Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
69 Cards in this Set
- Front
- Back
|
Port # for SMTP |
25 |
|
|
Port # for POP3 |
110 |
|
|
Port # for IMAP |
143 |
|
|
Port for HTTP |
80 |
|
|
Port for HTTPS or SSL |
443 |
|
|
Port for FTP |
20 - 21 |
|
|
RADIUS Default Port |
UDP Port 1812 |
|
|
TCP |
Transmission Control Protocol |
|
|
UDP |
User Datagram Protocol |
|
|
What is the OSI Pneumonic |
Please Do Not Throw the Sausage Pizza Away
(Physical, Datalink, Network, Transport, Session, Presentation, Application) |
|
|
OSI Layers 1-3 |
Physical Layer Data Link Layer Network Layer |
|
|
OSI Layers 4-7 |
Transport Session Presentation Application |
|
|
What are the 4 DOD Layers |
Network Access Internet Transport Application |
|
|
What OSI Layer(s) is the same as the Network Access Layer of the DOD Model |
Physical Datalink |
|
|
What OSI Layer(s) is the same as the Internet Layer of the DOD Model |
The Network layer in the OSI Model is a one to 1 relationship to the Internet Layer in the DOD Model. |
|
|
What OSI Layer(s) is the same as the Transport Layer of the DOD Model |
The Transport Layer in the OSI Model is a 1 to 1 relationship to the Transport Layer in the DOD Model |
|
|
What OSI Layer(s) is the same as the Application Layer of the DOD Model |
The Session, Presentation, and Application layers in the OSI Model are the same as the Application layer in the DOD Model. |
|
|
Algorithm based on fact that 2 large prime numbers can be multiplied easily but not factored easily. Used for digital signatures and key encryption |
RSA |
|
|
Encryption using 48 rounds of computation |
3DES |
|
|
Encryption using 168 bit Key |
3DES |
|
|
Encryption based on 128 bit Lucifer Algorithm |
DES |
|
|
Encryption using 14 rounds of computation |
AES |
|
|
Encryption using 16 rounds of computation |
DES |
|
|
Encryption using 128, 192, and 256 bit keys |
AES |
|
|
3 Core Cryptography Services |
Encryption Hashing Authentication |
|
|
CIA Triad |
Confidentiality Integrity Availability |
|
|
Two Open Source Encryption Products |
TrueCrypt PGP (Pretty Good Privacy) |
|
|
Cryptographic Protocol and one of the oldest Key exchanges in field of cryptography |
Diffie-Hellman |
|
|
Cryptography used with fiber optic networks |
Quantam Cryptography |
|
|
PAP |
Password Authentication Protocol |
|
|
CHAP |
Challenged Handshake Authentication Protocol |
|
|
MSCHAP |
Microsoft Challenge Handshake Protocol also Version II where both client and server are authenticated |
|
|
EAP |
Extensible Authentication Protocol |
|
|
PPP |
Point to Point Protocol (almost always protocol of choice) - Remote Connection Protocol |
|
|
SLIP |
Serial Line Internet Protocol - Remote Connection Protocol |
|
|
Asyncronis Net Bouey |
Microsoft Proprietary Protocol - Remote Connection Protocol |
|
|
IPSec |
Internet Protocol Security - encrypts all IP traffic and does not matter what application is |
|
|
Two Modes for IPSec |
Transport Tunnel |
|
|
Reasons for Using IPSect |
Popular Flexible Robust Encrypted |
|
|
IPSec operates at which level of OSI Model |
Network Layer |
|
|
Mode in which only payload packet or data portion of packet is encrypted |
Transport Mode of IPSec |
|
|
Mode in which header of packet and header are encrypted |
Tunnel Mode of IPSec |
|
|
AH |
Authenticating Header IPSec Protocol that is responsible for authenticating the sender with IPSec - used to ensure message integrity |
|
|
ESP |
Encapsulating Security Payload - responsible for encrypting the data in the packets to provide confidentiality |
|
|
Derives a cryptographic Hash from data packet using a secret key known only by sending and receiving host to ensure that data was not modified along the way |
AH |
|
|
Adds 3 values to a packet |
ESP adds header, trailer, integrity check value |
|
|
Supported by ESP for Hashing and Encryption |
SHA1 SHA2 through MD5 TripleDES AES
|
|
|
SSL |
Secure Sockets Layer - protocol for transmitting data in secure manner over internet.
Uses 2 keys to encrypt data - public and private keys - public known to everyone, private known only by recipient of data |
|
|
What Layer of OSI model does SSL Operate |
Application Layer of OSI Model |
|
|
Advantages of SSL over IPSec |
Simple Configuration Better Protection |
|
|
Disadvantage of SSL over IPSec |
SSL does not have full network access |
|
|
RADIUS |
Remote Authentication Dial In User Service Client/Server Protocol Works at Application Layer Provides Authentication and Authorization Allows for accounting of users who have been granted or denied access |
|
|
RADIUS Encrypts password using which protocol? |
MD5 |
|
|
TACACS+ |
Terminal Access Controller Access Control System plus - AAA Protocol used by Cisco Supercedes original TACACS and XTACACS |
|
|
XTACACS |
Extended Terminal Access Controller Access Control System - a Central Authentication Service for Cisco devices. |
|
|
SAML |
Security Assertion Markup Language - allows for Single Sign On |
|
|
Kerberos |
Popular Mutual Authentication Protocol used by default in Active Directory environments |
|
|
VPN Concentrator |
Allows enterprise to centralize VPN Process by having external users log into the concentrator before accessing the internal network |
|
|
Symetric Encryption |
Also called Secret Key Encryption - Strengths - Fast, Difficult to Break, Cheaper than Asymetric Weakness - Needs to be secured properly, Complex Key Management, Does Not Provide Authentication |
|
|
Asymetric Encryption |
Also called Public Key Encryption - Strengths - Separate keys public and private, Authentication and Non-Repudiation, Better scalability, slower |
|
|
Symetric Encryption Algorithyms |
DES - Data Encryption Standard -
3DES - Triple Data Encryption Standard AES - Advanced Encryption Standard
Larger the number of bits, stronger the encryption |
|
|
XOR in Cryptography |
Stands for Exclusive Or |
|
|
DES Standard |
64 bit block 56 bit key 8 parity bits ECB - Electronic Code Book CBC - Cipher Block Chaining Mode CF - Cipher Feedback Mode OF - Output Feedback Mode CM - Counter Mode
|
|
|
3DES Standard |
Uses 3 56 bit keys - encrypts 3 times with 3 keys Heavy load on usage
4 Modes - DES-EEE3 - 3 keys used DES-EDE3 - Plain txt encrypted 1 key - encryption process, then encrypted with 3rd key DES-EEE2 - 1st,2nd,then 1st, DES-EDE2 - 1st & 3rd key used |
|
|
AES |
Symetric Block Cipher Based on Rjindael Algorithim Key length & Block Size - 128, 192, 256 bits 10-14 Computational Rounds 128 bits - 10 rounds, 192 bits - 12 rounds, 256 bits - 14 rounds |
|
|
AES Stages |
Add Round Key SubBytes ShiftRows MixColumns |
|
|
AES Advantages and Disadvantages |
Can be implemented in wide range of processors, hardware, and environments Low Memory Requirements Defend against Timing Attacks 192 and 256 bits can provide high level of security
Low number of computational rounds
|
|
|
Symetric Key Algorithms |
CCMP Rijndael CAST - 128 and 256 SAFER Blowfish - 64 bit block - key - 32 to 442 bits Twofish - 128 bit block - key 156 bits RC4 RC5 |
|
|
Asymetric Algorithms |
RSA - Prime Numbers at Random Compute value for prime numbers RSA Used in SSL, PGP, IPSec, DES, AES DSA - SHA-1 Elliptical Curve - Does Not create keys based on Prime Numbers Transport, Knapsack - Only concern is confidentiality of data. ElGamal, LUC - Secure alternative to RSA |
