Misc Concepts in Network Security

Description

Net SEC Flashcards on Misc Concepts in Network Security, created by Moh.enab on 10/05/2013.
Moh.enab
Flashcards by Moh.enab, updated more than 1 year ago
Moh.enab
Created by Moh.enab over 11 years ago
55
1

Resource summary

Question Answer
Freshness assurance to a principal that a message has not been used previously and originated within an acceptably recent timeframe
Liveness an assurance that a principal sent a particular message within an acceptably recent timeframe
ISO-7498-2 Security Services (5) Authentication (entity Auth. & Data origin Auth.) Access Control Confidentiality Integrity Non-Repudiation
ISO 7498-2 Confidentiality categorize Confidentiality as; Connection Confidentiality (all connections) Connection-less confidentiality (single session/packet) Selection Field Confidentiality (some fields encryption) Traffic Flow Confidentiality (Traffic type protection)
ISO-7498-2 Integrity (against active threats) Integrity with Recovery (detects violation & trying to recover) Integrity without Recovery (detects violation without trying to recover) Selective field Integrity (part of data has integrity) Connection-less Integrity (validation of SW download) Selective Field Connection-less (as above but selective)
ISO 7498-2 Non-Repudiation Non Repudiation of Origin (Denying Data Sent) Non Repudiation of Delivery (Denying date received)
Security Mechanisms (13) that implements the Security Services (5) Specific Security Services (8) Pervasive Security Services (5) [ support provision of other sec services]
Specific Security Mechanisms (8) Encipher Data Integrity Digital Signatures Access Control Authentication exchange Traffic Padding Routing Control Notarization (3rd party)
Pervasive Security Mechanisms Trusted Function Security Labels Event Detection Audit Trail Recovery
Layers vs. Servcies
ARP Translate Specific IP Address to MAC
ARP Spoofing Falsify IP (Send G-ARP to direct traffic to attacker PC) MAC Flooding (makes switch act like a hub by filling ARP Table, or DOS for the switch )
Defenses Against ARP Spoofing Static Translation between Port & MAC Prevent GARP to be sent limit the number of MAC at each port
WAN Security Measures Partition networks physically Partition networks logically Data Confidentiality & Encryption
ISO 7498-2 Network Management Security Management of Security Security of Management
SNMP at least 1X network management station & number of network elements they support; configuration management event logging accounting
SNMP Operations SET GET TRAP
SNMP Threat Possibility that one device might act with the authority of another device
SNMP Security Security services Authentication Service (Community name) Access Control (Defines Community access rights)
SNMP V3 Network managers should have UN & PSW for Authentication each SNMP entity has Identity Confidentiality
Fundamental Threats Data Leakage Integrity Violation DOS illegitimate use
Primary enabling Threats Masquerading (Entity claims itself another entity) Trojan Horse Trapdoor (software function hidden to pass security policy) Bypass Control Authorized violation (e.g. XSS)
OSI 7 layers Application, Presentation, Session, Transport, Network, Data link & Physical
Session layer function establishes session, control session parameters (half duplex, full duplex...), synch done at this layer
Presentation Layer Function Prepares the data to be ready for other layers and recipient Compression & Encryption is done here
Transport Layer responsible for moving the App from one PC to another, establishes virtual connection to specify which application to be used Guarantee messages revival
OSI Layering Advantages Allows protocol designers and implementers to divide up the problem and focus on solving one piece of the problem at a time.
Services vs. Protocols Service is provided by one layer to the other one above it Protocol is specifying how service is implemented
ISO 7498-2 Dealing specifically with the security of communications networks
ISO-7498-2 stages life cycle Define a security policy. Analyze the security threats according to the policy. Define the security services to meet threats. Define the security mechanisms to provide services. Provide on-going management of security.
Rules Describes how the system should work and configured, there are two types; identity based (based on the identity) & rule based (based on the configured rules)
Show full summary Hide full summary

Similar

Unit3: Biometrics
Moh.enab
Biometric System Modules
Moh.enab
Untitled
Moh.enab
Diffusion and osmosis
eimearkelly3
GCSE English Literature: Of Mice and Men
mia.rigby
Gender Theorists
Hazel Meades
Chemistry (C1)
Phobae-Cat Doobi
Physical Description
Mónica Rodríguez
Geography: Population
ameliaalice
F211- Module 1 Cells, exchange and transport
eilish.waite
The Tempest Key Themes
Joe Brown