Please enable JavaScript.
Coggle requires JavaScript to display documents.
(CAP 12) Secure communications and network attacks (13 - Prevent or…
(CAP 12) Secure communications and network attacks
1 - network and protocol security mechanisms
secure communications protocols
IPsec (mainly for VPN, crypto, access control, nonrepudiation,message auth)
Kerberos (SSO solution)
SSH
Signal protocol (crypto protocol for voice communications)
Secure remote procedure call
SSL (superseded by TLS)
TLS
authentication protocols
CHAP (user and password encrypted)
PAP (user and pw in cleartext)
EAP
2 - secure voice communications
voip (caller id falsification, vishing,os attack to phone systems,MitM)
social engineering (gaining trust of someone inside the organization - can be defeated with proof of identity,callback,info classification,etc)
fraud and abuse (pbx systems can be abused by phreakers. Countermeasures: DISA, etc)
3 - multimedia collaboration
4 - manage email security
email security goals (non repudiation, integrity, source authentication)
understand email security issues (emails not encrypted by default, spoofing, in transit modification, mail bombing)
email security solutions
SMIME (authentication + confidentiality)
PEM (ecryption mechanism that provides authentication, integrity, confidentiality, non repudiation)
PGP (public key encrypt)
SPF (Sender Policy Framework - check that inbound messages originate from an authorized host)
5 - remote access security management (importance of auth, restricted access, encryption)
centralized remote authentication
RADIUS
TACACS+
6 - VPN (communication tunnel providing point-to-point transmission of both auth and data traffic on a untrusted network)
tunnelling (encapsulating packets in packets of another protocol - overhead, more bandwidth)
common VPN protocols
PPTP
L2F
L2TP
IPsec (most used, two components AH + ESP)
VLAN (switch defined network segmentation)
7- virtualization
advantages: scalability, availability, increased security
VM escaping
8 - Network Address Translation (map private ip address to public ip)
private ip addresses (10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255)
Automatic Private IP Addressing (windows assign from 169.254.0.1 to 169.254.255.254 if dhcp is not working)
9 - switching technologies
circuit switching (not used anymore, physical pathway)
packet switching (each segment has source destination info)
virtual circuits (logical pathway in a packet sitchign network)
10 - WAN technologies
11 -Miscellaneous security control characteristics
12 - Security boundaries (intersection between 2 areas with different security requirements)
13 - Prevent or mitigate network attacks
DoS and DDos (exploting hw/sw vulnerability or flooding)
Eavesdropping (usually requires physical access to the infrastructure)
Impersonation/Masquerading (pretending to be someonelse to gain unauthorized access to a system)
Replay attacks
Modification attacks
ARP spoofing (providing false mac address for requested IP)
DNS
DNS poisoning (alter name -ip mapping)
DNS spoofing (sending false DNS replies)
Hiperlink spoofing (hyperlink URL alteration)