Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
57 Cards in this Set
- Front
- Back
|
Describe SNMP
|
It is basically a network health-monitoring and diagnostic tool. SNMP operates at the Application layer of the OSI reference model, over port 161.
|
|
|
Describe LDAP
|
Lightweight Directory Access Protocol (LDAP) is a TCP/IP networking protocol for interacting with directory services databases. LDAP arranges network directories into inverted trees. Each tree starts with a root. The root encompasses all directories in the tree in the same way that a disk's root directory encompasses all directories (folders) on a disk.
|
|
|
What is the purpose of VPN?
|
A virtual private network (VPN) is a communication protocol that provides secure remote access to company networks. Let me explain what this means. Computers in a private LAN are all in the same building. That makes it relatively easy for administrators to control communications between computers. But the public telephone lines and the Internet are public networks—what a security professional might call an untrusted network.
|
|
|
How does VPN work?
|
creates a secure tunnel between a remote computer and the company LAN. This tunnel acts like a cable in a private network, hence the name virtual private network.
|
|
|
Define PPTP
|
provides authentication, encryption, and compression for data sent over IP connections. It has built-in encryption and decryption capabilities. PPTP can create a secure dial-up connection to an ISP. PPTP operates over TCP port 1723 over IP (Internet Protocol) connections only.
|
|
|
Define L2TP
|
newer and more flexible than PPTP. It operates over UDP port 1701 and supports numerous data protocols, including IP, IPX (Internetwork Packet Exchange), and NetBEUI (NetBIOS Extended User Interface).
|
|
|
What is the main flaw of L2TP
|
does not have its own built-in encryption and decryption capabilities. It must rely on some other protocol, typically IPSec, for encryption.
|
|
|
Define IPSec
|
IP Security Protocol (IPSec) is a VPN tunneling protocol that operates at the Network layer (layer 3) of the OSI reference model over TCP ports 50 and 51. IPSec is used to authenticate and encrypt IP traffic.
|
|
|
What are the four parts of IPSec encryption protocol?
|
1. Authentication Header (AH): Provides authentication and integrity to protect against replay attacks.
2. Encapsulating Security Payload (ESP): Encrypts the payload to provide data confidentiality and data integrity. 3. IP Payload Compression Protocol (IPComp): Can be used to compress data prior to sending. 4. Internet Key Exchange (IKE): Provides a method for negotiating secret encryption keys. |
|
|
What is the purpose of RADIUS?
|
RADIUS is an AAA server that offers secure authentication over dial-up networks.
|
|
|
What is the purpose of TACACS?
|
TACACS is another AAA server. It uses TCP port 49.
|
|
|
What is the purpose of SSH (Secure Shell)?
|
SSH (Secure Shell) provides secure Telnet connections over TCP port 22.
|
|
|
What is the purpose of PAP?
|
PAP (Password Authentication Protocol) is any early remote authentication protocol that sends user credentials in clear text.
|
|
|
Decentralized privilege management requires?
|
That user accounts (including usernames and passwords) be stored on each individual server, as illustrated below. that user accounts (including usernames and passwords) be stored on each individual server, as illustrated below.
|
|
|
Centralized privilege management means?
|
Controlling access to all servers from a single, centralized location. The central server may be called a domain controller, authentication server, or directory server. Regardless of what you call it, it contains user accounts and permissions for accessing all the servers in a network.
|
|
|
Privilege Escalation
|
All modern operating systems let you collect information about successful and unsuccessful attempts to log in and access files. This information is stored in a file called an audit trail.
|
|
|
Kerberos Authentication
|
Kerberos works by granting tickets to authenticated users. Each ticket gives the authenticated users access to a specific resource for a limited time. System clocks within the Kerberos network must be synchronized to ensure that tickets expire correctly. Without proper time synchronization between clients and servers, Kerberos authentication won't work properly.
|
|
|
Dumpster Diving
|
In Dumpster diving, attackers search through the trash for information that would help them gain unauthorized access to a network. This includes things like network diagrams, IP address lists, system configuration data, and old passwords. To prevent Dumpster diving, all paper trash should be shredded and all magnetic media destroyed.
|
|
|
RAID
|
RAID is a technology solution for high availability. The RAID acronym stands for Redundant Array of Independent Drives. The redundant part refers to the fact that the technology uses two or more hard drives to store the same data, as in the image below.
|
|
|
Server Clustering
|
Server clustering is a second technical solution that provides high availability. As the name implies, server clustering involves using several different computers to host a server. In the example below, the four server computers look like a single server to users.
|
|
|
What is the Common Criteria?
|
This is a document that was created by numerous organizations, including CSE (Canada), SCSSI (France), BSI (Germany and Netherlands), CESG (UK), NIST and NSA (USA). In the words of the Security+ exam, the Common Criteria document is considered the de facto Information Technology security evaluation criteria for the international community.
|
|
|
What is Piggybacking
|
Piggybacking is when an authorized person allows an unauthorized person into a secured room.
|
|
|
What is the purpose of a mantrap?
|
A mantrap is a room that's specially designed to prevent piggybacking.
|
|
|
Which term describes privilege escalation?
|
While reviewing audit trails, an administrator notices that a regular user ran a program that requires administrative privileges.
|
|
|
How does hashing work?
|
Unlike symmetric and asymmetric cryptography, hashing doesn't encrypt the original message or file. Instead, when you hash a file or message, you end up with a new, separate file called a hash value, message digest, or message authentication code.
|
|
|
Hashing Algorithms
|
Several hash functions (also called hashing algorithms) have come and gone over the years. These days, SHA-1 (Secure Hashing Algorithm 1) and MD5 (Message Digest 5) are the most widely used. MD5 produces a 128-bit hash value. SHA-1 produces a 160-bit hash value and is considered the more reliable of the two.
|
|
|
How is data integrity best achived?
|
Data integrity is best achieved through hashing, message digests or through message authentication codes.
|
|
|
SSL/TLS Is Asymmetric Encryption
|
Secure Sockets Layer (SSL) sends encrypted data across the Internet. It does so to protect sensitive data like personal and financial information.
Behind the scenes, your Web browser is encrypting the sensitive information with a public key. The Web server then decrypts that information using its private key. Thus, SSL is a form of asymmetric encryption used to maintain confidentiality. You don't need to purchase your own public and private keys for this to work. The keys are built into the SSL/TLS system. |
|
|
How does a digital signature work?
|
Digital signatures use encryption and hashing to provide integrity, authentication, and nonrepudiation. Unlike normal message encryption, in digital signatures, the sender does not encrypt the actual message. Rather, the sender uses a hash function to create a message digest. Then the sender encrypts the message digest using his or her own private key.
|
|
|
Explain the digital signature process to provide data integrity and authentication?
|
Digital signatures use encryption and hashing to provide integrity, authentication, and nonrepudiation. Unlike normal message encryption, in digital signatures, the sender does not encrypt the actual message. Rather, the sender uses a hash function to create a message digest. Then the sender encrypts the message digest using his or her own private key.
|
|
|
How does a Replay Attack work?
|
For example, let's say legitimate user Babs enters her credentials (username and password) to gain access to a system. Her computer encrypts her credentials and sends the encrypted data to the server. The server decrypts her credentials, verifies them, and then grants her access.
|
|
|
How does CHAP prevent Replay Attacks?
|
CHAP's ability to send a random challenge string to the client at any time provides a good defense against replay attacks. When CHAP sends a random challenge string to the client, it expects a different answer back. There is no way for an intruder to know in advance what the challenge string will be. And there's no way for an intruder to capture and play back the response to a challenge string from another computer. The session will terminate as soon as the intruder's computer fails to send the correct response to the challenge string.
|
|
|
What types of attacks are hashed passwords vulnerable to?
|
Brute Force and Birthday Attacks
|
|
|
How do you destroy a digital certificate key?
|
The preferred method of key destruction is called zeroization. In this method, every bit in the key is converted to a zero. Once the key has been zeroized, there is no way to restore its original value.
|
|
|
What's the first step in implementing a Firewall?
|
The first step to implementing a firewall is to develop a firewall policy.
|
|
|
What is the meaning of "Stateful Inspection" Firewalls?
|
That the firewall can inspect each packet to determine whether or not it's part of an already-established TCP connection. Such a firewall can detect and discard any rogue packets from would-be hackers trying to gain access through an open connection.
|
|
|
What is one benefit of a Switch?
|
Provides a good defense against hostile packet sniffing
|
|
|
What's the benefit of a Router?
|
Unlike a switch or hub, a router can have an Access Control List (ACL) that manages traffic according to rules an administrator defines. As such, a router can act as both a connecting point and a firewall.
|
|
|
What's the best defense against IP spoofing?
|
Set up a perimeter router with ingress filtering. Then you define ingress packet filtering rules to reject all packets that have a source IP address from inside the network.
|
|
|
How does callback offers the best security tool for dial-up modems.
|
It requires that users call from a specific telephone number and log in normally. Once connected and authenticated, the modem hangs up and calls back at the predetermined number. This ensures that the user is authenticated and located at a specific telephone known to the network.
|
|
|
What is the best defense against IP spoofing?
|
Set up a perimeter router with ingress filtering. Then you define ingress packet filtering rules to reject all packets that have a source IP address from inside the network.
|
|
|
What is privilege management?
|
Privilege management is the process of assigning and managing access to network resources.
|
|
|
Where are usernames and accounts stored in decentralized privilege management?
|
Decentralized privilege management requires that user accounts (including usernames and passwords) be stored on each individual server.
|
|
|
Where are usernames and accounts stored in centralized privilege management?
|
Centralized privilege management means controlling access to all servers from a single, centralized location. The central server may be called a domain controller, authentication server, or directory server.
|
|
|
What is privilege escalation?
|
As its name implies, privilege escalation occurs when a user is granted more access than his or her user account normally provides.
|
|
|
Define Kerberos Authentication scheme:
|
Kerberos is a centralized privilege management scheme that provides access to multiple network resources. A Kerberos server consists of three main components called an authentication server, privilege server, and security database.
|
|
|
How does Fault Tolerance address high availability?
|
Fault tolerance: The ability of a system to keep working despite failures in one or more of its components.
|
|
|
How does Redundancy address high availability?
|
Redundancy: Having two or more of the same device so that if one fails, the other can take over.
|
|
|
How does Fail-over address high availability?
|
Fail-over: Having a second, redundant device kick in automatically if the first device fails.
|
|
|
How does RAID work?
|
RAID is a technology solution for high availability. The RAID acronym stands for Redundant Array of Independent Drives. The redundant part refers to the fact that the technology uses two or more hard drives to store the same data, as in the image below.
|
|
|
How does Server clustering work?
|
Server clustering is a second technical solution that provides high availability. As the name implies, server clustering involves using several different computers to host a server. In the example below, the four server computers look like a single server to users.
|
|
|
What is the Common Criteria?
|
This is a document that was created by numerous organizations, including CSE (Canada), SCSSI (France), BSI (Germany and Netherlands), CESG (UK), NIST and NSA (USA). In the words of the Security+ exam, the Common Criteria document is considered the de facto Information Technology security evaluation criteria for the international community.
|
|
|
How does a differential backup work?
|
A differential backup backs up all files that have changed since the last full backup. Recovery requires fist restoring the original full backup and then restoring the most recent differential backup.
|
|
|
How does an incremental backup work?
|
An incremental backup backs up files in increments so that only files that have changed since the previous incremental backup are copied. Recovery requires restoring the last full backup plus every incremental backup made since the last full backup.
|
|
|
What does the term due care mean?
|
The term due care really refers to written policies and procedures that are specifically designed to minimize damage and injury. Combined, these written documents form an organization's security policy.
|
|
|
Who writes a PKI policy?
|
An in-house CEO or other policy maker writes the PKI policy. It describes how an organization is taking due care in using its certificate to maximize security without breaching the terms set forth in the certificate policy.
|
|
|
Who writies a certificate policy?
|
A Certificate Authority writes the certificate policy, basing it on industry-wide standards.
|
