A mathematical value that is used to provide integrity check for a packet. A checksum is the result of adding the number of bits in as block of data to be transmitted. The result of this addition is transmitted along with the data. The same calculation is performed by the computer at the receiving end and if the results agree, it is assumed that the data has been transmitted without error.
What is Data modification
An attacker can modify the network packet that is in transit over a network and send counterfeit data, which might prevent the receiver from receiving the correct information of might allow the attacker to obtain additional, possible secure, information.
Monitors and reads network packets as they traverse a wired or wireless network. Must be in promiscuous mode to see packets not destined for that computer
An attacker can falsify or "spoof" the identity of either the sending or receiving computer by using special programs to construct IP packets that appear to originate from valid addresses inside of a trusted network.
Man in the Middle (MITM) attack
Someone between the two communicating computers us actively monitoring, capturing, and controlling the data transparently. The attacker intercepts the communications between two computers, modifies or captures the data and then sends it on to its destination.
Denial of Service (DoS) attack
This attack prevents the normal use of comuters or network resources.
Distributed Denial of Service (DDos)
This attack prevents the normal use of computers or network resources, but attack originates from many computers, often referred to as a botnet.
Internet Security Association and Key Management Protocol (ISAKMP)
Dynamically negotiates a mutual set of security requirements between two hosts that are attempting to communicate with each other.
IP Packet filtering
A process that allows or blocks communications specifying source and destination addresses, address ranges, protocols, or even specific TCP or UDP ports
At which layer of the OSI model does IPSec work
Network layer or layer 3. It provides automatic, transparent security for all applications residing at the higher OSI layers (4-7)
IPSec peer authentication provides what?
Verifies the identity of the peer computer before any data is sent.
Windows 2008 can use what three authentication methods for IPSec
Pre-shared key, public keys, or Kerberos protocol. Kerberos can only be used if integrated with an Active Directory.
A one-way cryptographic algorithm that takes an input message of arbitrary length and produces a fixed length digest.
How does IPSec ensure data integrity?
IPSec includes a cryptographic checksum for the packet that ensuring that the information that is received is the same as the information that was sent.
How does IPSec ensure data confidentiality?
IPSec can encrypt a packet. If it is intercepted, the attacker cannot un-encrypt the packet without the correct key.
How does IPsec protect against a replay attack?
IPSec uses sequence numbers in packets sent between two IPSec peers. A replay attack is when an attacker records packets and plays them at a later time. The packet sequence number would be out of order if sent at a later time.
What is key management in IPSec
A secure way to exchange key information to derive a secret shared key and to periodically change the keys used.
What are the two types of modes in IPSec? Define the two terms.
Transport Mode: Use when packet filtering is required and when using end to end security.
Tunnel mode: Used in site to site communications that cross unsecure (public) networks. Provides gateway to gateway protection.
Name and define the two main protocols used in IPSec
Authentication Header (AH): provides authentication, integrity, and anti-replay for the entire packet (both the IP header and the data payload carried in the packet). It does not provide confidentiality because it does not encrypt the data. AH uses a hash algorithm to sign the packet for integrity.
Encapsulating Security Payload (ESP): provide confidentiality for the payload in addition to authentication and anti-replay. ESP does not sign the entire packet, just the payload (data).
They can be used together to provide protection.
Offers the strongest level of security within Windows 2008 and has the highest resource usage on the host. Compatible only with Windows Vista and Windows 2007 Server.
Somewhat less secure than AES-256, medium resource usage on the host. Compatible only with Windows Vista and Windows 2007 Server.
Default IPSec encryption algorithm in Windows 2008. Compatible only with Windows Vista and Windows 2007 Server.
Used for backward compatibility while still providing an acceptable level of encryption.
Used for backward compatibility only; its use is not recommended.
Integrity (Hash) Algorithm
Stronger choice over MD5, but a higher resource usage level on the host
Integrity (Hash) Algorithm
Used for backwards compatibility only; its use is not recommended. Use SHA1
IPSec Security Assocation
Combination of security services, protection mechanisms, and cryptographic keys mutually agreed to by the communication peers. The SA contains the information needed to determine how the traffic is o be secured (the security services and protection mechanisms) and with which secret keys (cryptographic keys). To types of SAs are created when IPSec peers communicate securely; ISAKMP SA and IPSec SA.