote LANs connected together.

IPsec

Two protocols Authentication Header (AH) and Encapsulating Security Payload (ESP) work with this feature.

Discovery and session

Two stages that PPPoE works in.

IP addresses and MAC addresses

Two types of addresses that Access Control Lists can filter.

Public and Private

Two types of encryption keys.

Anonymous or Guest

Type of account that allows limited access for a large number of users who all log in under the same username. Used in FTP as a username.

IP spoofing attack

Type of attack when someone pretends to have a network address on the inside of a firewall to gain network access. For example when a user in Network B pretends to be located in Network A.

PKI

Type of authentication used to perform transactions.

VPN

Type of security tunneling protocol that fits between a LAN and WAN, many time it's just a WAN link because your computer, on one LAN connects to a different, remote LAN and uses its resources remotely.

RADIUS

Type of server used to store usernames and passwords of clients in a central spot through which connections are configured to pass authentication requests.

PPP

Used by ISPs and RAS to authenticate clients and as an authentication protocol.

Remote Access

Used by companies to allow employees to connect to the internal network and access resources that aren't in the office. Great for users who work from home.

PGP (Pretty Good Privacy)

Used by email systems that don't come with encryption abilities of their own.

SA (Security Association)

Used in ISAKMP that contains information required to execute security services such as header authentication and payload encapsulation.

Terminal window

Used in RDP after establishing a connection that is a configured window that looks like a Windows or other OSs desktop. The client accesses applications and files available to them.

Public key

Used in SSH cryptographic key placed on any computer that must allow access to the owner of a matching private key.

TACACS+

Used in firewalls when a user wants to access a particular TCP/IP port, they must provide a username and password.

PKI

Used to establish confidentiality and to ensure message integrity without knowing anything about the other party prior to their conversation. Also used to verify the digital signature of a private keys owner.

Group policies

Used to manage access for accounts. Can be used to manage access on anonymous accounts.

PKI

User authentication method that uses a public key and private key pair.

TACACS+

User authentication method that utilizes TCP protocol.

RADIUS

User authentication method that utilizes UDP protocol.

Owner

User who has access to the private key in an authentication system that uses private and public keys.

Firewalls

Uses ACL (Access Control List) as it's primary weapon.

Citrix WinFrame

Uses ICA to setup Windows applications on a Windows based server and then use to allow clients with virtually any OS to access those applications.

CHAP

Uses MD5 algorithm, replaced PAP that sends usernames and passwords in clear text and this protocol does not.

Inbound and outbound

Where separate ACLs should be placed on the router to ensure that the data that is leaving your network comes from a different source than the data that's coming into it.

Disabling accounts

Needs to be done to a user account when a user leaves the organization. This could give you sometime to think and make a decision about the best option for that account instead of deleting it. It could just be renamed for a new hire.

802.1x

Network access security method commonly used in wireless networks.

Single sign on

Never need to provide another password as long as the token is verified.

RAS (Remote Access Server)

Not a protocol but refers to the combination of hardware and software required to make a remote access connection.

1

Number of times a user should be logged in with their account.

802.1x

Open framework designed to support multiple authentication schemes. Used to authenticate wireless users.

SSL VPN

Process to using SSL to create a VPN.

SSH (Secure Shell)

Protocol designed as an alternative to Telnet. It creates a secure channel between the devices and provides confidentiality and integrity of the data transmission.

ICA (Independent Computing Architecture)

Protocol that provides communication between servers.

CHAP

Protocol that requires the shared secret to be stored locally.

Telnet

Protocol that transmits request and responses in clear text. It's insecure.

TACACS+

Protocol that's also a AAA method and an alternative to RADIUS. Capable of performing authentication on behalf of multiple wireless APs, RAS servers, and LAN switches that are 802.1x capable.

AH

Protocol used in IPsec not compatible with networks running NAT.

IPsec

Provides authentication and encryption over the Internet. Works at the Network Layer (Layer 3) and secures all applications that operate in the layers above it.

PGP

Public key encryption designed to encrypt data for email transmission. Encrypts the document with a session key which is then encrypted with the public key of the recipient.

Symmetrical key

Public key were its different at each end.

TLS (Transport Layer Security)

SSL merged with other Transport Layer security protocols to form?

VPN

Secured connection between two systems that would otherwise have to connect to each other through a non-secured network.

Kerberos

Security system that employs strong encryption for all transactions and communication, also issues tickets to users who log in.

Kerberos

Security system that should be implemented on more than one authentication server for redundancy otherwise having one of these servers in a failed state will not allow anyone to log in.

Firewalls

Security tool that can be either stand alone devices or combined with another hardware device like a server or a router.

SSL (Secure Sockets Layer)

Security tunneling protocol based on RSA public key encryption and used to enable secure Session Layer connections over the Internet between a web browser and a web server.

VPN

Security tunneling protocol used when data that is being sent within the private network will not be seen by everyone on that network.

PAP (Password Authentication Protocol)

Sends usernames and passwords in clear text.

TACACS+

Separates authentication and authorization into two separate files. Uses TCP.

RADIUS

Server that manages PPPoE connections.

RADIUS

Servers that are client-server based authentication and encryption services maintaining user profiles in a central database.

Limiting Location

Should be done so that users that move around should be limited to where they login.

Time period

Should be resetted to something other than the default expiration time in accordance with your security policy.

HTTP or Windows server

Should be used to secure documents instead of renaming the Internet user account or set a password because if you do the general public won't be able to view your website.

CHAP (Challenge Handshake Authentication Protocol)

A secure authentication protocol because the username and password never cross the wire. Both client and server are configured with the same text phrase known as shared secret.

Tunnel

A single private path through the internet.

Anonymous

Accounts that cannot be tracked through regular network access. It's recommended that they be disabled.

Local host

Address 127.0.0.0/8

127.0.0.0/8

Address of the local host.

IP addresses

Addresses that are easier to deal with IP addresses or MAC addresses?

MAC addresses

Addresses that can be allowed or denied by ACLs other than IP addresses. This type of address is known as a hardware address.

PKI

Allows people to communicate with each other with confidence, that they're talking to who they think they are talking to.

RDP

Allows users to connect to a computer running remote desktop services from a different location. Current version is 7.1

Symmetrical key

Also know as public key.

Administrator account

Also known as network maintenance account that should be renamed from the default name to ensure security.

RADIUS

An authentication server that allows for domain level authentication on both wired and wireless networks.

Kerberos

An entire security system that establishes a users identity when they first log on to a system that's running it.

PPPoE (Point-to-Point Protocol over Ethernet)

An extension of PPP. It's purpose is to encapsulate PPP frames with Ethernet frames. Deals with the massive increase in high speed internet connections.

No

Answer you should give when performing a transaction where a pop-up notifies you that a certain sites certificate or key has expired and asks you if you want to proceed.

Side channel attack

Attack used currently to try and crack AES encryption. It gathers information from the physical implementation of a security system.

RADIUS

Authentication and accounting service used for verifying users over various types of links, including dial-up.

Kerberos

Authentication method that relies on tickets to grant access to resources.

AAAA

Authentication, Authorization, Accounting, and Auditing. Robust version that adds auditing.

AAA

Authentication, Authorization, and Accounting. Used to manage network security through one central location.

Private key

Cryptography key used to sign a document electronically when a digital signature is needed.

Asymmetric cryptography

Cryptography that PKI uses which is a different key to encrypt and decrypt the message.

Symmetric cryptography

Cryptography that uses the same key to encrypt and decrypt. This makes it less secure.

Public key

Cryptography used in SSH to authenticate the remote computer and allow the remote computer to authenticate the user.

64 bit

Current encryption bit strength used. US banks use higher more secure encryption methods.

Tunneling

Encapsulating one protocol within another to ensure that a transmission is secure.

Symmetrical encryption keys

Encryption key were both the sender and receiver have the same key and use it to encrypt and decrypt all messages. The downside is that it's hard to maintain the security of the key.

AES (Advanced Encryption Standard)

Encryption known as 'rijndel' has been the official encryption standard in the US since 2002.

SSL VPN

Encryption protocol or standard that allows you to create a private network on an intranet.

IPsec

Encryption protocol that works with both IPv4 and IPv6.

AES

Encryption that provides 128, 192, or 256 bits of encryption. Difficult to crack.

DES (Data Encryption Standard)

Encryption that uses lookup and table functions, and it actually works much faster than more complex systems. It uses 56 bit keys which is too short.

Public key encryption

Encryption that uses the Diffie-Hellman- algorithm which employs a public key and a private key to encrypt and decrypt data.

Public key encryption

Encryption where the sending machine's public key is used to encrypt a message that the receiving machine uses to decrypt the message with its private key.

RSA encryption

Encryption with a public key algorithm, encryption software used in electronic commerce protocol.

3DES (Triple Data Encryption Standard)

Encrypts 3 times, allows you to use 1,2 or 3 separate keys. Using all 3 keys gives you the highest level of security. It has a key length of 168 bits (56x3).

EAP-TLS

Enhanced form of EAP that provides mutual authentication.

EAP-TTLS

Enhanced form of EAP-TLS that provides mutual authentication and tunneling, creates a secure tunnel through which password based versions like EAP-MD5 can run.

Security filtering

Ensures that only authorized computers get to enter your network and making sure data your sending back and forth between networks is secured so it can't be intercepted and translated by hackers.

Tunneling

Example of this concept when IP also known as payload protocol is encapsulated within a delivery protocol like IPsec and they are encrypted.

Automatic Account Lockout

Feature that locks your account after a few unsuccessful attempts, some will disable the account.

Automatic Account Lockout

Feature that prevents a potential hacker from running an automated script to crack account passwords by continuously attempting to log in.

Port filtering

Firewalls provide this type of filtering on port numbers but it's important to know the port numbers of all traffic that needs to be allowed through the firewall.

User accounts

First step in managing access to network resources and the rights you assign to the network resources. These accounts are maintained on the daily basis they get renamed, you can set password and account expiration and login.

PKI (Public Key Infrastructure)

It's a system that links users to public keys and verifies the users identity by using a certificate authority (CA).

EAP (Extensible Authentication Protocol)

It's an extension of PPP that provides a host of additional authentication methods for remote-access clients such as smart cards, certificates, Kerberos, retinal scans, fingerprint, etc.

15

Maximum number of characters that a password should have.

Network Access Control (NAC)

Method of securing network hosts before they're allowed to access the network. 802.1x is the most common of this method.

8

Minimum number of characters that a password should have.

Transport mode

Mode in IPsec that creates a secure tunnel between two devices end to end. The packet or data is protected by authentication and or encryption but not both.

Tunnel mode

Mode in IPsec that uses both AH and ESP two authenticate and encryption at the same time on the packet. Transport mode cannot use both.

Tunnel mode

Mode in IPsec that uses both authentication and encryption(AH/ESP) on the data or packet.

Transport mode

Mode in IPsec that uses either AH or ESP to either Authenticate or encrypt the packet but cannot use both at the same time like tunnel mode can.

Tunnel mode

Mode in IPsec were a tunnel is created between two endpoints such as 2 routers or two gateway servers, protecting all traffic that goes through the tunnel.

Administrator

Password reset can be done automatically by network OS but should be done manually instead by the only person that should reset passwords for security, who should be able to this?

Administrator

Person that should have 2 accounts one for day-to-day administration, and one account with different name to be used for administrative purposes instead.

Administrator

Personnel that unlocks an administrators account when he gets locked out.

Discovery

Phase in PPPoE were the MAC address of each of the connections endpoints are given to each other so that a secure PPP connection can be made.

ACL

Prevents users on Network B from accessing on Network A.

Encryption key

Random string of characters that is used in conjunction with the encryption algorithm. Unique to each transaction.

RAS

Remote access were tunneling such as PPTP can be set up and use authentication such as MS-CHAP or EAP.

RAS

Remote access were users dial in via a modem, be authenticated by the server, and then be asked for their username and password as of they were on the local network.

PPTP

Replaced by L2TP and IPsec. Vulnerable to spoofing attacks.

ACL

Reside on routers to determine which packets are allowed to route through them based on the requesting devices source or destination IP address. Also used by firewalls as their primary weapon.

VLAN

Solution for networks that are physically local.

VPN

Solution for networks that are physically remote that span a WAN.

Session

Stage in PPPoE were a session ID is created used to facilitate further data transmission during the session. When the MAC address of each endpoint are known to each other a Point-to-Point connection is created and this stage begins.

L2TP

Supports non TCP/IP protocols in VPNs over the Internet. A combination of PPTP and L2F.

Security filtering

The first line of defense that refers to ways to let people securely access your resources.

Firewalls

Tool that helps prevent any unauthorized users roaming around on public networks from gaining access to your private network.

Site-to-Site VPN

VPN known as intranet VPN, allow a company to connect its remote sites to the corporate backbone securely over a public medium like the Internet instead requiring more expensive WAN connections like Frame Relay.

PPTP

VPN protocol that allows encryption to be done at the application level and allows secure access to a VPN.

PPTP

VPN protocol that runs at port 1723.

Extranet VPN

VPN that allows an organizations suppliers, partners, and customers to be connected to the corporate network in a limited way for business to business (B2B) communications.

Remote access VPN

VPN that allows remote users like telecommuters to securely access the corporate network wherever and whenever they need to.

SSL VPN

VPN that can be used with a tunneling protocol, anything sent from my PC to my corporate office would be locked up nice and secure.

Denied

What should be configured on ACLs for these addresses that should never be allowed to enter your internetwork: 1.addresses from your internal networks. 2. Local host address (127.0.0.0/8). 3. Reserved private addresses. 4. Any addresses in the IP multicast address range (224.0.0.0/4).

Limiting connection

What should be done to all users to avoid having multiple logins with the same credentials, because someone is probably using their account at the same time.

Two-factor Authentication

When 2 factors of authentication are being tested.

Multifactor Authentication

When more than two (Sometimes just 3) factors of authentication are being tested. Prevents loss of passwords.

Single sign on

When the users logs into the domain, the domain controller issues an access token. The access token contains a list of all the resources (folders, drives, websites, databases) to which they have access.

Encryption

Works by running data through a special encryption formula called a key that the designated sending and receiving devices both know. When the data arrives at its destination the receiving device uses the key to decode data back into its original form.

IPsec

Works in two modes transport and tunneling.

MS-CHAP

Works the same way as CHAP except it encrypts the secret locally. It uses DES for encryption ,and it's capable of mutual authentication.


Ensembles d'études connexes

mod 2 Behavioral Challenges of Autism

View Set