transport encryption cont, cryptographic attacks, and TCP/IP, Ports

Domain Keys Identified Mail (DKIM)

provides email authentication by allowing mail servers to digitally sign legitimate outbound email messages

Tor protocol

facilitates anonymous internet. The onion router (Tor) is a software package that uses encryption and relays nodes to facilitate anonymous internet access

• anonymity achieved with Perfect Forward Secrecy- hides nodes’ identity from each other

blockchain

distributed, immutable ledger

When you communicate over the Tor network, which of the following entities do you communicate with directly?

entry node

Renee is configuring her organization's email servers and would like to communicate security policies to other email servers about how they should handle email from her domain. Which protocol would best meet her needs?

DMARC

secure copy protocol (SCP)

port 22

Cindy would like to transfer files between two systems over a network. Which one of the following protocols performs this action over a secure, encrypted connection?

What IPsec protocol provides confidentiality protection for the content of packets?

encapsulating security payload ESP

keyspace

the set of all possible encryption keys usable with an algorithm

frequency analysis attack

detects patterns in ciphertext

known plaintext attack

attacker has access to an unencrypted message

chosen plaintext attack

attacker can create an encrypted message of their choice

birthday attack

attacker finds two inputs with the same hash values

Transmission Control Protocol/Internet Protocol (TCP/IP)

TCP- connection oriented protocol, and guarantees delivery through acknowledgement. Widely used for critical applications

IP- routes information across networks, provides an addresing scheme, and delivers packets from source to destination, serves as a network control protocol

TCP Flags (three way handshake)

• SYN- opens a connection

• FIN- closes a connection

• ACK- acknowledges a SYN or FIN

User Datagram Protocol (UDP)

• lightweight, connectionless protocol

• doesn’t send acknowledgments or guarantee delivery

• often used for voice and video applications

Open Systems Interconnect (OSI) Model

1. physical layer- wires, radios, and optics

2. data link layer- data transfers between two nodes

3. Network layer- internet protocol (IP)

4. Transport layer- TCP and UDP

5. session layer- exchanges between systems

6. presentation layer- data translation and encryption

7. application layer- user programs

IP address

uniquely identifies systems. Uses dotted quad notation (4 numbers separated by periods

first part is network address, second part is host address

IPv6

• replaces IPv4 due to address exhaustion

• uses 128 bits (compared to 32 for IPv4)

• consists of eight groups of four hexadecimal numbers

Static IPs

manually assigned to systems by an administrator. They must be unique and within appropriate range for the network

DHCP

allows automatic assignment of IP addresses from an admin-configured pool

Domain Name Service (DNS)

• functions over UDP port 53

• translates IP addresses into domain names

dig command

is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the queried name server(s).

DNSSEC

adds digital signature to DNS

port ranges

• 0-1023- well known ports

• 1024-49,151- registered ports

• 49,152- 65,535- dynamic ports

port 21

File Transfer Protocol (FTP)

Port 22

Secure Shell (SSH)

Port 3389

remote desktop protocol (RDP)

Port 137, 138, and 139

NetBIOS

Port 53

DNS

Port 25

Simple Mail Transfer Protocol (SMTP)

Port 110

Post office Protocol (POP)

Port 143

Internet Message Access Protocol (IMAP)

Port 80 (insecure), 443 (secure)

HTTP/HTTPS