Network+ [Chapter 13]
Terms in this set (91)
What is security filtering?
process of letting people securely access your resources
-ensures authorized computers enter and makes sure data sent back and forth aren't intercepted
What is an access control list or ACL?
used in routers to pick which packets are allowed to go through the router based on the source or destination IP address
What are the four conditions that are good to have when configuring ACLs?
deny all of these
-addresses from your internal networks
-local host addresses(127.0.0.0/8)
-reserved private addresses
-IP multicast addresses (188.8.131.52/4)
What is port filtering?
used to implicitly deny certain port numbers for access or deny
What is tunneling?
making a transmission secure by encapsulating a protocol inside another protocol
What are the tunneling protocols you should know?
VPN-virtual private network
SSL-secure sockets layer
SSL VPN-secure sockets layer virtual private network
L2TP-layer 2 tunneling protocol
PPTP-point to point protocol
GRE-generic routing encapsulation
IPSec-internet protocol security
What is Virtual private network or VPN?
used to make your computer appear to be in another LAN's network locally and securely even if you are physically far away using a 'tunnel'
What is host to site (remote access) VPN?
allows remote users to securely access networks when/wherever
What is host to host VPN?
similar to site to site but the endpoints of the tunnel are two individual hosts
What is site to site (intranet) VPN?
lets you connect remote sites to a backbone securely instead of using expensive WAN connections like Frame Relay
What is extranet VPN?
allows a company's suppliers to be connected to the network in a limited way for business to business communications (B2B)
What is secure socket layer or SSL?
security protocol based on RSA public key encryption, used to enable secure SESSION LAYER connections over the internet, between a web browser and web server
What is SSL VPN?
just using SSL to create a VPN
What is layer 2 tunneling protocol or L2TP?
protocol that supports non TCP/IP protocols in VPNs, combination of POINT TO POINT TUNNELING PROTOCOL(PPTP) and LAYER 2 FORWARDING(L2F)
What is point to point tunneling protocol?
protocol that combines unsecured POINT TO POINT PROTOCOL(PPP) with GENERIC ROUTING ENCAPSULATION PROTOCOL(GRE)
What is generic routing encapsulation or GRE?
tunneling protocol that can encapsulate many protocols inside an IP tunnel
What is IP Security or IPsec?
protocol to provide authentication and encryption over the internet
works at layer 3(network) and secures all apps that operate in the layers above it
What are the two IPSec protocols?
Authentication Handling(AH)-used for authentication only
Encapsulating security payload(ESP)-both authentication and encryption abilities
What are the two modes of IPSec?
Transport-creates a secure tunnel between two devices, end to end
Tunnel-creates a tunnel between two end points, such as 2 routers or gateway servers, protects traffic that goes through the tunnel
What is internet security association and key management protocol or ISAKMP?
protocol that defines procedures and packet formats to establish, negotiate, modify and delete security associations and safely transferring key/authentication data independent of the key generation technique/algorithm/mechanism
What are security associations or SA?
they contain information required to execute security services such as header authentication and payload encapsulation
What is encryption?
running data through a encryption formula, called a key that only the sender and receiver know
What are symmetrical encryption keys?
when the sender and receiver have the same key to encrypt and decrypt data
downside: hard to maintain security of the key
What are asymmetrical or public keys?
keys that are different at each end
What is data encryption standard or DES?
one of the first standards for encryption that used 56 bit keys, the keys were broken
What is triple data encryption standard or 3DES?
same as DES but goes through it 3 times
3key is supposed to be 168 bits safe but really only 112 bits safe
2key is also only really 80 bits safe from 112 bits
What is advanced encryption standard or AES?
official encryption standard in the US that uses 128, 192 and 256 bit keys
128 is secure enough for all materials deemed secret but anything TOP secret needs 192 or 256 bit keys
What is public key encryption?
Uses a public and private key to encrypt and decrypt data
sender's public key is used to encrypt a message that is decrypted by receiver's private key
What is pretty good privacy or PGP?
public key encryption designed for email transmission by encrypting a document with a session key then encrypted with the public key of a recipient, then the ciphertext and encrypted session key are sent to the ricipient
What is remote access service or RAS?
combination of hardware/software required to make a remote access connection
What is remote desktop protocol or RDP?
protocol that allows users to connect to a computer running remote desktop services
terminal service, sends screenshots of server screen
What is point to point protocol or PPP?
a layer 2 protocol that provides authentication, encryption and compression services
What is point to point protocol over ethernet or PPPoE?
extension of PPP that encapsulates PPP frames within ethernet frames
What is independent computing architecture or ICA?
protocol designed to provide communication between server/client that is slow because it records keystrokes and mouse movements
What is secure shell or SSH?
network protocol designed as an alternative to command-based utilities like TELNET
What are some points of managing user accounts and password security?
-renaming the admin account
-password minimum length
-password automatic lockout
-single sign on
What is public key infrastructure or PKI?
system that links users to public keys and verifies a user's identity by using a certificate authority(CA)
What is Kerberos?
security system that establishes a user's identity when they first log in
has strong encryption for all transactions/communications
refreshes your 'ticket' as long as you are logged on
What is authentication, authorization and accounting or AAA?
systematized models for managing network security through one central location
AAAA = ...+auditing
RADIUS and TACACS+
What is remote authentication dial in user service or RADIUS?
authentication and accounting service used for verifying users over various types of links
central network authentication and accounting for multiple users
What is terminal access controller access control system plus or TACACS+?
alternative to RADIUS, separates user authentication and authorization into 2 profiles, and utilizes connection TCP based protocol
What are some HTTP variations?
hyper text transfer protocol
HTTPS-protects http traffic by layering it on SSL/TLS, requires certificates
S-HTTP-encrypts the served page data and submitted data
What are unified voice services?
combining phone network traffic with IP data traffic and video traffic
takes voice/video info and encapsulates it within IP packets
What is network controller?
the network interface card or NIC
device that controls admission or access to a network
What is network access control or NAC?
method of securing network hosts before they're allowed to access the network
check computer's OS updates, anti malware updates before allowing access
What is 802.1x?
-open framework for multiple authentication support
--must ask to join and provide credentials
What is challenge handshake authentication protocol or CHAP?
authentication protocol where authenticater sends random challenge text
device uses password or shared secret to encrypt the random challenge text
authenticater receives the encrypted text and encrypts the challenge itself to compare
What is MS-CHAP?
microsoft's version of CHAP, except it requires the shared secret to be stored locally in clear text
also capable of mutual authentication
What is extensible authentication protocol or EAP?
extension to PPP that provides additional authentication methods for remote access clients such as smart cards, certificates, Kerberos and biometric scanners or voice recognition
What are hashes?
cryptographic process that uses algorithm to derive a value from a set of clear text to verify that the information came from where it says and has not been changed
What is MD5?
created from clear text and then sent along with the clear tax message, at the other end a second hash of the clear text data is created using the same algorithm and if the two hashes match the data is unchanged
What is secure hash algorithm or SHA?
family of algorithm versions, US Federal Information Processing Standard, operates as a hash does and considered superior
What is posture assessment?
when devices attempt to access a network, the devices are examined for anti-malware updates, operating system updates, window registry settings
when assessment is complete and positive, admission is granted, if not denied
What is a guest network?
where devices are placed until a posture assessment is performed
What is persistent and nonpersistent agent?
persistent agent-installed on a NAC client and starts when the OS loads, provides functionality that may not be present in nonpersistent
nonpersistent agent-access the device only during one time check in at login, usually through a captive web portal and is removed when the web page is closed
What is a quarantine network?
when a device is found to be out of compliance, the device will be placed in a quarantine network which prevents the device from being a risk to others
What are the two ways you can filter traffic using an access control list?
Which protocols can be used for tunneling and encryption of data?
PPTP-point to point tunneling
GRE-generic routing encap
Which services allow you to remotely access computers across a network?
PPP-point to point
PPPoE-point to point over ethernet
ICA-independent computing architecture
What are the user-authentication protocols?
RADIUS-remote authentication dial in user
TACACS+-terminal access controller access control system
CHAP-challenge handshake authentication
MS-CHAP-microsoft challenge handshake authen
EAP- extensible authentication protocol
What does the Network access control systems do?
when devices attempt to access a network, the devices are examined in a posture assessment, when it is positive admission is allowed
What are items checked during a posture assessment?
anti malware updates
operating system updates
Which type of agent is installed on a NAC client and starts when the OS loads?
non persistent checks once, usually at a web portal or page
Which encryption protocol/standard allows you to create a private network on an intranet?
What user-authen method uses a public key and private key?
In an authen system that uses private/public keys, who should have access to the private key?
owner of the key
What authen method relies on tickets to grant access to resources?
What does AAA stand for?
What network access security method is commonly used in wireless networks?
What user authen method is available only in windows environment?
What user authen method utilizes the TCP/connection protocol?
What do nonpersistent or dissolvable NAC agents work well with?
What is the main different between a private network and a public network?
Anyone connected to a public network has access while only authorized users connected to a private network have access
A remote user can connect to the internet but not to their VPN client, what should be your next step?
Make sure they are using the correct VPN address/password
Which IP address should you deny into your internetwork?
Which of the following is a tunneling protocol?
or all of them
L2TP, IPSec, and SSL
Which tunneling protocol is based on RSA public key encryption?
What is the minimum of characters you should use when creating a secure password?
6,7,8, or 15?
8 is fine, 15 may be hard to remember
What layer of the OSI model is IPsec on?
What protocol works in both transport mode and tunneling mode?
SSL, L2TP, PPTP, IPSec?
What should you use to ensure data is secure during transit?
Firewalls, encryptions, data accouting, routing table
What two network ultitiles don't have ability to encrypt passowrds?
FTP, SSH, Telnet, SCP
FTP and Telnet
What tool is for encoding and reading an ecrypted message?
What are enhancements provided by TLS v2.0?
improvement in operation of MD5SHA hashing, enhanced support for AES, flexibility in choice of hashing and encryption algorithm
expansion of use of TLS to VPNs is not an enhancement
Which is not a type of public key encryption?
diffie hellman algorithm
RSA data security
Which VPN protocol runs over port 1723, allows encryptions to be done at data level and allows secure access?
What stage of PPPoE, does MAC address of each endpoint of the connection, given to each other so that a PPP connection can be made?
What is an example of verifying something you are?
What authentication method allows for domain authentication on both wired and wireless networks?
What user-client-server authetncation software system combines user authen and authorization into one central database and maintains user profiles?
What is not a network Access Control method?
ICA, independent computing architecture