Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/59

Click to flip

59 Cards in this Set

  • Front
  • Back
In SSL/TLS, if digital enveloping is used for key exchange, which side creates the symmetric session key?
The client
SSL/TLS requires mutual authentication?
False
What is a collision?
Two or more separate strings producint the same hash.
What is a birthday attack?
Tries finding collisions
(k!)/((k^n)(k-n)!)=P, is the formula for the birthday attack.
what is k, n, and P?
k = maximum number of hashes for the algorithm
n = sample space, # of hashes that will have to be created to find at least one match
P = probability that the attacker will find at least one match
The client decrypts the ticket and session key from the Authentication Server with the user's password.
True
In Kerberos, what is responsible for verifying a user's identity?
Authentication Server
What is the default encryption algorithm used for the current version of Kerberos?
AES
What is the most accurate form of biometrics?
Iris scanning
What is false acceptance rate?
Percentage of people who are identified or verified as matched to a template but should not be.
What is a False Rejection Rate?
Percentage of people who should be identified or verified as matches to a template but are not.
What is one method of creating a hash collision?
Compare passwords containing the same letters.
MD5 characteristics
128 bits
-all passwords create a 128 bit hash
-finite# hashes, infinite # of passwords
-can be cracked using collisions
What layer is SSL on? What are 3 phases?
Layer 4
1. peer negotiation - algorithm support
2. public key encryption
3. symmetric cipher
What is IPsec?
Layer 3, protects the packet and everything in it.(except IP address) Must be configured on both ends, can be expensive.
What are the 2 modes of IPsec?
Transport mode: host to host security
Tunnel mode: between gateways, less expensive
What is ESP?
Encapsulating Security Payload, a header and trailer in the IPsec packet, illegal in North Korea.
What is IKE?
Internet Key Exchange, first part of IPsec, two parties create a secure connection, can set up multiple SAs safely. UDP 500, uses Diffie-Hellman
What is an IPsec SA?
Security Association, an agreement about what IPsec security methods and options two host or two IPsec gateways will use. Prevents Replay Attacks
What is MPLS?
Multi-Protocol Label Switching, layer 2.5, forwards labels. When traffic enters it is given a label, when exiting, label removed.
What are 4 advantages of MPLS?
1. speed - forwarding decision not at every hop
2. versatility - with different protocols
3. traffic engineering - classification of traffic
4. security
What is MPLS LSR, LDP, VRF and LIB?
LSR - Label Switch Router
LDP - Label Distribution Protocol
VRF - VPN Routing and Forwarding
LIB - software used to store details of MPLS labels to be popped/pushed
What are some MPLS security vulnerabilities?
1) Rogue Path Switching
2) Label Information Base Poisoning
3) Forwarding traffic from inside to outside
4) Infiltrate the LIB
What is 802.1x?
Ethernet Port-Based Access Control, prevents illigitimate clients from associating with the network, uses a RADIUS authentication server to do authentication.
What are 3 advantages of 802.1x?
1) Reduces cost of each workgroup switch performing authentication
2) Consistency to authentication
3) Immediate access control changes
What is EAP?
Extensible Authentication Protocol, governs the specifics of the authentication process from 802.1x.
What protocol is 802.1x extended to, to work in wireless?
802.11i
What are EAP-TLS and PEAP?
EAP-TLS is where the inner authentication uses TLS. Protected EAP lets you use any method of authentication including passwords and digital certificates. PEAP is favoured by the industry.
What is AAA?
Authentication - uses credentials to verify
Authorization - what permissions/resources can they access
Auditing - log files, detecting attacks
What is Mandatory Access Control (MAC)?
Nobody in the department has the ability to alter access control. Stronger security, difficult to implement.
What is Kerberos?
Interoperable Authentication System, uses centralized database to authenticate users and applications.
-Supports Authentication Forwarding
-Supports method for Interrealm Authentication
Should you use your authentication as a dedicated server?
Yes
Large Scale Kerberos? Small Scale Kerberos?
Bad, Good
What is Public Key Infrastructure?
PKI, identify certificates by means of CA, Certificate Authority.
What is Federated Identity Management?
System in which two companies can pass identity assertions to each other without allowing the other to access internal data.
What is Identity Management?
The centralized policy-based management of all information required for access to corporate systems by people, machines, programs, or other resources.
What is XML? What is SOAP?
-Extensible Markup Language, Defines data objects and structures.
-Simple Object Access Protocol, it is a means of exchanging these objects that are defined by XML.
What is SAML?
Security Access Markup Language, protocol used to send assertions between firms
What are assertions?
Statements about the subject issued by authoritative entity.
Ingress? Egress?
Ingress is entering the network
Egress is leaving the network
Stateless/Static Packet Filtering?
Filters packets, one at a time and individually.
Stateful Packet Filtering?
Is aware of the context of the packets, records information about TCP connections.
Application Gateway?
Layer 7 firewall, examines the connection between client-server apps, allows for user authentication, good for inbound connections
Circuit-level gateway?
Layer 5 firewall, similar to application gateway, less control, good for outbound connections
What is SOCKS v5?
Internet Protocol that facilitates the routing of network packets between client-server applications via proxy-server. Port TCP 1080
What do Bastion Hosts do?
-serves as a platform for app-level or circuit-level GWs
-only essential services are installed
What is a fragmentation attack?
Process of breaking up IP packets into multiple packets in order to hide the information inside.
What is a Single-Bastion Inline?
Single router between internal/external networks.
What is a Single-Bastion T?
Same as Inline with with an interface to the DMZ
Double-Bastion Inline?
DMZ between Bastion FWs, used in large business and government organizations.
Are IPSs inline?
Yes
What is a Unified Threat Management System?
Complete package of security defenses. Checkpoint is the best.
What is Protocol Fidelity?
Trying to connect to a certain port using application A when the port is suppose to be using application B.
In MPLS, what is FEC?
Forwarding Equivalence Class, a group of IP packets which are forwarded in the same manner, over the same path, and with the same forwarding treatment.
What 4 transfer mediums can MPLS be used over?
1. Packet over Sonet (PoS)
2. Frame-Relay
3. Ethernet
4. Asychronous Transfer Mode (ATM)
Using encapsulation security payload (ESP) within IPsec, provides confidentiality, authentication, and integrity?
True
What does MPLS use within the MPLS core network to forward client information instead of IPs?
Labels
What is a MPLS Route Distinguisher?
Used to distinguish the distinct VPN routes of separate customers.
Since MPLS in many deployments utilizes BGP to help distribute the Lable Distribution Protocol (LDP), this option offers a stringent _____________ mechanism, such as SHA-256 on the BGP deployment.
authentication