Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
63 Cards in this Set
- Front
- Back
- 3rd side (hint)
|
Ports: DNS lookup
|
UDP 53
|
|
|
|
Ports: DNS zone transfer
|
TCP 53
|
|
|
|
Ports: Bootstrap protocol server; DHCP server
|
UDP 67
|
aka BOOTPS or BPS
|
|
|
Ports: Bootstrap protocol client; DHCP client
|
UDP 68
|
aka BOOTPC
|
|
|
Ports: TFTP
|
UDP 69
|
|
|
|
Ports: HTTP
|
TCP 80
|
|
|
|
Ports: Kerberos
|
TCP 88
|
|
|
|
Ports: POPv2
|
TCP 109
|
|
|
|
What is hashing?
|
- hashing is a one-way technique that produces a unique fixed-length output string based on a variable-length input string.
- can be used to ensure data integrity and aid in authentication. - examples: SHA, MD5. |
|
|
|
Ports: POPv3
|
TCP 110
|
|
|
|
What is SHA?
|
- SHA stands for Secure Hash Algorithm.
- It was developed by the NIST. - It produces a unique 160-bit message digest. |
|
|
|
What is MD5?
|
- MD5 is a hashing algorithm developed by Ronald Rivest (of RSA).
- It produces a unique 128-bit message digest (aka "fingerprint"). - It is a commercial application of RFC 1321. |
|
|
|
What is DSS?
|
- DSS stands for Digital Signature Standard.
- It is outlined in FIPS-186 (FIPS = Federal Information Processing Standards). |
|
|
|
Ports: Sun RPC; NFS
|
TCP 111
|
|
|
|
What is a digital signature?
|
A digital signature is a message digest (encoded with the sender's *private* key) that is appended to the message (or sent separately). The receiver can verify the message's validity by decoding the message digest with the sender's *public* key and comparing it to the digest of the received message.
A digital signature ensures data integrity, but not confidentiality, unless the message itself is also encrypted. |
|
|
|
What is irreversibility?
|
Irreversibility is the principle that describes the relationship between public and private key pairs. While mathematically related, it is considered "computationally infeasible" to derive one key from knowledge and possession of the other key, if the asymmetric cryptosystem has been securely designed and implemented.
|
|
|
|
What is authentication and non-repudiation, in the context of digital signatures?
|
Authentication is the verification that a message was sent from a specific party.
- With symmetric encryption, you can tell that the message sender knows the secret key. - With assymetric encryption (with a public key and a digital signature), you know that the private key owner is the sender. - Nonrepudation takes authentication a step further by having a third party verify the sender's identity and by preventing a sender from denying that he sent the message. - Nonrepudiation is not possible with symmetric encryption, because the secret key is shared (and since more than party holds the key, you can't tell who sent the message). |
|
|
|
Ports: Network Time Protocol (NTP)
|
TCP/UDP 123
|
|
|
|
What is DSA?
|
- DSA stands for the Digital Signature Algorithm, which is part of the Digital Signature Standard (DSS).
- It is based on the El Gamal algorithm (which is an extension of the Diffie-Hellman algorithm). |
|
|
|
What is El Gamal?
|
- El Gamal is an assymetrical encryption algorithm.
- It is an extension of the Diffie-Hellman algorithm. - The DSA is based on El Gamal. |
|
|
|
Ports: End point mapper (epmap); NT RPC
|
TCP 135
|
|
|
|
What is RSA?
|
- RSA is an asymmetric encryption algorithm developed by Rivest, Shamir, and Adelman in 1977.
- It is similar to Diffie-Hellman, but signficantly faster, and offers digital signature authentication. - It is generally used as a key-exchange mechanism, like Diffie-Hellman. |
|
|
|
Ports: FTP data port
|
TCP 20
|
|
|
|
Ports: NetBIOS name service
|
TCP/UDP 137
|
|
|
|
Ports: FTP control port
|
TCP 21
|
|
|
|
Ports: NetBIOS datagram service
|
UDP 138
|
|
|
|
Ports: SSH
|
TCP 22
|
|
|
|
Ports: Telnet
|
TCP 23
|
|
|
|
Ports: TACACS
|
TCP 49
|
|
|
|
Ports: SMTP
|
TCP 25
|
|
|
|
Ports: NetBIOS session service
|
TCP 139
|
|
|
|
Ports: IMAP
|
TCP 143
|
|
|
|
Ports: SNMP
|
UDP 161
|
|
|
|
Ports: SNMP Trap
|
UDP 162
|
|
|
|
Ports: LDAP
|
TCP/UDP 389
|
|
|
|
Ports: TLS/SSL
|
TCP 443
|
HTTPS
|
|
|
Ports: NNTP
|
TCP 119
|
|
|
|
Ports: Microsoft DS (NetBIOS service)
|
TCP/UDP 445
|
|
|
|
Ports: IKE; Internet Security Association and Key Management Protocol
|
TCP/UDP 500
|
|
|
|
Ports: UNIX Syslog
|
UDP 514
|
|
|
|
Ports: L2TP
|
UDP 1701
|
|
|
|
Ports: PPTP
|
TCP 1723
|
|
|
|
Ports: Sun NFS
|
TCP 2049
|
|
|
|
Ports: Microsoft Terminal Services
|
TCP 3389
|
|
|
|
Ports: PCAnywhere data
|
TCP 5631
|
|
|
|
Ports: PCAnywhere status
|
UDP 5632
|
|
|
|
AH and ESP Encapsulated in UDP packet
|
TCP/UDP 2070
|
|
|
|
Ports: IRC
|
194
|
|
|
|
Ports: Z39.50
|
210
|
|
|
|
Ports: LDAPS
|
636
|
LDAP protocol over TLS/SSL (was SLDAP)
|
|
|
Ports: Kerberos administration
|
TCP/UDP 749
|
|
|
|
What is CHAP?
|
1. CHAP is an encrypted remote authentication protocol.
2. It stands for Challenge Handshake Authentication Procotol. 3. Developed as an improvement over PAP, which send user/pass data in the clear. 4. CHAP uses a three-way handshake method, aka "challenge-response" method. 5. CHAP helps prevent playback attacks and session highjacking. 6. It still requires strong passwords to be effective. |
|
|
|
What is SMBDie?
|
SMBDie is a proof-of-concept tool that causes DoS. It exploits a NetBIOS vulnerability to cause Windows to malfunction when sending a specially crafted SMB (Server Message Block) request.
Defenses: - Close TCP ports 445 and 139; - OS updates. |
|
|
|
What is Netbus Pro?
|
Netbus Pro is a remote admin (sort of like pcAnywhere) and spy tool that can run in invisible mode.
It has keyboard monitoring, a file manager, and remote control. |
|
|
|
What is netcat?
|
netcat is(/was):
- a feature-rich command-line network debugging and exploration tool. - called the "TCP/IP Swiss Army knife" because of its versatility. - can create almost any kind of connection. - can be configured to run as a background process; could be configured as a Trojan and executed with the user's permissions. - originally written by "Hobbit" for UNIX; now available at sourceforge for several OSes. |
|
|
|
What is Nmap?
|
Nmap is a command-line utility for network exploration and security auditing. It has 3 main functions:
1) OS detection (uses OS fingerprinting); 2) port scanning; 3) ping scans. - It is powerful enough to quickly scan large networks. - Its goal is to make networks more secure. - Is free under GNU GPL. |
|
|
|
What is Nessus?
|
Nessus:
> is freeware tool; > uses a list of known attack types; > outputs a list of possibly exploitable services; > suggests how to improve security of a host; |
|
|
|
What is snoop?
|
snoop is a flexible packet sniffer for solaris.
cf. tcpdump (Linux) |
|
|
|
What is tcpdump?
|
tcpdump is a packet-sniffing tool, used to gain info about traffic types, hosts, & routing.
|
|
|
|
What is Ethereal?
|
Ethereal is a more advanced GUI packet-sniffing tool that can reassemble TCP streams and sessions. It is the predecesor to Wireshark.
|
|
|
|
What is Wireshark?
|
Wireshark is a GUI packet sniffer, the descendant of Ethereal.
|
|
|
|
What is Snort?
|
Snort:
- is a free software network intrusion detection and prevention system capable of performing packet logging & real-time traffic analysis, on IP networks; - can dump entire ISO layer; - can generate traffic-based alerts. |
|
|
|
What are the layers of the OSI Model?
|
Use the mnemonic: "All People Seem to Need Data Processing".
Application Presentation Session Transport Network Data Physical |
|
