Intro to Security test 2
19. Name two Microsoft products that can be used to encrypt entire hard drives.
BitLocker AND Trusted Platform Module (TPM)
46. What was the original purpose of the ICMP protocol? What is it often used for by legitimate users?
It allows devices to share specific information: 1 Informational and query messages 2 Error messages * pg 314
47. What was the security problem that caused network admins to stop using SNMP versions 1 and 2?
versions 1 and 2 used public and private as the passwords forread and read-write commands, so they are no longer used;
1. What is the difference between cleartext, plaintext, and ciphertext?
" Cleartext: Unencrypted Data. Plaintext: Clear text that is to be encrypted and decrypted by a cryptographic. Ciphertext: Data that has been encrypted.
9. What is the relationship between the terms private key system, public key system, symmetric key system, and asymmetric key system?
"Private Key: An asymmetric encryption key that does have to be protected. Public key: An asymmetric encryption key that does not have to be protected. Symmetric key: is a private key cryptography, uses a single key to encrypt and decrypt message. Asymmetric key: is known as public key cryptography, uses two keys instead of using one.
32. Which OSI layer do routers belong on?
"Routers belong on the Network layer (layer 3) because they use software addresses (typically IP addresses) to find routes to networks. The text remarks that a router can be configured to filter out packets based on specific criteria, which means that a router may act as a firewall. Load balancers are devices that send traffic to servers or other devices on a rotating basis to evenly distribute some kind of work. A load balancer may be a dedicated network appliance, or it may be software running on a server. The text makes a distinction between layer 4 load balancers and layer 7 load balancers. The difference has to do with which layer the protocol used by the traffic being balanced belongs to. Layers 3 and 4: IP, TCP, UDP....... Layer 7: HTTP, IMAP POP3, SMTP, DNS
10. What is the difference between a stream cipher and a block cypher?
"Stream cipher: An algorithm that takes one character and replaces it with one character. Block cipher: A cipher that manipulates an entire block of plaintext at one time.
36. What are the four actions listed in the text that a network firewall might take for a given packet?
"allow - allow the traffic to continue drop - deny the traffic, and send no response to the sender reject - deny the traffic, but send a response that the destination cannot be reached ask - alert an administrator, asking what to do"
39. What ports are typically used for POP3 and IMAP traffic? What is the difference between their purposes?
(POP3, port 110) (IMAP, port 143) Post Office Protocol 3-Your email client may pull the mail from the mailbox. Internet Message Access Protocol IMAP- read it.
22. What should we expect to find in a certificate repository? What about in a certificate revocation list?
1. A publicly accessible centralized directory of digital certificates that can be used to view the status of a digital certificate. 2.Serves as a list of certificate serial numbers that have been revoked.
30. Why do switches belong on Layer 2 of the OSI model?
1. A switch has a degree of "intellegence",
21. Name four elements that should be included in a digital certificate.
1. Certificate Authority, Registration Authority, Certificate of Repository and must be means to revoke.
6. Which of the Message Digest x algorithms is currently recommended as secure?
1. None of them are considered secure anymore. notes
24. What is a web of trust? Why is it unlikely that this trust model will work?
1:It is a model based on direct trust. Each user signs his digital certificate and exchanges certificates with all other users. 2: Doesn't use a certificate authority. Users could be impersonated. pg 242
12. What common browser based encryption is based on a public key system?
Asymmetric cryptographic algorithms
33. What protocols would a load balancer deal with if it worked on layers 3 and 4? What if it worked on layer 7?
Blocking access to unacceptable web sites is commonly managed through a proxy server (using a product like SurfControl, now known as Websense). Security is increased by making only the proxy server visible to the Internet, hiding the addresses of your other devices.
20. What is the purpose of a Certificate Authority, with regard to public keys?
Certificate Authority is a trusted third party agency that is responsible for issuing the digital certificates.
25. What might be a circumstance that would cause you to ask your Certificate Authority to revoke your certificate and keys?
Certificate is no longer used, information may have change or it may have expired. If the private key was stolen. A user could be impersonate.
50. What general advice does the text make about unused ports on switches? What about on switches that support VLANs?
Configure empty switch ports to be on an empty VLAN; this avoids a user plugging a device in an empty port, and joining a LAN they do not belong on
16. Why would Diffie-Hellman Ephemeral be preferred over standard Diffie-Hellman if you are a provider of keys and certificates?
Diffie-Hellman Ephemeral uses a different key each time
26. Why is it a good security policy to have an expiration date for digital certificates?
Digital Certificates should not last forever. Employees leave, NEW HARDWARE IS INSTALLED, APPLICATIONS ARE UPDATED, and cryptography standards evolve. Pg 244
3. What should be true about the size of a secure hash output?
Fixed size: A digest of a short set of data should produce the same size as a digest of a long set of data.
17. What is the name of the open source product that does what Pretty Good Privacy does?
GNU Privacy Guard
41. What is an Internet content filter? What other device discussed in the text is it commonly used with?
Internet Content Filters are often used with proxy servers, as described above. Their purpose is to prevent access to websites and files that are forbidden by company policy. The text mentions that they can work by matching against a list of URLs (URL filtering) or by examining a site or file for restricted or forbidden content (content inspection).
2. Why does hashing only provide one of the text's five kinds of security? Which one?
It uses Integrity, because it ensures that the information is correct and no unauthorized person or malicious software has altered that data.
34. How can a proxy server provide some security to your network?
Network Firewall is designed to protect an entire network, their functions are essentially the same: To inspect packets and either accepts and denies entry. Hardware firewalls are usually located outside the network security perimeter as the first line of defense.
23. What are class 1 digital certificates for? What about class 2 and class 3 certificates?
Personal Digital Certificates issued by RA directly to individuals. Frequently used to secure email transmissions. Class 2: Server Digital Certificates often issued from a web server to a client. Two functions: 1 ensure authenticity of the web server. 2: server digital certificates can ensure the authenticity of cryptographic connection to the web server.
29. Which OSI model layer should contain hubs and cables?
Physical Layer google
7. Which SHA algorithms are considered to be secure and which are not secure?
SHA-3 is secure, and SHA-2, SHA-1 are not secure
13. What is the difference between the four sub-types of SHA algorithms?
SHA2 has 6 subtypes (SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224) The last number is the length in bits of the digest that is created. pg 193
27. When you conduct a transaction to purchase something over SSL, which data streams are encrypted, yours or the vendor's?
Secure Socket Layer, Yours, it encrypts the data path betwen the client and the server. Pg 249
49. Name three kinds of logs that an administrator should review regularly for network devices.
Security logs can record attacks. Access logs can record access requests for files. Auditlogs record actions on the system and who they were performed by. Event logs record most events that fail, and some successful events
45. How are the purposes of a subnet and a VLAN opposite ideas?
Subnetting separates using ip addressing, VLAN's seperates by creating logical groups of devices rather than physical. Pg 296
28. SSH is meant to be a secure substitute for an older protocol. Which one?
Telnet pg 323
15. What is the most troublesome part of setting up a symmetric cryptographic system?
There is only one key. Can't send the key to decrypt the message if people are scattered geographically.
4. If a hash algorithm produces collisions, what principle of secure hashing does it violate?
Two different sets of data cannot produce the same digest, which is known as collision.
40. What method is commonly used by people who need to connect to their work network when working from home?
Virtual Private Network (VPN) Concentrators take a little explanation. A VPN is a secure communication channel that is often used by people to need to connect to their usual network when they are traveling, working from home
42. What is the difference between intrusion detection, reaction, and prevention?
Web Security Gateways - similar to a Content Filter,
14. Assume a public key system is in use. If I send a file to you that has been encrypted with my private key, how must you decrypt it? Why does this transaction not provide security for the file I send to you? What does it provide instead?
With the public key. It wouldn't give me a way to decrypt the message.
11. In a public key system, how must a message encrypted with my public key be decrypted?
Would use a public key to encrypt the message, and then would use the private key to decrypt the message.
18. In the PGP scenario in my notes, how does a public key system support the private key system the users want to begin using?
You can encrypt the symmetric key using the public key and decrypt the encrypted key with the private key.
31. What is port mirroring? What kind of network is it not recommended for?
a switch can learn what device is connected to each of it's ports, and forward only frames intended for a specific device (unicast) or send frames to all devices (broadcast) pg 274
5. What is another word for the output of a hash algorithm?
ash algorithm creates a digital fingerprint called a digest or sometimes called a message digest or hash. pg 190
8. How are hash algorithms used with regard to passwords on a Windows based network?
local or domain passwords entered on a computer running Windows are converted by a hash program and compared to a stored hashed version of the user's current password. The text discusses the two versions used in common versions of Windows: LM hash and NTLM hash. We learn that LM hash is not considered a "real" hash because its result is cryptographic(character substitution) instead of numeric (hexadecimal digits). Notes
43. What is the difference between an IDPS that is network based and one that is host based?
network-based system may need to be duplicated in various parts of your network, Host Based- it needs to be installed on every host you intend to protect. In a home network, this is not a large burden, but in a commercial setting it can be a lot of work.
38. What port is generally used for SMTP traffic? What is the purpose of that protocol?
outgoing email is typically sent across the Internet using Simple Mail Transfer Protocol (SMTP, port 25). This is what your post office uses to send email to another post office. This does require an SMTP server on each of the networks involved.
37. How does a stateful firewall offer more security than an stateless firewall?
stateful firewalls will not allow traffic between devices unless a proper communication session has been established between them. This prevents attacks that begin with an uninvited transmission.
48. How might a DNS transfer help an attacker make plans?
the attacker asks a DNS server for a copy of its database, which provides the attacker with information about the addresses, devices, and software used in the server's network
35. Why would a network firewall be placed at a network traffic choke point?
they are meant to protect a large number of devices, a network firewall is typically placed at a traffic choke poin
44. What kind or resources would you normally expect to see in a DMZ? What kind should not be in it?
web server, email server,