Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
194 Cards in this Set
- Front
- Back
Name the three Legacy EAP Protocols
|
PAP - Password Authentication Protocol
CHAP - Challenge-Handshake Authentication Protocol MSCHAP - Microsoft Challenge-Handshake Authentication Protocol |
|
Name the two Weak EAP Protocols
|
EAP-MD5 - Extended Authentication Protocol-MD5
LEAP - Lightweight Extended Authentication Protocol |
|
Name three Strong EAP Protocols
|
EAP-TLS - EAP with Transport Layer Security
EAP-TTLS - EAP with Tunneled TLS PEAP - Protected EAP |
|
What does EAP Stand for?
|
Extended Authentication Protocol
|
|
What does PAP Stand for?
|
Password Authentication Protocol
|
|
What does MSCHAP Stand for?
|
Mircosoft Challenge-Handshake Authentication Protocol
|
|
What does EAP TLS Stand for?
|
Extended Authentication Protocol with Transport Layer Security
Shortform: EAP w/ TLS |
|
What does EAP-TTLS Stand for?
|
Extended Authentication Protocol with Tunneled Transport Layer Security
Shortform: EAP w/ Tunneled TLS |
|
What does PEAP Stand for?
|
Protected Extended Authentication Protocol
Shortform: Protected EAP |
|
What does EAP-MD5 Stand for?
|
Extended Authentication Protocol-MD5
Shortform: EAP w/ MD5 |
|
What does LEAP Stand for?
|
Lightweight Extended Authentication Protocol
Shortform: Lightweight EAP |
|
In the Single Site Deployment:
Where is the RADIUS Server located? Where is the Authentication DB Server located? The Advantages of this? The Disadvantages of this? |
Radius is Local //
Authentication DB is Local Advantage? Only 1 Authentication DB to support Disadvantage? Difficult to scale w/ more added users |
|
In the Distributed Autonomous Site Deployment:
Where is the RADIUS Server located? Where is the Authentication DB Server located? The Advantages of this? The Disadvantages of this? |
Radius is Local //
Authentication DB is Remote Advantage? Doesn't rely on network link Disadvantage? Hard to replicate Authentication DB's |
|
What are the 4 design model site deployments?
|
1. Single Site Deployment
2. Distributed Autonomous Site Deployment 3. Distributed Sites & Security w/ Centralization Authentication 4. Distributed Sites w/ Centralized Authentication & Security Acronym: S-DA-DS&Sw/CA-DSw/CA&S |
|
In the Distributed Sites & Security w/ Centralized Authentication:
Where is the RADIUS Server located? Where is the Authentication DB Server located? The Advantages of this? The Disadvantages of this? |
Radius is Local //
Authentication DB is Remote Advantage? Reduced Bottleneck processing Disadvantage? Relies on a network link |
|
In the Distributed Sites w/ Centralized Authentication & Security:
Where is the RADIUS Server located? Where is the Authentication DB Server located? The Advantages of this? The Disadvantages of this? |
Radius is Remote //
Authentication DB is Remote Advantage? DB is more secure (no replication) Disadvantage? Relies on a network link |
|
What are the three things that replaced community strings in SNMPv3?
|
1. Username
2. Password 3. Encryption (key) |
|
Name 3 types of Authentication servers?
|
1. RADIUS
2. Kerberos 3. TACACS+ 4. LDAP or DAP |
|
What are some drawbacks of public/private cryptography?
|
1. Not efficient - Must use specific software
2. Only protects files through transmision |
|
True or False: VPN Solves all the drawbacks of public/private cryptography?
|
True, it does solve all the problems.
|
|
True or False: X.500 Lite is sometimes referred as DAP
|
False. LDAP is
|
|
What are the three authentication credentials?
|
1. Something you know - Password
2. Something you are - Biometrics 3. Something you have - Digital Cert KP-AB-HD |
|
What does AAA Stand for?
|
Authentication //
Authorization // Accounting or Auditing |
|
Name one AAA Server
|
1.RADIUS
2.TACACS+ 3.Kerberos |
|
Name two types of authentication methods when connecting to an AP
|
Open System - No Password
Shared Key - With Password |
|
What does MK Stand for?
|
Master Key
|
|
What does PMK Stand for?
|
Pairwise Master Key
|
|
What does PTK Stand for
|
Pairwise Transient Key
|
|
What comes first MK, PMK or PTK
|
MK is the initial key Steps: MK to PMK to PTK |
|
How is the PMK Generated in the enterprise security model?
|
Generated: The MK + GK Creates the PMK |
|
How is the PTK Generated?
|
Generated by Combining PMK with:
1. Supplicant MAC address 2. Authenticator MAC address 3. Nonce created by supplicant 4. Nonce created by authenticator |
|
True or False: GKs are not used for unicast transmissions
|
True.
They're used for broadcast transmissions |
|
What does GK Stand for?
|
Group Key
|
|
What does GMK Stand for?
|
Group Master Key
|
|
What does GTK Stand for?
|
Group Temporal Key
|
|
What kind of transmission is GK used for?
|
Broadcast Transmissions
|
|
True or False: GMK is the starting point of the group key hierarchy. This is a random number.
|
True.
|
|
How is the GTK created?
|
Created using:
1. GMK 2. Authenticator's MAC 3. Nonce from Authenticator |
|
Explain the Four-way handshake
|
After PSK or 802.1X is Exchanged
1. Authenticator sends Anonce to Supplicant 2. Supplicant sends Snonce to Authenticator 3. Authenticator sends PTK & GTK to Supplicant 4. Supplicant sends Acknowledge to Authenticator Acronym AAS-SSA-APGS-SAA |
|
What does VPDN Stand for?
|
Virtual Private Dialup Network
|
|
What does VPN Stand for?
|
Virtual Private Network
|
|
What does PPTP Stand for?
|
Point-to-Point Tunneling Protocol
|
|
True or False: PPTP is not based based on PPP
|
False it is.
|
|
What does PPP Stand for?
|
Point-to-Point Protocol
|
|
What is a site-to-site VPN?
|
Allows multiple sites to connect to other sites over the internet
|
|
What does LCP Stand for?
|
Link Control Protocol
|
|
True or False: LCP establishes, configures, and automatically tests the connection.
|
True
|
|
What does PPPoE Stand for?
|
Point-to-Point Protocol over Ethernet
|
|
True or False: PPPoE Can assign IP Addresses?
|
True
|
|
True or False: PPPoE is not a variation of PPP
|
False, it is.
|
|
True or False: LCP is an extension of PPTP
|
True
|
|
What does L2TP Stand for?
|
Layer 2 Tunneling Protocol ////////////// PPTP w/ L2F ProtocolL2F - Layer 2 Forwarding Protocol (Ciscos) |
|
What does IPSec stand for?
|
IP Security
|
|
What does AH Protocol Stand for?
|
Authentication Header Protocol
|
|
What does ESP Protocol Stand for?
|
Encapsulation Security Payload Protocol
|
|
True or False: ESP Accomplishes Confidentiality
|
True
|
|
True or False: AH Accomplishes Authentication
|
True
|
|
What does ISAKMP/Oakley Stand for?
|
Internet Security Association & Key Mgmt Protocol/Oakley Protocol
|
|
Name the two types of encryption modes in IPSec
|
Transport and Tunnel
|
|
True or False: PPTP offers high security for Windows
|
False. It's moderate
|
|
True or False: L2TP offers high security for windows
|
True
|
|
True or False: IPSec offers high security for non-windows
|
True
|
|
What does SNMP Stand for?
|
Simple Network Mgmt Protocol
|
|
What do SNMP-Managed devices with agents/services do?
|
Listens for commands and executes them
|
|
True or False: HTTPS essentially uses SSL/TLS to secure HTTP traffic
|
True
|
|
True or False: SSH Portforwarding is reffered to as Tunneling
|
True
|
|
What does SCP Stand for?
|
Secure Copy Protocol
|
|
True or False: SCP performs authentication and or security
|
False. It only encrypts data during file transmission
|
|
What does TLS Stand for?
|
Transport Layer Security
|
|
TLS is an extension of ______.
|
SSL
|
|
TLS is used to ____ email transmissions
|
Secure
|
|
There are two layers of TLS.
TLS ____ protocol, and TLS____ protocol. |
Handshake Protocol
Record Protocol |
|
What does SFTP Stand for?
|
Secure File Transfer Protocol
|
|
STFP is based on ____ or ____ Protocols.
|
SSL
SSH |
|
What does CFS Stand for?
|
Linux Cryptographic File System
|
|
True or False: CFS Can be used to send encrypted files
|
False.
|
|
True or False: CFS encrypts files on Linux systems
|
True
|
|
What does GPG Stand for?
|
GNU Privacy Guard
|
|
What does PGP Stand for?
|
Pretty Good Privacy
|
|
PGP is _____ based
|
Windows
|
|
GPG is ____ or ____ based
|
UNIX
Linux |
|
True or False: Endpoints that provide passthrough VPN capability don't require a separate VPN client application to be installed on each device
|
False, it is required. This is used to connect to a VPN server
|
|
True or False: Client applications handle setting up the connection to the remote VPN Server
|
True
|
|
True or False: Client applications take care of special data handling required to send/receive data through a VPN tunnel
|
True
|
|
True or False: A built-in VPN endpoint handles all of the VPN tunnel setup, encapsulation, and encryption in the endpoint
|
True
|
|
Hardware based VPNs are more secure, and have better performance than _____ based VPNS
|
Software
|
|
_____ Based VPNs are preferred when both endpoints are not controlled by the same organization
|
Software
|
|
What are the advantages of Software-based VPNs?
|
1.More flexible
2.More desirable for remote users (road warriors) 3.Good when performance req. are modest |
|
What are the disadvantages of Software-based VPNs?
|
1.Lower performance and security VS Hardware based
2.Harder to manage than hardware endpoints 3.Not all ISP's allow software-based VPN tunnels |
|
What are the advantages of Hardware-based VPNs?
|
1.More secure and better performance VS Software
2.Can protect all wireless devices behind it 3.Only passthrough VPN device manage VPN functions (hardware handles rest) |
|
What are the disadvantages of Hardware-based VPNs?
|
More expensive
|
|
VPN encryption functions at layers ___ and ___ of the OSI model
|
Layer 2
Layer 3 |
|
What are some VPN Advantages?
|
1.Cost savings
2.Scalable 3.Full protection 4.Speed 5.Authentication |
|
What are some VPN disadvantages?
|
1.Expensive
2.Performance Impact 3.Additional protocols 4.More Mgmt 5.Must have high availability |
|
True or False: A VPN uses an unsecured public network to send and receive private messsages by using encryption
|
True
|
|
Name the five key security principles when designing network security.
|
Layering - Multiple layers of defense
Limiting - Restrict access Diversity - Different types of defenses Obscurity - Avoiding clear patterns Simplicity - Simple from inside; Complex from outside Acronym LLDOS |
|
True or False: Network segmentation is non-deterministic networking
|
True
|
|
What is Stateful packet filtering?
|
Keeps a record of state
Makes decisions based on connection and rule base |
|
What is Stateless packet filtering?
|
Permits strictly based on a rule base
|
|
What are the advantages of NAT?
|
1.Security
2.Segmenation 3.Conserves Public IPs |
|
What are the disadvantages of NAT?
|
Difficult troubleshooting
Performance Impact |
|
IEEE 802.1____ is used to mark VLAN packets.
|
IEEE 802.1Q
|
|
What does VLAN Stand for?
|
Virutal Local Area Network
|
|
What is inside the IEEE 802.1Q 4-byte header?
|
1.TPID - Indicates 802.1Q //
2.TCI - ID of VLAN |
|
ESSAY Question #1 What are some advantages and disadvantages of distributed sites with Centralized authentication & security |
Advantage: Authentication DB more secure because not replicated
Disadvantage: Relies on network connection |
|
ESSAY Question #2 What is role based access control? |
Aims to restrict access to information based on job function role.
|
|
ESSAY Question #3 What are some of the advantages of using VPN? |
1. Cost savings
2. Scalable 3. Full protection 4. Speed 5. Authentication |
|
ESSAY Question #4 List a few things about SNMP |
1. SNMP Stands for Simple Network Mgmt Protocol
2. SNMPv1/v2 is weak (community strings sent in clear) 3. SNMPv3 is strong (encrpyted, uses password/username) |
|
ESSAY Question #5
What does it mean to do layering security? |
Combines multiple mitigating security controls to protect resources.
If one layer is broken down, they'll have to go through another. |
|
ESSAY Question #6
How do you perform a Risk Assessment? |
1.Identify the Risks 2.Do a BIA on an asset. using the R = I * L equation (Risk = Impact * Likelihood)3. Determine whether to accept, reduce, transfer risk |
|
ESSAY Question #7
What are the Mobile Bandwidth speeds for 1G 2.5G 3G |
1G - 9.9 Kb/s
2.5G - 384 Kb/s 3G - 400-700Kb/s |
|
What does WIDS/WIPS Stand for?
|
Wireless Intrusion Detection System
Wireless Intrusion Prevention System |
|
Name a few WIPS Features
|
1. AP Identification - All AP's detected & classified
2. Device Tracking - Track all devices 3. Event Actions & Notification - Stop attacks 4. RF Scanning - Cover all 2.4/5Ghz Channels 5. Protocol Analysis - Reveal Trends |
|
Which intrusion system uses a proactive approach?
|
WIPS
|
|
What are some disadvantages of a WIDS?
|
High number of False positives
Depends on Signatures Reactive instead of Proactive |
|
What two types of detection does WIDS use?
|
Signature - Compares based off attack signatures
Anomaly - Weird traffic above baseline recoreded |
|
What are the two types of Probes used in WIDS/WIPS
|
Integrated - Used to reduce costs
Overlay - Dedicated |
|
Which WIPS probe is known as an AP/Embedded probe
|
Integrated Probe
|
|
Which WIDS/WIPS probe detects more attacks?
|
Overlay probe
|
|
What are some drawbacks of an overlay probe?
|
1.Higher costs
2.Must use list of authorized APs 3.Req. Additional user interfaces |
|
What are some drawbacks of an integrated probe?
|
1.Reduces throughput
2.AP is not dedicated to watch all attacks 3.Hops channels (not very effective) 4.b/g AP cannot monitor 'a' channels |
|
Name 4 methods used for wireless device discovery.
|
1.Triangulation
2.Trilateration 3.RF Fingerprinting 4.RSSI (Received Signal Strength Indication) |
|
Name two of the methods used for rogue access point discovery
|
1.Mobile Sniffing - Airmon/Kissmet
2.Wireless Probes - Monitors airways for suspicious signals |
|
_____ is a protocol used to Manage WLAN Systems |
SNMP
|
|
What is an SNMP Trap?
|
Shows a Spike/decrease in network bandwidth
|
|
What is an SNMP inform Request?
|
Acknowledges the message with an SNMP response
|
|
What are the three parts of a security policy cycle?
|
1. Risk Identification
2. Security Policy 3. Compliance Monitoring & Evaluation |
|
What are the 4 steps in Risk Identification?
|
1. Asset Identification
2. Threat Identification 3. Vulnerability Appraisal 4. Risk Assessment |
|
What are three three choices/options when dealing with Risk
|
1. Accept it
2. Reduce it 3. Transfer it |
|
What's the difference between a policy, standard and guideline?
|
Policy - Establishes standards
Standard - Requirements and procedures to be met Guidelines - Suggestions |
|
What are the thee models of trust?
|
1. Trust everyone 24/7
2. Trust people some of the time 3. Trust no one at any time |
|
What are the 3 elements of a security policy?
|
1. Due care
2. Separation of Duties 3. Need to Know |
|
Compliance monitoring and evaluation is a _____ approach.
|
Proactive
|
|
What are the two elements of Compliance monitoring and evaluation
|
1. Incident Response
2. Code of Ethics |
|
What are the code of ethics for IT?
|
IEEE
ACM |
|
Who is part of the Incident response team?
|
1.Senior Mgmt
2.IT 3.Corporate 4.HR - Human Resources 5.PR - Public Relations SITCHP |
|
What is a baseline?
|
Used to evaluate network flow, and determine how a propose change may impact the network.
|
|
What does WiMax Stand for, and what IEEE standard does it use?
|
Worldwide Interoperability for Microwave Access
WiMax is based on IEEE 82.16 |
|
What speed does 1G transmit at?
|
9.9Kbs
|
|
What speed does 2G transmit at?
|
Tested at 50Kbs
|
|
What speed does 2.5G transmit at?
|
Max speed of 384Kbps
|
|
What speed does 3G transmit at?
|
400-700Kbps
|
|
A ____ is designed to prevent malicious packets from entering the network or computer.
|
firewall
|
|
Antivirus software definition files are also known as ____ files.
|
signature
|
|
The Cisco Systems’ ____ protocol is an alternative to IEEE 802.1q.
|
ISL
|
|
____ is the practice of dividing the network into smaller units.
|
Segmentation
|
|
With ____, instead of giving each outgoing packet a different IP address, each packet is given the same IP address but a different port number.
|
PAT
|
|
____ keeps a record of the state of a connection between an internal computer and an external server and then makes decisions based on the connection as well as the rule base.
|
Stateful packet filtering
|
|
When a sending device on a LAN sends a packet that is intended for a single receiving device it is known as a ____ transmission.
|
unicast
|
|
____ are designed to protect a device’s network ports, or endpoints of communication.
|
Firewalls
|
|
In a standard wired Ethernet network, all devices share the same media and a device can send a packet at any time rather than in a fixed or predictable fashion (known as ____ networking).
|
non-deterministic
|
|
The drawback of antivirus software is that its ____ must be continuously updated to recognize new viruses.
|
definition files
|
|
True or False: Limiting consists of placing a password on a system to keep unauthorized persons out.
|
False
|
|
True or False: Security by obscurity is sometimes criticized as being too weak.
|
True
|
|
____ means that a single cable is used to support multiple virtual LANs.
|
Trunking
|
|
____ allows a RADIUS server to authenticate wireless devices stations by verifying a hash known as MD5 of each users password.
|
EAP-MD5
|
|
Access points and wireless devices must exchange information in order to create and acknowledge the MKs and the GKs. This exchange of information is known as ____.
|
handshakes
|
|
Several of the EAP protocols use ____, which creates a ciphertext from cleartext.
|
hashing
|
|
The system of using digital certificates,CAs,and other registration authorities that verify and authenticate the validity of each party involved in a transaction over a public network is known as ____.
|
public key infrastructure (PKI)
|
|
If authentication is performed by IEEE 802.1x using the WPA or WPA2 Enterprise model, the distribution of the ____, from which all other keys are formed, is done by the authentication server.
|
master key (MK)
|
|
____ is an industry standard protocol specification that forwards username and password information to a centralized server.
|
TACACS+
|
|
____ requires that the wireless device and RADIUS server prove their identities to each other by using public key cryptography such as digital certificates.
|
EAP-TLS
|
|
True or False: The MKs are used for access point to wireless device transmissions, or unicast transmissions.
|
True
|
|
The ____ is the value that the wireless devices use to decrypt broadcast messages from APs.
|
GTK
|
|
A ____ deployment uses local authentication with one or more RADIUS servers at each site. However, the authentication database is replicated from one central site to each local site.
|
distributed autonomous site
|
|
True or False: Wireless authentication first requires the wireless device not the user to be authenticated before being connected to the WLAN.
|
True
|
|
The exchange of information for the MK is based on a ____.
|
four-way handshake
|
|
LDAP was developed by Microsoft and the University of Michigan in 1996.
|
False
|
|
____ is a protocol that guarantees privacy and data integrity between applications communicating over the Internet.
|
Transport Layer Security (TLS)
|
|
____ is software that works with a computers network interface card adapter to simulate a dial-up session and can assign IP addresses as necessary.
|
PPPoE
|
|
____ is a widely used protocol for establishing connections over a serial line or dial-up connection between two points.
|
PPP
|
|
In IPsec, confidentiality is achieved through the ____ protocol.
|
Encapsulating Security Payload (ESP)
|
|
An extension to PPTP is the ____, which establishes, configures, and automatically tests the connection.
|
Link Control Protocol (LCP)
|
|
A VPN ____ aggregates hundreds or thousands of multiple connections together.
|
concentrator
|
|
IPsec ____ mode encrypts only the data portion (payload) of each packet yet leaves the header unencrypted.
|
transport
|
|
True or False: Endpoints that provide passthrough VPN capability does not require that a separate VPN client application be installed on each device that connects to a VPN server.
|
False
|
|
The ____ allows authentication between the server and the client and the negotiation of an encryption algorithm and cryptographic keys before any actual data is transmitted.
|
TLS Handshake Protocol
|
|
____ is a facility for transferring files securely.
|
Secure Copy (SCP)
|
|
The ____ is a protocol used to manage networked equipment.
|
SNMP
|
|
True or False: SSH can even be used as a tool for secure network backups.
|
True
|
|
In a ____ VPN, multiple sites can connect to other sites over the Internet.
|
site-to-site
|
|
A ____ constantly monitors the radio frequency (using wireless probes) for attacks.
|
wireless intrusion detection system (WIDS)
|
|
Monitoring the RF frequency requires a special sensor called a(n) ____.
|
wireless probe
|
|
A(n) ____ probe uses existing access points to monitor the RF.
|
integrated
|
|
True or False: Global positioning systems (GPS) are widely used in 802.11 WLANs.
|
False
|
|
A spike in a networks bandwidth or a decrease in the time to respond to a request are signs that the network is running slowly. These events are known as a(n) ____.
|
SNMP trap
|
|
In a WIDS anomaly detection system the security administrator defines the ____ (or normal) state of the network’s traffic.
|
baseline
|
|
A ____ probe is a standard wireless device, such as a portable laptop computer, configured to act as a wireless probe.
|
wireless device
|
|
____ allows computers and network equipment to gather data about network performance.
|
SNMP
|
|
WIPS detect categories of attacks using predictable or ____ techniques that may involve a combination of different approaches.
|
deterministic
|
|
____ is a diagnostic program that sends a packet to a device and waits for a response to determine if it is properly functioning.
|
PING
|
|
The ____ is a signal that tells the strength of the incoming (received) signal.
|
RSSI
|
|
A(n) ____ integrates several layers of protection to detect and prevent malicious attacks.
|
wireless intrusion prevention system (WIPS)
|
|
True or False: All wireless network interface card adapters can act as a wireless device probe.
|
False
|