Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
39 Cards in this Set
- Front
- Back
|
802.11i
|
TheIEEE standard for wireless network encryption and authentication thatuses the EAP authentication method, strong encryption, anddynamically assigned keys, which are different for everytransmission. 802.11i specifies AES encryption and weaves a key intoeach packet.
|
|
|
802.1x
|
Avendor-independent IEEE standard for securing transmission betweennodes according to the transmission’s port, whether physical orlogical. 802.1X, also known as EAPoL, is commonly used with RADIUSauthentication and is the authentication standard followed bywireless networks using 802.111
|
|
|
AAAservices
|
(authentication,authorization, and accounting) A category of protocols that establisha client’s identity, authorize a user for certain privileges on asystem or network, and keep an account of the client’s system ornetwork usage.
|
|
|
AES
|
(AdvancedEncryption Standard) A private key encryption algorithm that uses asophisticated family of ciphers along with multiple stages of datatransformation
|
|
|
Cipher
|
Amathematical code used to scramble data into a format that can beread only by reversing the cipher—that is, by deciphering, ordecrypting, the data
|
|
|
CommunityCloud
|
Adeployment model in which shared and flexible data storage,applications, or services are shared between multiple organizations,but not available publicly. Organizations with common interests, suchas regulatory requirements, performance requirements, or data accessneeds might share resources in this way.
|
|
|
DNSSpoofing
|
Anattack in which an outsider forges name server records to falsify hishost’s identity
|
|
|
EAP
|
(ExtensibleAuthentication Protocol) An extension to the PPP protocol suite thatprovides the framework for authenticating clients and servers. Itdoes not perform encryption or authentication on its own, but ratherworks with other encryption and authentication schemes to verify thecredentials of clients and servers.
|
|
|
EAPoL
|
Avendor-independent IEEE standard for securing transmission betweennodes according to the transmission’s port, whether physical orlogical. 802.1X, also known as EAPoL, is commonly used with RADIUSauthentication and is the authentication standard followed bywireless networks using 802.111.
|
|
|
Hashing
|
Datathat has been transformed through a particular algorithm thatgenerally reduces the amount of space needed for the data. Hashingdata is nearly impossible, mathematically, to reverse.
|
|
|
Host-to-HostVPN
|
Atype of VPN in which two computers create a VPN tunnel directlybetween them. Both computers must have the appropriate softwareinstalled, and they can’t serve as a gateway to other hosts ontheir respective networks
|
|
|
Hybridcloud
|
Adeployment model in which shared and flexible data storage,applications, or services are made available through a combination ofother service models into a single deployment, or a collection ofservices connected within the cloud. In the real world, the hybridcloud infrastructure is a common result of transitory solutions.
|
|
|
IaaS
|
(Infrastructureas a Service) A service model in which hardware services are providedvirtually, including network infrastructure devices such as virtualservers
|
|
|
IETF
|
InternetEngineering Task Force) An organization that sets standards for howsystems communicate over the Internet (for example, how protocolsoperate and interact).
|
|
|
IPSec
|
(InternetProtocol Security) A Layer 3 protocol that defines encryption,authentication, and key management for TCP/IP transmissions. IPsec isan enhancement to IPv4 and is native to IPv6. IPsec is unique amongauthentication methods in that it adds security information to theheader of all IP packets
|
|
|
Kerberos
|
Across-platform authentication protocol that uses key encryption toverify the identity of clients and to securely exchange informationafter a client logs on to a system. It is an example of a private keyencryption service.
|
|
|
MSChap
|
(MicrosoftChallenge Handshake Authentication Protocol) An authenticationprotocol provided with Windows operating systems that uses athree-way handshake to verify a client’s credentials and encryptspasswords with a challenge text.
|
|
|
OpenSSH
|
Anopen source version of the SSH suite of protocols.
|
|
|
PaaS
|
(Platformas a Service) A service model in which various platforms are providedvirtually, enabling developers to build and test applications withinvirtual, online environments tailored to the specific needs of aproject.
|
|
|
PPP
|
(Point-to-PointProtocol) A Layer 2 communications protocol that enables aworkstation to connect to a server using a serial connection such asdial-up or DSL. PPP can support multiple Network layer protocols, canencrypt transmissions (although PPP encryption is considered weak bytoday’s standards), and can use an authentication protocol such asPAP or CHAP to authenticate a client to the remote system
|
|
|
PPPoE
|
PPPrunning over an Ethernet network
|
|
|
Radius
|
(RemoteAuthentication Dial-In User Service) A popular protocol for providingcentralized AAA (authentication, authorization, and accounting) formultiple users. RADIUS runs over UDP and can use one of severalauthentication protocols.
|
|
|
RRAS
|
(Routingand Remote Access Service) The software included with Windowsoperating systems that enables a server to act as a router, firewall,and remote access server. Using RRAS, a server can provide networkaccess to multiple remote clients. Beginning with Windows Server 2008R2 and Windows 7 (Enterprise or Ultimate), RRAS now works inconjunction with DirectAccess to enable always-on remote connectionswhile also allowing VPN connections to the network.
|
|
|
Sessionkey
|
Inthe context of Kerberos authentication, a key issued to both theclient and the server by the authentication service that uniquelyidentifies their session.
|
|
|
SHA-2hashing algorithm
|
Thesecond revision of SHA, also designed by the NSA, which supports avariety of hash sizes, the most popular of which are SHA-256 andSHA-512.
|
|
|
SLIP
|
(SerialLine Internet Protocol) An obsolete Layer 2 communications protocolthat enabled a workstation to connect to a server using a serialconnection such as dial-up or DSL. SLIP did not support encryptionand could carry only IP traffic. SLIP was replaced by PPP.
|
|
|
SSH
|
(SecureShell) A connection utility that provides authentication andencryption. With SSH, you can securely log on to a host, executecommands on that host, and copy files to or from that host. SSHencrypts data exchanged throughout the session.
|
|
|
SSL
|
(SecureSockets Layer) A method of encrypting TCP/IP transmissions—includingWeb pages and data entered into Web forms—en route between theclient and server using public key encryption technology.
|
|
|
SSTP
|
(SecureSocket Tunneling Protocol) A proprietary Microsoft protocol, firstavailable with Windows Vista, though it is also available for Linuxand some other operating systems (but not Apple products).
|
|
|
TACACS+
|
(TerminalAccess Controller Access Control System Plus) A Cisco proprietaryprotocol for AAA (access, authentication, and authorization). LikeRADIUS, TACACS+ may use one of many authentication protocols. UnlikeRADIUS, TACACS+ relies on TCP at the Transport layer instead of UDP,allows for separation of the AAA services, encrypts all informationtransmitted for AAA, and is typically installed on a router or switchrather than on a server
|
|
|
Telnet
|
Aterminal emulation protocol used to log on to remote hosts using theTCP/IP protocol
|
|
|
TGS
|
(Ticket-GrantingService) In Kerberos terminology, an application separate from the AS(authentication service) that runs on the KDC and issuesTicket-Granting Tickets to clients so that they need not request anew ticket for each new service they want to access.
|
|
|
TGT
|
(Ticket-GrantingTicket) In Kerberos terminology, a ticket that enables a user to beaccepted as a validated principal by multiple services.
|
|
|
TKIP
|
(TemporalKey Integrity Protocol) An encryption key generation and managementscheme used by 802.11i.
|
|
|
Twofactor authentication
|
Anauthentication process in which clients must supply two pieces ofinformation to verify their identity and gain access to a system.
|
|
|
VPN
|
(virtualprivate network) A virtual connection between a client and a remotenetwork, two remote networks, or two remote hosts over the Internetor other types of networks, to remotely provide network resources.VPNs can be created through the use of software or combined softwareand hardware solutions.
|
|
|
Whatimprovements have they made on TLS?
|
MorePrivacy, Less Latency, Improved Handshakes
|
|
|
WhichVPN protocols exist? What are their features?
|
PointTneunling Protocol (PPTP), Layer Two Tunneling Protocol (L2TP), orSecure Socket Tunneling Protocol (SSTP)
|
|
|
Xaas |
(Anythingas a Service, or Everything as a Service) A type of cloud computingin which the cloud can provide any combination of functions dependingon a client’s exact needs, or assumes functions beyond networkingincluding, for example, monitoring, storage, applications, andvirtual desktops
|
