Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
132 Cards in this Set
- Front
- Back
|
PSTN
|
Public Switched Telephone Network
|
|
|
VPN
|
Virtual Private Network
|
|
|
PPTP/L2TP
|
Point-to-Point Tunneling Protocol / Layer 2 Tunneling Protocol
|
|
|
PGP
|
Pretty Good Privacy
|
|
|
Script (Click) Kiddies
|
Novice hackers who use hacking tools found on the Internet.
|
|
|
3 Methods of passing communications to a centralized network
|
On-site connection to LAN; remote access; messaging.
|
|
|
RAS
|
Remote Access Server
|
|
|
NAS
|
Network Access Server
|
|
|
802.1x
|
Wired Equivalent Privacy (WEP) protocol dsigned to enhance the level of security offered on a LAN - uses EAP.
|
|
|
EAP
|
Extensible Authentication Protocol - passes messages between the supplicant and the authenticator - supports several different authentication mechanisms, and runs directly over the data link layer and does not require the use of IP.
|
|
|
EAP comes in several different forms
|
EAP over IP (EAPoIP), Message Digest Algorithm/Challenge-Handshake Authentication Protocol (EAP-MD5-CHAP), Transport Layer Security (EAP-TLS), Tunneled Transport Layer Security (EAP-TTLS), RADIUS, Light Extensible Authentication Protocol (LEAP - Cisco).
|
|
|
RC4
|
Cipher stream encryption algorythm used in WEP.
|
|
|
XOR
|
Exclusive OR
|
|
|
Airsnort and WEPCrack
|
Two software applications used to crack WEP. Airsnort recovers encryption keys during authentication, while WEPCrack breaks the secret keys.
|
|
|
IDSs
|
Intrustion Detection Systems
|
|
|
3 required protocols of VPN
|
Carrier Protocol (protocol used by the network), Encapsulating Protocol - the protocol (PPTP, L2TP, IPSec, SSH) that is wrapped around the original data; Passenger Protocol - Original data beging carried.
|
|
|
Site-to-site VPN
|
Established between corporate offices that are separated by a physical distance extending further than normal LAN media covers - both software and hardware.
|
|
|
RRAS
|
Routing and Remote Access Server
|
|
|
Remote Access VPN
|
Private virtual dial-up network (PVDN) - users are responsible for establishing the VPN tunnel between teir workstation and their remote office.
|
|
|
RADIUS
|
Centralized entity to handle dial-in authentication - able to authenticate a user, authorize the users to perform special functions, and log the actions of users for the duration of the connection. RADIUS Servers work alone or as distributed. It supports PPP, PAP and CHAP.
|
|
|
White hat hacker
|
Security consultants hired to test system vulnerabilities for security.
|
|
|
Black hat hacker
|
Hackers whose intentions are malicious.
|
|
|
TACACS
|
Offers authentication and authorization, but not accounting - not a good RAS for this reason.
|
|
|
XTACACS
|
Step up from TACACS in that transport protocol was changed from UDP to TCP, but didn't provide all the funcationality need for a good RAS.
|
|
|
TACACS+
|
Offers networking professionals the ability to manage all remote access components from a centralized location. TACACS+ separates the AAA functions, unlike RADIUS - it uses individual databases for each, and uses TCP. Vulerabilities are Replay Attacks, Birthday Attacks, Buffer Overflow, Packet Sniffing and Lack of Integrity Checking.
|
|
|
PPTP and L2TP
|
Layer 2 (Data Link Layer) encapsulation (tunneling) protocols using ports 1723 and 1701.
|
|
|
PPTP
|
Establishes point-to-point connections between 2 computers by encapsulating the PPP packets being sent. It encrypts data, but not negotiation information. PPTP only works over IP networks, and cannot use the added benefit of IPSec.
|
|
|
L2TP
|
Layer 2 Tunneling Protocol is a joint venture between Cisco and Microsoft - combined PPTP and L2F protocols. L2TP requires IPSec, offers RADIUS and TACACS+, hardware solution, can run on top of protocols like IP, IPX and SNA, provide per-packet data origin authentication, data integrity, replay protection, data confidentiality, require 2 levels of authentication - computer-level and user-level.
|
|
|
SSH
|
Cryptographically secure replacement for Telnet, rlogin, rsh and rcp commands. SSH consists of both client and server that use public keys. SSH uses session keys.
|
|
|
IPSec
|
Framework for open standards for ensuring private, secure communications over IP networks through the use of cryptographic security services. It's not bound to any particular authentication method or algorithm - open standard; network layer.
|
|
|
2 modes of IPSec
|
Transport Mode: only data is encrypted; advantage is speed, but hackers can sniff the network. This mode is used in host-to-host VPNs. Tunnel Mode: Both data and IP headers are encrypted. Slower, but provides better security. This mode is used in host-to-gateway or gateway-to-gateway VPNs.
|
|
|
2 Security protocols of IPSec
|
AH (Authentication Header) - responsible for maintaining the authenticity and integrity of payload. AH signs packets. ESP (Encapsulating Security Payload) - handles authenticity and integrity of payloads, but also adds the advantage of data confidentiality through encryption. Both can be used together or separately.
|
|
|
IKE
|
Internet Key Exchange - used to authenticate the 2 ends of a secure tunnel by providing a secure exchange of a shared key before transmission begins.
|
|
|
ISAKMP
|
Framework for establishing, negotiating, modifying, and deleting security associations between 2 parties.
|
|
|
Eavesdropping
|
Attaching to a network in a manner that allows you to hear all the traffic being passed over the wire - also known as passive attack. A sniffer can be used to pick up information passed in cleartext using protocols such as Telnet, rlogin, and POP3.
|
|
|
Data Modification
|
Data is intercepted by a third party, modified, and sent to the party originally intended to receive it - also known as MITM (Man-in-the-middle)
|
|
|
MX
|
Mail Exchange record used by DNS server for email.
|
|
|
S/MIME
|
Secure/Multipurpose Internet Mail Extensions - looks at headers to determine how data encryption and digital certificates must be handled. Messages are encrypted using a symmetric cipher, and a public-key algorithm is used for key exchange and digital signitures. S/MIME can bed used with 3 different symmetric encryption algorithms: DES, 3DES and RC2.
|
|
|
MIME
|
Multi-Purpose Internet Mail Extensions - extension of SMTP that provides the ability to pass different kinds of data files on the internet. Headers are inserted at the beginning of emails.
|
|
|
PGP
|
Encryption software used to encrypt email messages and files. Allows users to encrypt, decrypt and sign messages sent through plug-ins for Outlook, Outlook Express, ICQ, Netscape, etc. PGP uses a combination of public and private keys.
|
|
|
Key Ring
|
Collection of public keys stored locally on a desktop or laptop.
|
|
|
Passphrase
|
Collections of words and characters used as an alternative to a password for indentification. They're used to encrypt and decrypt messages.
|
|
|
SMTP Relay
|
SMTP message accepted by one SMTP serverr will automatically be forwarded to that server's destination domain.
|
|
|
DNSBL
|
DNS-based Blackhole List - block email from certain sources.
|
|
|
WAP
|
Wireless Application Protocol - open specification designed to enable mobile wireless users to easily access and interact with information and services. Designed for hand-held digital wireless devices (mobile phones, pagers, 2-way radios, smartphones). 2 significant enhancements: push and telephony support.
|
|
|
WLAN
|
Wireless Local Area Network
|
|
|
RF
|
Radio Frequency - created by alternating current (AC) to an antenna to produce an electromagnetic field (EM).
|
|
|
Fresnel Zone
|
Area over which radio waves propagate from an electromagnetic source.
|
|
|
Multipath Interference
|
Interference created by bounced radio waves (like a rock thrown into a pool of water).
|
|
|
ISM
|
Industrial, Scientific, and Medical band - used by cordless phones, microwave ovens, etc. (unlicensed band).
|
|
|
UNII
|
Unlicensed National Information Infrastructure band - used by cordless phones, microwave ovens, etc. (unlicensed band).
|
|
|
FHSS
|
Frequency Hopping Spread Spectrum - 83.5MHz frequency hop provides protection from interference; begin their transmission on one frequency and move to others according to a pre-defined sequence; 2.4GHz ISM band.
|
|
|
Dwell Time
|
Amount of time spent on any given frequency (FHSS).
|
|
|
Hop Time
|
Amount of time it takes to move from one frequency to another (FHSS).
|
|
|
DSSS
|
Direct Sequence Spread Spectrum - data is divided and simultaneously transmitted on as many frequencies as possible within a frequency band; DSSS adds redundant bits of data known as chips to the data to represent 0s or 1s; more vulnerable to EMI; broadcast on any one of 14 22MHz-wide channels; 11 available channels in N. America, but only 3 (1,6,11) can be used concurrently without overlapping.
|
|
|
Spreading Ratio
|
Ratio of chips to data (DSSS)
|
|
|
WTLS
|
Wireless Transport Layer Security - Protocol that was an attempt by the WAP Forum to introduce a measure of security into WAP based on TLS - support for both UDP and TCP, support for long RTT, and low-bandwidth, limited memory and processor capabilities.
|
|
|
IEEE 802.11b
|
DSSS networks that use the 2.4 GHz ISM band with speeds of 1, 2, 5.5 and 11 Mbps; backward compatible with 802.11; frame type has max length of 2346 bytes, though often fragmented at 1518 at AP. Modulation technique: QPSK (Quadrature Phase Shift Keying)
|
|
|
IEEE 802.11a
|
Uses the 5GHz UNII bands; higher rates of transmission than 802.11b (up to 54 Mbps), with higher rates possible with rate doubling. Modulation technique: OFDM (Orthogonal Frequency Division Multiplexing).
|
|
|
IEEE 802.11g
|
Uses 2.4GHz ISM band with higher rates of transmission (up to 54Mbps). Modulation technique: OFDM, but can automatically switch to QPSK to communicate with 802.11b devices.
|
|
|
Ad Hoc Network Config
|
Created spontaneously between network participants (device to device).
|
|
|
Infrastructure Network Config
|
AP (Access points) provide a more permanent structure for the network, unlike Ad Hoc.
|
|
|
SSID
|
Service Set Identifier - identity element that glues various components of a wireless LAN together.
|
|
|
802.11 Traffic parts
|
Control frames, management frames, and data frames.
|
|
|
802.11 Control frames
|
Include RTS (Request to Send), CTS (Clear to Send) and ACK messages.
|
|
|
802.11 Management frames
|
beacon frames, probe request/response, authentication frames, and association frames.
|
|
|
802.11 Data frames
|
Carry data, which is typically considered network traffic (IP encapsulated frames).
|
|
|
WEP
|
Wireless Equivalent Privacy protocol - mechanism to protect the privacy of the individual tranmissions in 802.11; utilizes a cryptographic security countermeasure; added benefit of becoming an authentication mechanism. WEP uses 40-bit encryption, but 128-bit is also supported.
|
|
|
WEP benefits
|
All messages are encrypted using a CRC-32 checksum; privacy is maintained; easy to implement; provides basic level of security; WEP keys are user-definable and unlimited.
|
|
|
WAP Privacy mechanism
|
WTLS
|
|
|
802.11 WLANs Privacy mechanism
|
WEP
|
|
|
WEPs 3 implementation
|
No encryption, 40-bit and 128-bit encryption.
|
|
|
802.11 standard authentication methods (2)
|
Open Authentication (device-oriented authentication; null authentication - all requests granted, though can also require use of WEP key) and Shared-key authentication (4 step process that begins when the AP receives the validated request for association).
|
|
|
802.1x Standard: User Identification and Strong Authentication
|
Clients are identified by username, not MAC address, which enhances security and streamlines the process of authentication, authorization and accountability.
|
|
|
802.1x Standard: Dynamic Key Derivation
|
Allows for the creation of per-user session keys, dynamically created at the client for every session.
|
|
|
802.1x Standard: Mutual Authentication
|
802.1x and EAP provide for this capability which makes the clients and the authentication servers mutually authenticate end points.
|
|
|
TLS
|
EAP method used in mutual authentication: requires that the server supply a certificate and establish that is has possession of a private key.
|
|
|
IKE
|
EAP method used in mutual authentication: requires hat the server show possession of a preshared key or private key (certificate authentication).
|
|
|
GSS-API (Kerberos)
|
EAP method used in mutual authentication: requires that the server can demonstrate knowledge of the session key.
|
|
|
802.1x Standard: Per-Packet Authentication
|
EAP can support per-packet authentication and integrity protection.
|
|
|
Wireless network passive attacks
|
Occurs when someone eavesdrops on network traffic using tools like Network Monitor, TCPDump, and AirSnort. Wardriving is also considered a passive attack.
|
|
|
Yagi-type antenna
|
Tubular or cylindrical in shape; a piece of wire of a length that is a multiple of the wavelength, cut in the center, and attached to a piece of cable that is connected to the wireless NIC.
|
|
|
Defense against NetStumbler
|
Configure wireless network as closed system: AP won't respond to empty set SSID beacons and will be invisible to this program.
|
|
|
Active attacks on Wireless networks
|
Unauthorized access, spoofing, DoS (Denial of Service), flooding attacks, introduction of malware, and theft of devices.
|
|
|
Rogue Access Point
|
Prevents wireless traffic from being forwarded properly (similar to router spoofing on wired networks).
|
|
|
MITM attacks on wireless nets
|
Using NetStumbler and AiroPeek.
|
|
|
WAP Vulnerabilities
|
Use of predictable IVs, 40-bit DES encryption, plaintext attacks, and unauthorized alert messages - all due to WTLS protocol weaknesses.
|
|
|
WEP Vulnerabilities
|
RC4 encryption (stream cipher), all APs and clients must be updated at same time, WEP doesn't provide adequate security by itself, WEP must be implemented on every AP to be effective. WEP is implemented at MAC sublayer of Data Link Layer (2) of OSI.
|
|
|
Birthday Paradox
|
Predicts the counterintuitive fact that within a group as small as 23 people, there is a 50% chance that 2 people will share the same birthday.
|
|
|
Protecting against Sniffing and Eavesdropping on Wireless Networks
|
Utilize encrypted sessions wherever possible: SSL for email, SSH instead of Telnet, SCP instead of FTP.
|
|
|
Protecting against Spoofing and Unauthorized attacks on Wireless networks
|
Use external authentication source (RADIUS or SecurID); use a VPN; allow only SSH access or SSL-encrypted traffic; isolate wireless networks through a firewall.
|
|
|
Protecting against Network Hijacking and Modification
|
Tools such as arpwatch (notifies an administrator when ARP requests are detected); statically define MAC/IP address definitions; change key on a regular basis and add additional authentication mechanisms like RADIUS or dynamic firewalls.
|
|
|
Wireless DoS attacks
|
Ping flood, too many devices using the same frequency, and massive number of invalid (or valid) authentication requests.
|
|
|
IEEE 802.1x Vulnerabilities
|
Lack of requirement of strong mutual authentication; EAP success message to a MITM attack; lack of integrity protection for 802.1x management frames.
|
|
|
Site Survey
|
Part of an audit done one wireless networks - allow system and network administrators to determine the extent to which their wireless network extends beyond the physical boundaries of their buildings. Uses sniffers, directional and parabolic dish antennae, and GPS locators.
|
|
|
Using separate subnet for wireless networks
|
Creates DMZ - separated from the wired network by either a router or full-featured firewall (ISA server): advantages are that routers can be configured with filters to provide security, valid IP addresses can be limited, and router can be quickly shut down when necessary.
|
|
|
TKIP
|
Temporal Key Integrity Protocol - used with or as an alternative to 802.1x authentication. TKIP is a set of algorithms that enhance WEP - provides more security than WEP through the use of key mixing, extended IV, message integrity check, and rekeying.
|
|
|
MIC
|
Message Integrity Check - provides a much stronger mechanism for checking messages for evidence of tampering by adding a MIC value. MIC is a form of Message Authentication Code
|
|
|
IEEE 802.11i Standard
|
Requires the use of 802.1x authentication based on EAP; require the use of TKIP and MIC; require the use of Advanced Encryption Standard (AES) as a replacement for the compromised RC4 algorithm.
|
|
|
Wireless Security Common Best Practices
|
Wireless APs and adapters should support firmware updates, 128-bit WEP, MAC filtering and disabling of SSID broadcasts; Disable SSID broadcasts; avoid using DHCP; don't use shared-key authentication; enable MAC filtering; place wireless network in WDMZ; restrict the number of hosts on the subnet; reduce the size of wireless zone (cell sizing) by changing power output.
|
|
|
Defense-In-Depth
|
Use of multiple security mechanisms to provide multiple barriers that will slow down attackers, making it easier to detect and respond to attacks.
|
|
|
Web Server Security Recommendations
|
1) Manage access control; 2) Handle directory and data structures; 3) Eliminate scripting vulnerabilities; 4)Log activity; 5) Perform backups; 6) Maintain integrity; 7) Find rogue web servers; 8) Stop browser exploits.
|
|
|
Web spoofing
|
Means by which an attacker is able to see and make changes to Web pages that are transmitted to or from another computer - can include confidential information such as credit card numbers and passwords.
|
|
|
Spoofing URLs
|
Anything on the left side of an @ sign in a URL is ignored - additionally, the % sign is ignored. URLs can be recognized in 4 formats: DNS name, IP address in decimal format, hexidecimal and Unicode format.
|
|
|
SSL
|
Secure Sockets Layer - public key based protocol providing security. Can be used with other protocols (FTP, Telnet, LDAP, IMAP, SMTP.
|
|
|
TLS
|
Transport Layer Security - based on SSL 3.0; name is misleading since TLS happens well above the Transport layer of OSI. Public key encryption.
|
|
|
X.509 Digital Certificate
|
Used by both http/s and SSL for authentication purposes from the client to server.
|
|
|
S-HTTP
|
Secure HTTP - separate protocol from HTTP/S. S-HTTP is an extension of HTTP - secure message-oriented communications protocol that can transmit individual messages securely. Differences: SSL establishes a connection; S-HTTP doesn't require clients to have public key cerificates because it can use symmetric keys to provide private transactions.
|
|
|
IM Vulnerabilities
|
Instant Messaging: Buffer overflow attacks, IP addressing conventions, File transfers, lack of privacy.
|
|
|
Java
|
When code is loaded, JVM (Java Virtual Machine) is used in executing it - uses a built-in Security Manager, which controls access by way of policies.
|
|
|
Active X
|
Microsoft's Authenticode is used to authenticate the control through code signing (signed and authenticated by a third party).
|
|
|
JavaScript
|
Different from Java and ActiveX in that it's not a compiled program - script is part of HTML document.
|
|
|
Digital Certificates
|
Used to sign code and to authenticate that the code has not been tampered with; contains a name, serial number, expiration date, copy of certificate holder's public key and digital signiture belonging to CA.
|
|
|
Authenticode Certificates
|
Used for software publishing and timestamp services - attached to the file a programmer is distributing (applied to many different file types: exe, cab, cat, ocx, dll, stl). Example: Verisign.
|
|
|
Problems with Code Signing
|
You must rely on 3rd part for checking authenticity. Programmer could provide fake information to a CA or a stolen identity. The deciding factor would be the CA's ability to check the information provided when the ceritificate originated.
|
|
|
CRLs
|
Certificate Revocation Lists - store a listing of revoked digital certificates.
|
|
|
ActiveX security issue
|
ActiveX controls don't run in a sandbox (confined space) and therefore pose much more potential danger to applications. Java provides a sandbox.
|
|
|
Java Security Issue
|
Java uses sandboxing (own protected memory area), which isolates it from things like the file system and other applications. ActiveX doesn't use sandboxing, so controls have same rights as person running them after they're installed on a computer.
|
|
|
WSC
|
Windows Script Components
|
|
|
Network Level Protection
|
Security Zones and SSL protocols; access to CodeBaseSearchPath in system registry; IEAK (Internet Explorer Adminisration Kit).
|
|
|
Client Level Protection
|
Keep the OS and its components and virus software current. Security zones in IE and Outlook: local intranet zone, trusted sites zone,restricted site zone, internet zone, my computer zone.
|
|
|
Buffer Overflow
|
When more information is put into the buffer than t is able to handle. Can be caused deliberately by hackers and then exploited to run malicious code.
|
|
|
2 Types of Buffer Overflows
|
Stack: Function calls; Heap: dynamically created variables.
|
|
|
Making browsers and email clients more secure
|
Restrict use of programming languages; keep security patches current; be aware of functions of cookies.
|
|
|
Restricting programming languages
|
Always allow, always deny, and prompt for user input.
|
|
|
Whiskers
|
Designed specifically to scan Web servers for known CGI vulnerabilities. Hackers can use whiskers to compromise a system.
|
|
|
Wrapper
|
Programs and scripts can be used to enhance security when using CGI scripts. They provide security checks, control ownership of CGI process, and allow users to run the scripts without compromising the web server's security.
|
|
|
FTP
|
Application layer protocol that allows transfer of data via ports 20 and 21 (rolls over past port 1023 for needed communication). Traffic is sent is cleartext, so vulnerable to MITM attacks, eavesdropping and sniffing.
|
|
|
S/FTP
|
Secure FTP - secure method of using FTP; similar to SSH (replacement for Telnet).
|
|
|
LDAP
|
Light-weight Directory Access Protocol - protocol that enables clients to access information within a directory service. Created after X.500 (heavy). Clients connect to LDAP server using a distinguished name and authentication credentials.
|
|
|
Using SSL with LDAP
|
LDAP server must have an X.509 server certificate, and SSL must be enabled on the server.
|
|
|
LDAP Vulnerabilities
|
Spoofing of directory services, attacks against the database that provides directory services, and many others.
|
