Term
| What is black hole filtering and how should it be secured? |
|
Definition
Routing table set up so that filtered traffic are directed to null interface.
ICMP should be disabled so senders are not notified of filtered traffic.
Improved performance over ACLs (which is processed after routing is processed). |
|
|
Term
| What is the purpose of uRPF and how does it work? |
|
Definition
Unicast Reverse Path Forwarding
Protection against IP Spoofing.
Checks source IP of incoming packet in FIB; drops if not associated with incoming interface. |
|
|
Term
| What are the prerequisites for uRPF and how is it configured? |
|
Definition
CEF must be enabled
Assumes symmetric routing.
(interface) ip verify unicast reverse-path |
|
|
Term
| What are the characteristics of port security and what issue does it resolve? |
|
Definition
Restricts MAC from connecting to port if not matching list or over a set limit on port
Can drop packet or shutdown port for limited time
Prevents MAC address floods on CAM table |
|
|
Term
| What are the three different types of ports for private vlans? |
|
Definition
1. promiscuous - talks to all other pvlan (port to router/gateway)
2. isolated - talks only with promiscuous ports
3. community - talks to ports in own community and promiscuous ports |
|
|
Term
| What is the purpose of sticky ARP and where is it used? |
|
Definition
ARP on private vlans not aged out or changed by usual automatic CAM updates.
MAC address changes need to be manually changed by admin. |
|
|
Term
What are the characteristics of symmetric encryption algorithm?
What are the two techniques in symmetric encryption? |
|
Definition
Same cryptographic key (shared secret) is used to encrypt and decrypt the message.
1. stream ciphers - encrypt the bits of the message one at a time
2. block ciphers - take a group of bits and encrypt them as a single unit. |
|
|
Term
| What are the characteristics of DES? |
|
Definition
Data Encryption Standard
symmetric encryption algorithm
block cipher with 64-bit blocks
fixed key length of 56 bits (+8 bit parity) |
|
|
Term
What are the characteristics of 3DES?
What are its advantages to DES? |
|
Definition
Triple Data Encryption Standard
symmetric; block cipher; 64-bit blocks
3x 56-bit keys: message encrypted with key1, then decrypted with key2, then encrypted with key3
=> effective 168 bit key
stronger than DES; field tested against brute force attacks |
|
|
Term
What are the characteristics of AES?
What are its advantages to DES/3DES? |
|
Definition
Advanced Encryption Standard
symmetric encryption; block cipher
variable block & key length of 128, 192, or 256 bits
faster to run than DES/3DES |
|
|
Term
| What are the characteristics of RC4? |
|
Definition
symmetric encryption, stream cipher
used in SSL, WEP
generates pseudo-random keystream to encrypt message; vulnerable if keystream not random |
|
|
Term
What are the characteristics of asymmetric encryption algorithms?
(How does it compare to symmetric?) |
|
Definition
Uses different keys for encrypting and decrypting - public key & private key.
Keys are generated mathematically using the Diffie-Hellman (DH) algorithm.
Slower than symmetric algorithms. |
|
|
Term
What are the characteristics of RSA?
Where is it typically used in IPSec? |
|
Definition
Rivest, Shamir, Adelman
asymmetric encryption
variable key length: usually 1024 bits (range 512-2048)
Used for encryption & digital signatures in IPSec |
|
|
Term
| What is the purpose of hashing? |
|
Definition
Data integrity assurance - ensure data is not tampered/modified.
One way mathematical function - easy to compute; hard to reverse. |
|
|
Term
What are the characteristics of MD5 algorithm?
(pros, input/output) |
|
Definition
Takes variable length clear-text data to produce a 128-bit message digest.
Collision resistant (unlikey to get same hash with different data) |
|
|
Term
What are the characteristics of SHA-1 algorithm?
(input/output)
How does it compare to MD5? |
|
Definition
Takes message smaller than 2^64 bits and produces 160-bit message digest.
Slower than MD5, but more secure. |
|
|
Term
What are the characteristics of HMAC?
What vulnerability does it resolve? |
|
Definition
Hash Message Authentication Code
Adds shared secret known only to peers into hashing algorithm.
Resolves man-in-the-middle attack which intercepts packets and sends new packet calculated with same hashing algorithm. |
|
|
Term
| What is the purpose of protocol filtering? |
|
Definition
| Limit broadcast and multicast for protocols on ports for flood control |
|
|
Term
How is protocol filtering set up?
What are the port states and how do they behave? |
|
Definition
1. Define protocol groups
2. Associate protocol groups with ports
3. Ports set to on/off/auto
On: Only b/mcast for protocols in group is allowed on specified ports.
Auto: port becomes member after host sends packets of protocol in group |
|
|
Term
| What are the characteristics of PGP? |
|
Definition
Pretty Good Privacy
Software package that provides crypto routines for email & file storage.
Includes hashing, encryption, compression, symmetric cryptography, public key/digital signatures |
|
|
Term
| How does IPv6 enforce security? |
|
Definition
| Mandates IPSec implementation. |
|
|
Term
| What are the phases of the ISO 27001 standard? |
|
Definition
1. Pre-audit
2. Certification audit
3. Post-audit (which returns the following results:)
a. Observation
b. Minor noncompliance
c. Major noncompliance
|
|
|
Term
What is the "Common Criteria"?
What does it mean for users, vendors, and testing labs? |
|
Definition
ISO/IEC 15408
Standard/framework providing security assurance
- users specify security functional/assurance requirements
- vendors implement/make claims about product security attributes
- testing labs evaluate the products to determine if they meet claims |
|
|
Term
| What is the "Chain of Evidence" model in Security Forensics? |
|
Definition
Methodology for evidnce collection across an intranet based on a model consisting of linked audit logs.
Plan event configuration such that audit logs provide complementary information.
(Quality of evidence also covered) |
|
|
Term
| In QoS, what is the purpose of preclassification? |
|
Definition
| Process of classifying packets/features before encryption and tunneling can take place. |
|
|
Term
| What are the two modes of FTP operation? |
|
Definition
PORT (active) - Client opens random port >1023, sends it to server, and waits for connection. Server initiates data connection with source port 20
PASV (passive) - Client opens random port and send it to server on port 21. Server opens random port >1023 and sends to client's port. Client initiates both control and data connection. |
|
|
