Shared Flashcard Set

Details

CCIE Security 2
Network Security Overview
26
Engineering
Professional
11/15/2009

Additional Engineering Flashcards

 


 

Cards

Term
What is black hole filtering and how should it be secured?
Definition

Routing table set up so that filtered traffic are directed to null interface.

 

ICMP should be disabled so senders are not notified of filtered traffic.

 

Improved performance over ACLs (which is processed after routing is processed).

Term
What is the purpose of uRPF and how does it work?
Definition

Unicast Reverse Path Forwarding

 

Protection against IP Spoofing.

 

Checks source IP of incoming packet in FIB; drops if not associated with incoming interface.

Term
What are the prerequisites for uRPF and how is it configured?
Definition

CEF must be enabled

Assumes symmetric routing.

 

(interface) ip verify unicast reverse-path

Term
What are the characteristics of port security and what issue does it resolve?
Definition

Restricts MAC from connecting to port if not matching list or over a set limit on port

 

Can drop packet or shutdown port for limited time

 

Prevents MAC address floods on CAM table

Term
What are the three different types of ports for private vlans?
Definition

1. promiscuous - talks to all other pvlan (port to router/gateway)

 

2. isolated - talks only with promiscuous ports

 

3. community - talks to ports in own community and promiscuous ports

Term
What is the purpose of sticky ARP and where is it used?
Definition

ARP on private vlans not aged out or changed by usual automatic CAM updates.

 

MAC address changes need to be manually changed by admin.

Term

What are the characteristics of symmetric encryption algorithm?

 

What are the two techniques in symmetric encryption?

Definition

Same cryptographic key (shared secret) is used to encrypt and decrypt the message.

 

1. stream ciphers - encrypt the bits of the message one at a time

 

2. block ciphers - take a group of bits and encrypt them as a single unit.

Term
What are the characteristics of DES?
Definition

Data Encryption Standard

 

symmetric encryption algorithm

 

  block cipher with 64-bit blocks

 

fixed key length of 56 bits (+8 bit parity)

Term

What are the characteristics of 3DES?

 

What are its advantages to DES?

Definition

Triple Data Encryption Standard

 

symmetric; block cipher; 64-bit blocks

 

3x 56-bit keys: message encrypted with key1, then decrypted with key2, then encrypted with key3

=> effective 168 bit key

 

stronger than DES; field tested against brute force attacks

Term

What are the characteristics of AES?

 

What are its advantages to DES/3DES?

Definition

Advanced Encryption Standard

 

symmetric encryption; block cipher

 

variable block & key length of 128, 192, or 256 bits

 

faster to run than DES/3DES

Term
What are the characteristics of RC4?
Definition

symmetric encryption, stream cipher

 

used in SSL, WEP

 

generates pseudo-random keystream to encrypt message; vulnerable if keystream not random

Term

What are the characteristics of asymmetric encryption algorithms?

 

(How does it compare to symmetric?)

Definition

Uses different keys for encrypting and decrypting - public key & private key.

 

Keys are generated mathematically using the Diffie-Hellman (DH) algorithm.

 

Slower than symmetric algorithms.

Term

What are the characteristics of RSA?

 

Where is it typically used in IPSec?

Definition

Rivest, Shamir, Adelman

 

asymmetric encryption

 

variable key length: usually 1024 bits (range 512-2048)

 

Used for encryption & digital signatures in IPSec

Term
What is the purpose of hashing?
Definition

Data integrity assurance - ensure data is not tampered/modified.

 

One way mathematical function - easy to compute; hard to reverse.

Term

What are the characteristics of MD5 algorithm?

 

(pros, input/output)

Definition

Takes variable length clear-text data to produce a 128-bit message digest.

 

Collision resistant (unlikey to get same hash with different data)

Term

What are the characteristics of SHA-1 algorithm?

 

(input/output)

 

How does it compare to MD5?

Definition

Takes message smaller than 2^64 bits and produces 160-bit message digest.

 

Slower than MD5, but more secure.

Term

What are the characteristics of HMAC?

 

What vulnerability does it resolve?

Definition

Hash Message Authentication Code

 

Adds shared secret known only to peers into hashing algorithm.

 

Resolves man-in-the-middle attack which intercepts packets and sends new packet calculated with same hashing algorithm.

Term
What is the purpose of protocol filtering?
Definition
Limit broadcast and multicast for protocols on ports for flood control
Term

How is protocol filtering set up?

 

What are the port states and how do they behave?

Definition

1. Define protocol groups

2. Associate protocol groups with ports

3. Ports set to on/off/auto

 

On: Only b/mcast for protocols in group is allowed on specified ports.

Auto: port becomes member after host sends packets of protocol in group

Term
What are the characteristics of PGP?
Definition

Pretty Good Privacy

 

Software package that provides crypto routines for email & file storage.

 

Includes hashing, encryption, compression, symmetric cryptography, public key/digital signatures

Term
How does IPv6 enforce security?
Definition
Mandates IPSec implementation.
Term
What are the phases of the ISO 27001 standard?
Definition

1. Pre-audit

 

2. Certification audit

 

3. Post-audit (which returns the following results:)

    a. Observation

    b. Minor noncompliance

    c. Major noncompliance

 

Term

What is the "Common Criteria"?

 

What does it mean for users, vendors, and testing labs?

Definition

ISO/IEC 15408

Standard/framework providing security assurance

 

- users specify security functional/assurance requirements

- vendors implement/make claims about product security attributes

- testing labs evaluate the products to determine if they meet claims

Term
What is the "Chain of Evidence" model in Security Forensics?
Definition

Methodology for evidnce collection across an intranet based on a model consisting of linked audit logs.

 

Plan event configuration such that audit logs provide complementary information.

 

(Quality of evidence also covered)

Term
In QoS, what is the purpose of preclassification?
Definition
Process of classifying packets/features before encryption and tunneling can take place.
Term
What are the two modes of FTP operation?
Definition

PORT (active) - Client opens random port >1023, sends it to server, and waits for connection. Server initiates data connection with source port 20

 

PASV (passive) - Client opens random port and send it to server on port 21. Server opens random port >1023 and sends to client's port. Client initiates both control and data connection.

Supporting users have an ad free experience!