Security+ Lesson 5
Terms and defs from CompTIA's Security+ manual.
Terms
undefined, object
copy deck
- Multiple Security Associations
- Each computer can have multiple phase 1 and phase 2 SAs with different partners
- 802.11e
- Draft wireless standard for home and business implementations
- Terminal Access Controller Access Control (TACACS)
- Provides centralized authentication and authorization services for remote users
- Site Surveys (Wireless Devices Vulnerability)
- Unauthorized surveys or survey data can be a security risk
- Terminal Access Controller Access Control Plus (TACACS)
- Originally developed by Cisco; see RFC 1492
- Terminal Access Controller Access Control Plus (TACACS+)
- Utilized TCP not UDP; supports multiple protocols
- Wireless Application Protocol (WAP) Developers
- Ericcson, Motorola, and Nokia (not inclusive)
- PPTP (Point to Point Tunneling Protocol)
- Most widely supported VPN method among older Windows clients
- Wireless Application Protocol (WAP)
- Desplays wireless data on small screens in a web-like interface
- Wireless Application Protocol (WAP) Layer 2
- Wireless Session Protocol
- Remote Dial-in User Authentication Service (RADIUS)
- Information is contained in RFCs 2865-2869, 2882, and 3162
- Buffer Overflows (Wireless Devices Vulnerability)
- May cause device operating systems to crash or reboot, loss of data, or execution of rogue code
- Institute of Electrical and Electronics Engineers (IEEE)
- Organization dedicated to advancing theory and technology in the electrical sciences
- PPTP (Point to Point Tunneling Protocol)
- Encapsulates any type of network protocol and transports it over IP networks
- Applets (Internet Browser Vulnerability)
- Signed can be granted more system privileges; do not accept signatures from unknown sources
- IPSec Policy Rules
- Each one has five components
- Wired Equivalent Privacy (WEP)
- Uses 802.11a and 802.11b protocols
- 802.11i
- Sometimes referred to as WPA2
- IP Security Policies Node
- Used in Group Policy or Local Security Policy to manage IPSec policies
- Wireless Application Protocol (WAP)
- Transmits data wirelessly over very long distances
- Wireless Transfer Layer Security (WTLS)
- Can expose wireless devices to attacks such as email forgery and cleartext data sniffing if improperly configured
- Remote Dial-in User Authentication Service (RADIUS)
- Centralized configuration is generically known as the Network Access Server (NAS)
- Internet Protocol Security (IPSec)
- Uses sequence numbers to protect data integrity; captured packets can't be replayed later
- Hash Method Authentication Codes (HMACs)
- MD5 or SHA-1 message digests created by IPSec
- Lack of Authentication (Wireless Devices Vulnerability)
- Creates the perfect opportunity for wardriving
- 802.11
- Transfer rates: 2Mbps; Freak: 2.4GHz band
- Client (IPSec Default Policies)
- Lowest level of security is the Client (Respond Only); client negotiates security the server requests it
- IPSec Policy Agent
- Checks the Registry for local IPSec Policy if not a domain member
- 802.11b
- Most common and least expensive protocol (of the 802.11x
- L2TP (Layer Two Tunneling Protocol)
- Employs IPSec Transport Mode for authenticity, integrity, and confidentiality
- Tunneling
- Enables data from one network type to travel through another network type
- Internet Protocol Security (IPSec)
- Provides verification that a computer sending information is the computer it purports to be
- Authentication Header (AH) (IPSec Transport Protocol)
- Consists of Security Parameters Index (SPI), packet number sequence, and hash data
- Internet Protocol Security (IPSec)
- Open, non-proprietary standards
- Authentication Header (AH) (IPSec Transport Protocol)
- Inserted behind the original IP header, but ahead of the TCP or UDP header
- 802.11b
- Transfer rates: 11Mbps; Freak: 2.4GHz
- IPSec Driver
- Watches packets being sent and received to determine if they need to be signed and encrypted based on policy
- Security Association (SAs)
- Lifetimes can be configured for longer or shorter durations
- Wireless Application Protocol (WAP)
- Transmits web pages, email, and news group postings to and from wireless devices
- Site Surveys (Wireless Devices Vulnerability)
- Identifies any sources of interference and establishes characteristics of the coverage area
- ToneLoc and Phonesweep
- Examples of Wardialers
- Default Public Branch Exchange (PBX) (Telecommunications Vulnerabilities)
- Some systems ship with default user name and passwords for administrative purposes
- Internet Explorer Enhanced Security Configuration (Internet Explorer Security)
- Restricts access to some websites and some types of content without explicit user authorization
- Data Stored in Plaintext (Wireless Device Vulnerability)
- Records can be specified as Private but are easily accessed by OS familiar crackers
- 802.1x
- Uses Extensible Authentication Protocol (EAP) to provide user authentication against a directory service
- Viruses (Wireless Devices Vulnerability)
- Viruses and Trojans exist and can cause trouble for devices
- L2TP UDP or TCP
- UDP
- IP Security Policies
- Manages configuration and assignment of IPSec policies on local or remote computers; snap in add to MMC
- Wi-Fi Protected Access (WPA)
- Utilizes a 128-bit key
- IPSec Policy Agent
- Checks for information at system startup and at regular, configurable intervals
- IPSec Security Monitor
- Used to monitor status of IPSec on the local system
- PPTP UDP or TCP
- TCP
- IPSec Policy Agent
- Service that runs on each Windows computer
- Wireless Application Protocol (WAP) Standard
- Maintained by the Open Mobile Alliance (OMA)
- "Cookie Snarfing" (Internet Browser Vulnerability)
- Cookies stolen during transmission and replayed at a later time
- Internet Protocol Security (IPSec)
- Protects moving data; not data at rest
- Institute of Electrical and Electronics Engineers (IEEE) Standards Wing
- Issues standards such as electronic communications, computer engineering, electromagnetics, and nuclear science
- RFCs 2865-2869, 2882, and 3162
- Contain information in RADIUS
- Security Associations (SAs)
- Negotiated relationship between two computers using IPSec
- ActiveX (Internet Browser Vulnerability)
- Can be embedded in a web page, allowing scripts to be downloaded and executed on unsecured computers
- VPN Protocols
- Required to provide the VPN tunneling, security, and data encryption
- IPSec Security Driver
- IPSec driver name in Windows XP Professional
- Wireless Application Protocol (WAP) Layer 1
- Wireless Application Enironment
- L2TP (Layer Two Tunneling Protocol)
- Appears as IP packets
- Tunneling
- Provides additional security by hiding passenger data from the carrier network
- Virtual Private Network (VPN)
- Provide secure connections between endpoints (routers, clients, or servers)
- Security Zones (Internet Explorer Security)
- Four levels based on four zones
- Wired Equivalent Privacy (WEP)
- Can be attacked by a utility such as Air Snort, attackers can generate their own keys with as little as 10MB of transferred data
- Internet Protocol Security (IPSec)
- Industry Standard; implemented differently in various operating systems (one may not be able to talk to another)
- 802.11a
- Limited range of only 60 feet
- Wireless Application Protocol (WAP) Layer 3
- Wireless Transport Protocol
- Cookies (Internet Browser Vulnerability)
- Can provide private user data or unauthorized access to websites
- Encapsulating Security Payload (ESP)
- Encrypts only the payload and not headers in IPSec's transport mode
- PPTP (Point to Point Tunneling Protocol)
- Uses Microsoft Point to Point Encryption (MMPE) for data encryption
- Wired Equivalent Privacy (WEP)
- Provides 64-bit, 128-bit, and 256-bit ecryption using RC4
- Terminal Controller Access Control Plus (TACACS+)
- Supports multifactor authentication; more secure and scalable than RADIUS
- Internet Protocol Security (IPSec)
- Provides data encryption mechanisms to allow you to encrypt data as it travels across the network; protects against eavesdropping and sniffing
- Security Zones (Internet Explorer Security)
- Internet Explorer Administration Kit (IEAK) or Group Policy can be used to set this
- 802.11b
- Backwards compatible with 802.11; will not work with 802.11a
- PPTP Flaws
- Susceptible to a number of attacks, including a dictionary attack against its LAN Manager (LM) password authentication mechanism
- Security Zones (Internet Explorer Security)
- Located on the Security page of the Internet Options dialog box
- Wi-Fi Protected Access (WPA)
- Provides for dynamic key reassignment to prevent the vulnerabilities of WEP key-attack
- L2TP (Layer Two Tunneling Protocol)
- Internet standard protocol for tunneling across a variety of network protocols
- Wireless Application Protocol (WAP) Layer 4
- Wireless Transport Layer Security (WTLS)
- Internet Protocol Security (IPSec)
- Can be used to secure data as it travels across the network or the Internet
- Internet Explorer Enhanced Security Configuration (Internet Explorer Security)
- Automatically installed with Windows Server 2003 SP1 and Windows XP SP2
- IPSec Security Monitor Quick Mode
- Displays IPSec statistics
- Physical System Access (Telecommunication Vulnerabilities)
- Access to system or modem banks can be used to hijack phone lines, disrupt services, or damage equipment
- Encapsulating Security Payload (ESP)
- Provides data integrity and confidentiality using either DES or 3DES
- Internet Explorer Enhanced Security Configuration (Internet Explorer Security)
- Use Add or Remove Programs tool in Control Panel to add or remove this component
- Internet Protocol Security (IPSec)
- Encrypts message data with DES or 3DES; provides confidentiality
- Applets (Internet Browser Vulnerability)
- Can be signed or unsigned
- Physical System Access (Telecommunication Vulnerabilities)
- Attacker might be able to plug an unauthorized handset into an open jack, enter a phone move code, and have an active phone line available
- IPSec Driver
- Implements the policy assigned to the system
- Encapsulating Security Payload (ESP) Trailer
- After payload, contains mostly padding (required by the ESP packet format)
- Advanced Settings (Internet Explorer Security)
- Controls a variety of browser behaviors such as which types of applets can run and whether the system checks for digital signatures
- Default Public Branch Exchange (PBX) (Telecommunications Vulnerabilities)
- Can be used to access private information for future attacks, including social engineering attacks
- 802.11i
- Relies on 802.1x as the authentication method
- 802.11i
- Adds AES block cipher security to 802.11
- Site Surveys (Wireless Devices Vulnerability)
- Analysis technique that determines coverage area of a wireless network
- 802.11i
- Complete wireless standard
- 802.11g
- Compatible with and may replace 802.11b due to faster speed
- 802.11x
- 802.11 is known collectively as this
- Telnet (Telecommunication Vulnerabilities)
- Unix-based Public Branch Exchange (PBX) might be exploited by a connection established through this service
- Remote Dial-In User Authentication Service (RADIUS)
- Internet standard protocol; provides centralized remote-access authentication, authorization, and auditing services
- IPSec Policy Agent
- Starts when the system starts and checks Active Directory for IPSec on domain members
- IPSec Driver
- Responsible for managing outbound and inbound services using various IPSec components
- Encapsulating Security Payload (ESP)
- Uses MD5 or SHA to hash an IP packet's header and payload; includes the hash at the end of the packet
- Spyware (Internet Browser Vulnerability)
- Relays private information to advertisers; can be used for a later attack
- Wireless Transfer Layer Security (WTLS)
- Security layer of Wireless Application Protocol (WAP)
- 802.11e
- Adds Quality of Service (QoS) features
- Wi-Fi Protected Access (WPA)
- Security protocol introduced to shortcomings in the WEP protocol
- Microsoft Point to Point Encryption (MMPE)
- Used by PPTP for data encryption
- IPSec Policy Agent
- Displayed as the IPSec Services Service
- Remote Dial-In User Authentication Service (RADIUS)
- Implemented as the Internet Authentication Server (IAS) component of Routing and Remote Access (RRAS)
- Encapsulating Security Payload (ESP) Authentication Data
- After payload, contains hash for verifying data integrity
- Filter Action (IPSec Policy Rule Component)
- Specifies how the system should respond to a packet that matches a particular filter; system can permit the communication or request or require security
- Applets (Internet Browser Vulnerability)
- Unsigned are typically restricted to operating within a limited set of memory and processor resources
- Telnet (Telecommunication Vulnerabilities)
- Attacker might dial directly into the Public Branch Exchange (PBX) and mount a takeover attack or exploit a known flaw or system backdoor
- SLL on WAP (Wireless Devices Vulnerability)
- Many WAP gateways have SSL vulnerabilities; may not check validity of SSL certificates
- 802.1x
- IEEE standard used to provide a port-based authentication mechanism for 802.11a and 802.11b
- Recreational Software Advisory Council (RSAC)
- Rates websites based on their content based on Language, Nudity, Sex, and Violence
- Server (IPSec Default Policies)
- Middle level of security is Server(Request Security); server requests a secure session if supported, but will accept an open session
- Buffer Overflows
- RADIUS and TACACS+ are subject to these kinds of attacks
- Security Parameters Index (SPI)
- Helps computer keep track of the computers it's communicating with
- 802.11g
- Transfer rates: 54Mbps; Freak: 2.4GHz
- Security Zones (Internet Explorer Security)
- Local Intranet, Trusted Sites, Restricted Sites, and Internet are its settings
- Voice over IP (VoIP) (Telecommunication Vulnerabilities)
- Networking systems configured to carry this traffic can be disrupted during an attack on any of the network's infrastructure vulnerabilities
- Internet Protocol Security (IPSec)
- Creates message digests called hash method authentication codes (HMACs)
- Encapsulating Security Payload (ESP)
- Header contains packet sequence number and SPI; inserted behind the IP and AH header, but before the payload
- Internet Key Exchange (IKE)
- Master key is never exchanged between IPSec computers
- IPSec Policy
- Determines the security level adn other characteristics for an IPSec connection
- Sniffing/Eavesdropping
- Remote access data transferred across a telephone system or the Internet is subject to these forms of attack
- Wardialers (Telecommunications Vulnerabilities)
- Dials every available phone number in an organization in order to access unsecured modems, fax machines, and voicemail systems
- SSL on WAP (Wireless Devices Vulnerability)
- May allow rogue sites to capture personal and financial information without user knowledge
- Pop-up Blocker (Internet Explorer Security)
- Automatically installed with Windows Server 2003 SP1 and Windows XP SP2; prevents websites from displaying pop-up windows without user authorization
- 802.11
- Original IEEE wireless working group and standard
- 802.11
- Wireless LAN communication standard developed by the IEEE
- Security Associations (SAs)
- Occurs in two phases
- PPTP (Point to Point Tunneling Protocol)
- Microsoft VPN protocol; provides tunneling and data encryption
- JavaScript (Internet Browser Vulnerability)
- Flaws can be exploited to run malicious code or gain access to target's file system
- Content Advisor (Internet Explore Security)
- Can turn off the AutoComplete feature to keep user name and private information from being automatically entered
- Internet Key Exchange (IKE)
- Protocol used by IPSec to create a master encryption key; used to generate bulk encryption keys
- IPSec Policy Agent
- Transfers IPSec policy information to the IPSec driver
- Authentication Header (AH) (IPSec Transport Protocol)
- Provides data integrity through the use of MD5 and SHA
- Security Associations (SAs) Phase 1
- Bi-directional
- IPSec Security Monitor Main Mode
- Displays IKE statistics
- Tunneling
- Data-transport technique; data packet from one protocol is transferred across a network inside the frame or packet of another protocol
- Content Advisor (Internet Explore Security)
- Can restrict specific sites, regardless of their content and can use an administrative password to view
- ISAKMP
- Port: 500
- Internet Key Exchange (IKE)
- IPSec computers agree on a prime number and a public key
- 802.11e
- Supports and is compatible with 802.11a and 80211.b
- Advanced Settings (Internet Explorer Security)
- Security related settings; located on the Advanced page of the Internet Options dialog Box
- 802.11b
- Range up to 1000 feet open area and 200-400 feet enclosed
- 802.11a
- Transfer rates: 54Mbps; Freak: 5GHz band
- IPSec Policy
- Work in pairs, each endpoint must have an IPSec policy with at least one matching security method for the communication to succeed
- Internet Protocol Security (IPSec)
- Can prevent man in the middle and spoofing attacks
- Authentication Header (AH) (IPSec Transport Protocol)
- Hashes the IP header and data payload and adds its own header
- Wireless Application Protocol (WAP) Layer 5
- Wireless Datagram Protocol
- Remote Dial-In User Authentication Service (RADIUS) Server
- User configuration, remote access policies, and usage logging can be centralized here
- Connection Type (IPSec Policy Rule Component)
- Determines if the rule applies to local network connections, remote access connections or both
- Autocomplete Feature (Internet Browser Vulnerability)
- Can provied user names, passwords, and other sensitive information
- Default Public Branch Exchange (PBX) (Telecommunications Vulnerabilities)
- Wardialer can detect type; manufacturer's default can be used to exploit the system
- Applets (Internet Browser Vulnerability)
- Digital signature provides verification about the source of the programming code
- Wireless Transfer Layer Security (WTLS)
- Uses public key cryptology for mutual authentication
- IPSec Management Tools
- IPSec can be managed with MMC snap ins on Windows systems
- IP Filter (IPSec Policy Rule Component)
- Describes the protocol, port, and source or destination computer the rule applies to
- Internet Key Exchange (IKE)
- Newer term for Internet Security Association and Key Management Protocol and Oakley key generating protocol (ISAKMP/Oakley)
- Internet Protocol Security (IPSec)
- Uses an array of protocols and services to provide data authenticity and integrity, anti-replay protection, non-repudiation, and protection against eavesdropping/sniffing
- Internet Key Exchange (IKE)
- Master key is always secure because no other computer can access the original private keys used to create the master
- Internet Key Exchange (IKE)
- Matching master keys are computed using Diffie-Helman algorithm
- Lack of Authentication (Wireless Devices Vulnerability)
- Wireless Access Points (WAPs) will accept communications from just about any device by default
- Wi-Fi Protected Access (WPA)
- Uses 802.1x as authentication and RC4 for data encryption
- Improperly Configured Remote Access Security
- Improper configuration could lead to brute force attacks against a dial-in server
- Internet Explorer Enhanced Security Configuration (Internet Explorer Security)
- Automatically configures security settings, including adjusting security zone settings and configuring a number of advanced security settings
- PPTP
- Port: 1723
- Remote Dial-in User Authentication Service (RADIUS) Client
- Passes all authentication requests to the server for verification
- Data Stored in Plaintext (Wireless Device Vulnerability)
- User stored personal and confidential information (contact lists,etc) are not stored in encrypted format
- 802.11i
- Supercedes both WEP and WPA
- IPSec Policy
- "client" and "server" refer to which node initiates the session
- Wireless Markup Language (WML)
- WAP utilizes this rather than native HTML
- Privacy Page (Internet Options Dialog Box)
- Configures how cookies are handled for sites in the Internet zone
- Authentication Header (AH) (IPSec Transport Protocol)
- If the values don't match, the packet is dropped
- IPSec Security Monitor
- Views data on SA negotiations, IPSec driver workload, key generation, and data transferred using IPSEC
- 802.11a
- Approved for fast, secure; relatively expensive
- IPSec Policy
- Set of security configuration settings defining how a system will respond to IP network traffic
- Security Association (SAs) Phase 1
- Allows 2 computers to exchange data using multiple Phase 2 SAs using a single one of these
- ISAKMP UDP or TCP
- UDP
- L2TP
- Port: 1701
- Virtual Private Network (VPN)
- Uses tunneling to encapsulate and encrypt data
- Security Associations (SAs) Phase 2
- Used for the actual transmission of data
- Secure Server (IPSec Default Policies)
- Highest level of security is Secure Server(Require Security); session fails if the client cannot negotiate security with the server
- Virtual Private Network (VPN)
- Private network configured by tunneling through a public network
- Content Advisor (Internet Explorer Security)
- Restricts Access to websites based on their content
- Tunnel Setting (IPSec Policy Rule Component)
- Enables the computers to encapsulate data in a tunnel inside the transport network
- Authentication Method (IPSec Policy Rule Component)
- Enables the computers to establish a trust relationship; methods include Kerberos, digital certificates, or a preshared key configured as part of a rule
- DHCP for Remote Access Clients
- If a remote access server that assigns IP addresses is connected to, an attacker can get valid IP addresses and have run of the network
- Security Association (SAs) Phase 1
- Last for 1 hour by default
- Security Associations (SAs) Phase 1
- Computers negotiate how communication takes place, agree on authentication, encryption, and master key generation.
- 802.11b
- Called Wi-Fi (Wireless Fidelity)
- Security Associations (SAs) Phase 2
- Produces two one way on each computer: one inbound and one outbound