TCP IP Security

egill2k1's version from 2016-08-27 04:10

Section 1

Question Answer
EncryptionScramble, mix up, or change data in such a way that bad guys can't read it
Integrityguarantees data is received the same as originally sent.
Non repudiationmaking sure data came from the person or entity it was supposed to
Authenticationverify who person is trying to access data - Username/Password
Authorizationdefines what a person can do with this data



Question Answer
Block Cipherdata in 128 bit "chunks". works well with IP packets
Stream Ciphertakes a single bit and encrypts on-the-fly. Popular when data comes in long strings


Question Answer
symmetric-key encryption /algorithmUses the same key for both encryption and decryption.
asymmetric-key encryption /algorithmUses different key for both encryption and decryption


Question Answer Column 3 Column 4
Data Encryption Standard (DES)64 bit block and 56 bit key. Susceptible to brute force.Blocksymmetric-key algorithm
(RC4) Rivest Cipher cipher, Fast, easy, free. Fast becoming obsoleteSTREAM
(RSA) Rivest Shamir Adlemanintroduced fully functional algorithm that enabled secure digital signaturesDigital Signature
(AES)introduced in 1990's, 128 bit block size/ 192 or 256 bit key size. Secure, FAST, POPULAR.Block Cipher
Public-key cryptographyUses two keys public to encrypt, private to decrypt. EMAILAsymmetric
digital signatureAn encrypted hash of a private encryption key that verifies a sender's identity to those who receive encrypted data or messages.
Public Key Infrastructure (PKI)Root and intermediate authorities. Creating a tree of certificate authorizations.


Question Answer
(MD5) Message-Digest Algorithm vs5 hash function, becoming obsolete. no longer recommended as safe.
(CRAM-MD5) Challenge-Response Authentication Mechanism-Special form of MD5, SMTP servers for authentication. TOOL FOR SERVER AUTHENTICATION.
SHA-1hash function, becoming obsolete. no longer recommended as safe


Question Answer
(MAC) Mandatory Access Controlevery resource is assigned a label that defines its security level. Used in OS's to define privileges to programs...oldest, least common.
(DAC) Discretionary Access Controlbased on a resource has an owner who may assign access to that resource. More flexible than MAC.
(RBAC) Role-Based Access Controlmost popular model used in file sharing. defines a users access t a resource based on the roles the user plays in the network environment.


Question Answer
(PPP) Point-to-PointEnables two point 2 point devices to connect, authenticate with usrname/password, and negotiate the protocol the 2 devices will use...most often is TCP/IP.
Password Authentication Protocol (PAP)transmits usrname/password over connection in plaintext.
(CHAP) Challenge handshake Authentication Protocolused by dial-up. Relies on hashes based on a shared secret. Sends a hash of that to authenticator. periodically repeats this.
(AAA) Authentication, Authorization & AccountingUsed for when accessing a database of usrnames/passwords as opposed to a single modem. Utilizes port authentication, allowing remote users point-of-entry to another network.
(RADIUS) Remote Authentication Dial-In User ServiceSupports MANY connections to a single central database. AAA standard. wired/wireless. Radius Server, Database(usrnames/passwords), Network Access ServerS (NAS's). That connect to the system. UDP Ports: 1812 & 1813 OR 1645 & 1646.
(AES) Advanced Encryption Storage Block Cipher, uses 128 Bit encryption, 192 or 256 bit key size. Very fast.
(TACACS+) Terminal Access Controller Access Control SystemSupports AAA in a network with MANY routers and Switches. Separates AAA Using PAP, CHAP and MD5 hashes. can use Kerberos. TCP Port:49
KerberosUses "ticket granting and "authentication server" as the "Key distribution Center"(KDC). TCP/IP authentication protocol that supports MANY clients connecting to a single authentication server. Cornerstone of MS Win (domain controller). TCP/UDP Port: 88
TokenKey that the client uses to access any single resource on the entire domain(Authorization ticket), WITHOUT having to login again. SSO Used in Kerberos


    Encryption Standards
Question Answer
SSHSecure replacement for Telnet. SSH servers uses PKI in the form of an RSA key. Sends a public key to client, client creates a SESSION ID and sends back encrypted w/ public key. Server decrypts SESSION ID and uses for all data transfers of that session. They negotiate encryption type as well.
(EAP) Extensible Authentication Protocoldeveloped to create a single standard to allow two devices to authenticate.
EAP-PSKshared key stored on WIRELESS client and WAP, encrypted with AES.
EAP-TLSw/ Transport Layer Security is using a RADIUS server as well as mutual auth, requiring certs on both the server and every client for WIRELESS connection. Client side may use a smart card.
EAP-TTLSw/ Tunneled TLS. only uses a single server-side cert. very common on more secure networks.
EAP-MS-CHAPv2also known as Protected Extensible Authentication Protocol (PEAP), uses a password function based on MS-CHAPv2 w/an encrypted TLS tunnel.
EAP-MD5Simple version of EAP uses only MD5 hashes for transfer of credentials. weak...least used
(LEAP) Lightweight Extensible Authentication ProtocolCombination of MS-CHAP between wireless client and RADIUS server.
802.1XPort based authentication network access control mechanism for networks. EAP info placed in an Ethernet frame. Forces devices through a full AAA process.


      Advanced Encryption Standard

Recent badges