Chapter 10

Chapter 10

1
Episode 10.01
Episode Making TCP/IP Secure
title:
Objective: 4.1 Explain common security concepts

2
Key Terms
• Encryption
• Non-repudiation
• Availability
• Authorization and authentication

3
• Security can be broken into three areas:
confidentiality, integrity, and availability
• Confidentiality can be addressed through
encryption
• Confidentiality and integrity must be
balanced with availability

4
Episode 10.02
Episode Symmetric Encryption
title:
Objective: No exam-specific objective

5
Key Terms
• Ilovemikemeyersnetworkplus
• Caesar Cypher
• Algorithms
• Cleartext
• Key
• Cyphertext
• Symmetric Encryption

6
• Cleartext is any unencrypted data
• Algorithms use keys to encrypt cleartext into
cyphertext
• An algorithm that uses the same key to
encrypt and decrypt is symmetric encryption

7
Episode 10.03
Episode Asymmetric Encryption
title:
Objective: No exam-specific objective

8
Key Terms
• Asymmetric encryption
• Public key
• Private key
• Public keys only encrypt
• Private keys only decrypt
• A private key and its associated public key
is a key pair

9
Key Terms
• Public keys are distributed so others can
send you encrypted data
• Key exchange

10
• Asymmetric encryption uses a public and a
private key
• Public keys encrypt, private keys decrypt
• For two people to communicate, they must
exchange public keys

11
Episode 10.04
Episode Cryptographic Hashes
title:
Objective: No exam-specific objective

12
Key Terms
• Hash
• A hash algorithm creates a fixed-size hash
value
• Hashes are used to verify data integrity
• MD5 and SHA-1

13
• Hashes are used for verifying data, not for
encryption
• Hash values are always fixed in size
• Two common hashes are MD5 and SHA-1

14
Episode 10.05
Episode Identification
title:
Objective: 4.1 Explain common security concepts

15
Key Terms
• Identification
• Authentication
• Authorization

16
 Multifactor
Authentication (MFA)

• Using more than one

factor of
authentication
• Factors
- Something you know
- Something you have
- Something you are

17
 Authentication
Attributes
• Something you do
• Something you
exhibit
• Someone you know
• Somewhere you are

18
• Identification is claiming an identity
• Authentication is proving that identity
• Authorization is permitting specific actions
once a user has been authenticated
• Authentication factors include something
you know, have, or are
• Authentication attributes include something
you do, exhibit, know, or somewhere you
are

19
Episode 10.06
Episode Access Control
title:
Objective: 4.3 Given a scenario, apply network hardening
techniques

20
Key Terms
• Mandatory access control (MAC)
• Discretionary access control (DAC)
• Role-based access control (RBAC)
• Users -> groups -> rights and permissions

21
• Mandatory access control (MAC) uses
labels
• Discretionary access control (DAC) gives
the creators control over permissions
• Role-based access control (RBAC) uses
groups

22
Episode 10.07
Episode AAA
title:
Objective: 4.1 Explain common security concepts

23
Key Terms
• RADIUS Server
• RADIUS Client
• RADIUS Supplicant
• RADIUS Database
• RADIUS uses UDP ports 1812-1813 or UDP
ports 1645-1646
• RADIUS provides AAA—authentication,
authorization, and accounting

24
Key Terms
• TACACS+
• TACACS+ uses TCP port 49

25
• A RADIUS client is an intermediary agent
between a RADIUS supplicant and a
RADIUS server
• A RADIUS database of authenticated users
and passwords may reside outside the
RADIUS server
• RADIUS uses UDP ports 1812-1813 or UDP
ports 1645-1646, and TACACS+ uses TCP
port 49

26
Episode 10.08
Episode Kerberos/EAP
title:
Objective: 4.1 Explain common security concepts

27
Key Terms
• Kerberos
• Key Distribution Center
• Authentication Server
• Ticket Granting Service
• Ticket Granting Ticket (TGT)
• Time stamps are important in Kerberos
• Kerberos is a Microsoft proprietary technology

28
Key Terms
• Extensible Authentication Protocol (EAP)
• EAP pre-shared key (EAP PSK)
• Protected Extensible Authentication
Protocol (PEAP)
• EAP MD5
• EAP TLS
• EAP TTLS

29
• Kerberos handles authentication and
authorization for wired networks
• Kerberos relies heavily on time stamps
• EAP enables flexible authentication

30
Episode 10.09
Episode Single Sign-on
title:
Objective: 4.1 Explain common security concepts

31
Key Terms
• LAN uses Windows Active Directory
• Federated systems
• Security Assertion Markup Language
(SAML)
• Service provider (SP)

32
• For local area networks, use Windows
Active Directory for single sign-on
• SAML is used to manage multiple apps
using a single account
• SSOcircle provides a variety of service
provider (SP) samples

33
Episode 10.10
Episode Certificates and Trust
title:
Objective: 5.5 Given a scenario, troubleshoot general
networking issues

34
Key Terms
• Public/private key pair
• Key exchange
• Either key in a private and public pair can
be the public key
• Digital certificates
• Generate your own certificates
• Unsigned certificate

35
Key Terms
• Web of trust
• Web of trust requires lots of maintenance
• Public key infrastructure (PKI)

36
• Certificates include a public key and at least
one digital signature
• Web of trust uses a web of mutually trusting
peers
• Public key infrastructure uses a hierarchical
structure with root servers

37
Episode 10.11
Episode Certificate Error Scenarios
title:
Objective: 5.5 Given a scenario, troubleshoot general
networking issues

38
Key Terms
• No Key Terms for this Episode

39
• A self-signed certificate can throw a 443 error,
as the certificate has not been issued by a
certificate authority
• An expired certificate can be viewed, then fixed
either by getting a new certificate from its issuer
or accepting the certificate in its current state
• The setting to query OCSP to confirm the
current validity of certificates is a good security
setting

40