==> Note: the level of detail of the questions of p222-p240 is higher (i.e., less detailed) than elsewhere, due to the requirements of the class I was orignally taking with this book. ===== Chapter 4 - Access Control 107 - What is 'access?' A subject? An object? - What are access controls? (also 108) 108-109 - What are the three main security principles? - What is availability? - What is integrity? 110-111 - What is confidentiality? - Why should a company encrypt only critical data, as opposed to everything including the cafeteria menu? - What three steps need to happen to allow a subject to access an object (and describe each step)? - What are logical access controls? 112-113 - What are the three authentication factors? - How many authentication factors are used in strong authentication? - What is biometric? - What is it called when a biometric system rejects an authorized individual? Vice versa? - What is the CER, and how does it pertain to the accuracy of biometric authentication systems? (also 114) 114-115-116 - What are some barriers to the acceptance of biometric authentication? - What are the characteristics of these biometric authentication systems: > fingerprint (and what's the key term here?) > finger scan > palm scan > hand geometry > retina scan > iris scan > signature dynamics > keyboard dynamics > voiceprint > facial scan > hand topology 117 - Why are passwords considered a weak security method? - Why shouldn't automatic password generators just pump out a 20 character string of random characters? What's a good guideline for a password generator? - How should the password file on an authentication server be protected? - What's a dictionary attack? - What's the usefulness of displaying the date/time of a user's most recent login when they log in? - What's a clipping level? 118-119 - What is a password checker? - What is password aging? - What is a cognitive password? - What is a dynamic password? What other name is it known by? - What's a token device? - What are the two types of synchronous token authentication? 120-121 - What are the differences between synchronous and asynchronous token authentication? - What is a passphrase and what does the application transform it into? - What is the difference between a memory card and a smart card? 122-123 - What's the difference between authentication and authorization? 124-125 - What are some criteria used to define access? - From a security standpoint, what is the best default action for access? - What is the least-privilege principle? - What is 'need-to-know?' 126-127 - What is single sign-on and why is it so difficult to implement? (also 128) 128-129 - Describe the 'scripting' implementation of single sign-on. - What is Kerberos? What kind of cryptography and security does it use? - What is a Kerberos KDC? 130-131 - In Kerberos, what is a principal? - What is the purpose of a ticket in Kerberos? - What is a realm in Kerberos? - Give an example of the Kerberos authentication process. - In Kerberos, what's the difference between a secret key and a session key? - What is a Kerberos AS and TGS? - If a Kerberos implementation is configured to use an authenticator, what additional security measure is taken and what attack does it combat? 132-133 - What are some drawbacks to Kerberos? - What is SESAME and how is it different from Kerberos? - What is a PAC and PAS in SESAME? - How do thin clients enforce access control? - What is a network directory service? 134-135 - What are LDAP, NDS, and Active Directory? - What is an access control model? What are the three main types? - How does DAC restrict access to data? 136-137 - How does MAC restrict access to data, and what system is it based on? - How does RBAC restrict access to data, and what other name is it known by? 138-139 - Which model is best suited for companies with high employee turnover? - What are role-based, task-based, and lattice-based access? 140-141 - What is rules-based access control? - What is a constrained user interface, and how is a database view related to it? - What is an access control matrix, and what model is it usually found in? - What is a capability table, and how is it different from an ACL? (also 142) 142-143 - What is content-dependent access control? 144-145 - What is centralized access control administration? - What is RADIUS? Describe an example of it in use. - What are TACACS, XTACACS, and TACACS+? Describe an example of it in use. 146-147 - What is Diameter and how does it improve on RADIUS and TACACS? - What is decentralized access control administration? Why would a company use it instead of centralized administration? (also 144) - What are the advantages of a hybrid administration scheme? 148-149 - What are the three categories of access control? Give some examples of each. - What is a security policy? - What is separation of duties? 150-151 152-153 154-155 - What is a control zone, and how is it different from just having a dedicated machine room? 156-157 158-159 - What are the types of access control? Give an example of each. (also 160) 160-161 162-163 - What is an audit reduction and why is it useful? 164-165 - What are some 'best practices' in the access control arena? 166-167 - What is object reuse and how can it be a security risk? - What is Tempest? 168-169 - What is IDS? What are the two kinds? - What is signature-based IDS and what is its major weakness? - What is behavior-based IDS, and how does a TIM factor into it? 170-171 - What is a honeypot? - What's the difference between enticement and entrapment? - What's a sniffer, and how can either side use them? 172-173 - What's a dictionary attack? What are some countermeasures? - What's a brute force attack? What are some countermeasures? 174-175 - What's wardialing? - What's logon spoofing? What are some countermeasures? What's a trusted path? - What is penetration testing? ===== Chapter 5 - Security Models and Architecture 185 - What is a security model? (also 210-211) - What are the three main attributes of computer security? 188-189 - How does a buffer overflow attack work? 190-191 - How is memory management important to computer security? - What is secondary storage? Virtual storage? - What is paging? 192-193 - What are protection rings? What's the general term for processes that execute in the inner rings? The outer rings? 194-195 - What runs at ring 0? 1? 2? 3? - How does an application running on a lower ring access functionality provided by a higher ring? 196-197 - What operating states can a process be in? 198-199 - What's the difference between multithreading and multiprocessing? - In terms of device management, why is WinNT safer than Win9x? - What is a deadlock? 200-201 - Where are the three main areas security can happen when a user accesses data? - As the complexity increases, does security become more or less certain? Why / why not? - What does it mean for a component to be trusted? - Should you design a system such that all components can be trusted? Why or why not? (also 203) 202-203 - What is the TCB? - What is the security perimeter? 204-205 - What is the reference monitor? - What is the security kernel? What does it have to do? How does it relate to the reference monitor concept? 206-207 - In security terms, what is a domain? What is an execution domain? 208-209 - What is hardware segmentation and how does it contribute to security? - What is a security policy? - What is the security kernel? - What do multilevel security policies do? - What is the concept of least privilege? 210-211 - What is layering and how does it provide security? - What is data hiding and how is connected to layering? - What is abstraction? 212-213 - How does the state machine model apply to security? - Why is failing in a secure state important? - What is a multilevel security system? - What is Bell-LaPadula and what are its three main rules? - What is an information flow security model? - What is the simple security rule? By what other term is it known? - What is the *-property rule? By what other term is it known? Why is it important? - What is the strong star property rule? 214-215 - What is the Basic Security Theorem? - What security service does Bell-LaPadula provide? - What are some criticisms of the Bell-LaPadula model? - What is the Biba model? What are its two main rules? - The rules of the Biba model seem counterintuitive. Why are they the way they are? 216-217 - In general, what does a 'simple-' rule describe? A 'star-' or '*'- rule? - What is the Clark-Wilson model and what does it emphasize? - What is 'access triple' and why is it called that? - What is separation of duties? - What are the three main goals of integrity? Which one(s) is/are emphasized by Clark-Wilson? By Biba? - What generic model were both Biba and Bell-LaPadula built upon? - What is the noninterference model and how does it enforce confidentiality? 218-219 - What is the Brewer and Nash model? What other name is it known by? - What issues do the Graham-Denning and Harrison-Rizzo-Ullman models address? How do they differ? [great summary on 219] 220-221 - What is dedicated security mode? - What is system-high security mode? How is it different from dedicated security mode? - What is compartmented security mode? How is it different from system-high? - What is multilevel security mode? Which model is an example of it? 222-223 - What's the difference between assurance and trust? - What is TCSEC? What other name is it known by? - What's A-level security? B? C? D? - T/F: B1 is a superset of B2? - What are the four main topics of the Orange Book? - What seven different areas do they break down into? 224-225 - What is NCSC? TPEP? EPL? - What is C1? - What is C2? - What model are Division B levels based on? What other evidence must be present? - What is B1? - What is B2? 226-227 - What is B3? - What's the difference between A1 and B3? - What are some of the limitations of the Orange Book? 228-229 - What's the TNI? What is its other name? - What Red Book ratings are available? - What replaced TCSEC? - What is ITSEC? Where is it used? What are its two main attributes? 230-231 - What is the fundamental difference between ITSEC and TCSEC? - What are the rating scales for ITSEC? - What is the TOE? - What are the Common Criteria? Who developed? - What's the biggest difference between Common Criteria and the Orange Book? - What is EAL? How many packages are there? 232-233 - What is a protection profile? - What is the security target? 234-235 - What's the difference between certification and accreditation? - What is ISO I7799? What was it originally called? 236-237 - What's the difference between open systems and closed systems? - What are covert channels and why are they security risks? - What is a covert storage channel? - What is the Loki attack? 238-239 - How can you try to detect covert channel attacks? - What's a backdoor? What other name is it known by? - What are some countermeasures against backdoors? - What's an asynchronous attack? - What's a TOC/TOU attack? - What's a race condition? 240-241 - What's a buffer overflow? How can it be exploited? - What are some countermeasures against buffer overflow attacks? ===== Chapter 6 - Physical Security p253-254 - What are some mechanisms of physical security? - Why is physical security more challenging today than in the '60s and '70s? - Why are physical computer incidents today raising costs for companies? - What is the layered defense model, and why is it important? - What are some physical security vulnerabilities? p255-256 - What is an EAC token and what is it used for? - What is a critical-path analysis? - What kinds of controls fall under the physical security umbrella? p258-259 - What are some of the issues with selecting a facility site? - What are some of the issues with designing and building a facility? p260-261 - What is an internal partition and what is its main vulnerability? - Where in a building should data centers be located? Why? p262-263 - In the past, personnel were needed in computer rooms for proper operation. Why isn't that the case now, and what changes in computer room design are now possible? - Why should there be only one, dedicated, entry to a secured computer room? p264-265 - What main threats do physical security components combat? - Why is a cost-benefit analysis of physical security important? - What physical security procedures use security components that are already part of the environment? p266-267 - Why shouldn't you try to back up every piece of data on every computer? - What is an SLA and why are the details important? - What is MTBF? What is MTTR? Why is knowing both necessary when evaluating hardware for purchase? p268-269 - What are the three main methods of protecting against power problems? - What's the difference between an online UPS and a standby UPS? - What are the two primary sources of backup power? - What factors should be considered when evaluating secondary power? - Define the following: EMI, RFI, (transient) noise, inrush current, clean power - What can induce EMI? RFI? p270-271 - Define spike, surge, fault, blackout, sag/dip, brownout - What two kinds of devices are typically used to ensure clean power? p272-273 - What are some preventative measures for power management? - How does job rotation or cross-training serve as a kind of backup? - What steps should typically be taken when a technical employee leaves or gives notice? p274-275 - What is a positive drain? - What are five preventative steps against static electricity? - What's the proper range for relative humidity? What are the risks if it is too high or too low? - What's the proper temperature range? What are the risks if it is too high or too low? p276-277 - What is a closed-loop circulation system? - What is positive pressurization? Is it desirable for data centers? - What are the four classes of fire? p278-279 - What are the three kinds of fire detectors? - What are the two different kinds of heat-activated sensors? p280-281 - What distinugishes plenum-rated cable from other kinds? - For each class of fire, what is the type of fire what is the suppression method? - What are some dangers of using CO2 as a supression agent? - Why is Halon no longer made? p282-283 - What are the four types of water sprinkler systems and what are their distinguishing characteristics? - What is another name for a 'wet pipe' system? p284-285 - Summarize emergency planning. p286-287 - What are the two main modes of perimeter defense? - How can personnel assigned to sensitive areas help with perimeter defense? - What is a disadvantage of a lock-and-key system? p287-288 - Describe the following options for cypher-lock systems: door delay, key-override, master-keying, hostage alarm. - Describe the following device locks: switch controls, slot locks, port controls, peripheral switch controls, cable traps. p290-291 - What is piggybacking? - What are the two types of wireless proximity readers? - What are the three kinds of system sensing cards? p292-293 - What is PIDAS fencing? - At what height and characteristics is a fence considered serious for area denial? - What are bollards and where are they used? - What is the NIST standard for perimeter protection for lighting critical areas? p294-295 - Describe the five types of perimeter scanning devices. p296-297 - What is a mantrap? p298-299 - What information should be kept in the audit log of access control systems? - What is fail-safe? Fail-secure? ===== Chapter 7 - Telecommunications and Networking Security 312-313 - What is a PSTN? - What is ATM? - What is TCP/IP? (also p325) - What is a network protocol? 314-315 - What are the layers of the OSI and TCP/IP models and how do they map together? - What is an open network architecture? - What is encapsulation? 316-317 - What is the purpose of the application layer? - What protocols work at the application layer? (also p323) - Does the application layer include the actual applications? - What is the purpose of the presentation layer? - What protocols work at the presentation layer? (also p323) 318-319 - What is the purpose of the session layer? - What protocols work at the session layer? (also p323) - What's a good analogy for the session layer? - What are the three phases of session layer operation? - What is dialog management? - What is the purpose of the transport layer? - What protocols work at the transport layer? (also p323) - What's the difference between the functions of the transport layer and the session layer? - What is UDP? - What is SPX? 320-321 - What is the purpose of the network layer? - What protocols work at the network layer? (also p324) - What is ICMP? RIP? OSPF? BGP? IGMP? - What is the purpose of the data link layer? - What protocols work at the data link layer? (also p324) - What are the two sublayers of the data link layer? - What is FDDI? - What is SLIP? PPP? RARP? L2F? L2TP? ISDN? 322-323 - What is the purpose of the physical layer? - What protocols work at the physical layer? (also p324) 324-325 - The 'IP' in TCP/IP provides "____________ routing services." 326-327 - What are the two main tasks of IP? - Is TCP a connectionless protocol or a connection-oriented protocol? What does that mean? - What is UDP? Is it a connectionless or connection-oriented protocol? What does that mean? - What is best-effort? - Apply the postal system analogy to the Data, IP, and Network components of IP. - Is TCP simplex, half-duplex, or full-duplex? - What are some tradeoffs of using UDP vs. TCP? - What is a socket? 328-329 - What are port numbers up to 1024 called? Why? - What ports are the following protocols usually mapped to: Telnet, SMTP, HTTP, SNMP, FTP? - Differentiate between TCP and UDP according to reliability, connection, packet sequencing, congestion control, usage, and speed/overhead. - What is the three-way handshake? Describe it in action. - What is a SYN packet? A SYN/ACK packet? An ACK packet? 330-331 - What is the term used to describe the data at each layer of the TCP model? The UDP model? - What are the major differences between IPv4 and IPv6? - How many bits for addressing does IPv4 use? IPv6? - What is a class? What is a subnet? 332-333 - What is baseband? What is broadband? (also p334) - What is an analog transmission signal? - Why are digital signals more reliable over long distances? - What is the local loop (or last mile) and what's different about it? - What is asynchronous communication? Synchronous communication? 334-335 - Do modems use synchronous or asynchronous communication? - Is CATV a baseband or broadband medium? - What is the physical arrangement of computers and devices on a network called? 336-337 (for more topology info, see p338) - What is a ring topology? What's the difference between physical ring and logical ring? - What is a bus topology? What are the two main types and how do they differ? - What are two vulnerabilities of a simple bus topology? - What's a star topology? - What is a main vulnerability of a star topology? - Most LANs nowadays are star topology. Why? - What's a mesh topology? Full mesh? Partial mesh? - What defines a LAN as opposed to a WAN? (also 338) 338-339 - What's the difference between a LAN and an internetwork? - What is attenuation? What causes it? - What is Ethernet? What IEEE standard applies? - What topologies does Ethernet traditionally use? - What are Ethernet's characteristics? 340-341 - What is a BNC? What types of Ethernet use it? - What is 10Base2? - What is 10Base5 and what distinguishes it from 10Base2? - What is 10BaseT and what distinguishes it from the others? - What topology does 10BaseT usually use? - What is 100Base-TX also called? (also 342) - What is 1000Base-T also called? 342-343 - What is token-passing and what LAN technology uses it? - What is the central hub in a Token Ring LAN called? - What is the transmit speed for Token Ring? - What does the active monitor do? - What is beaconing? 344-345 - What is FDDI? How fast is it? What IEEE standard applies? - How does it provide fault tolerance? - What is a ring wrap? - How long can a FDDI network be? 346-347 - How is the bandwidth of a cable different from its data rate? - What are some advantages and disadvantages of coaxial cable? - What is the difference between STP and UTP? - What is crosstalk? - How does the twist of the wire improve its usability? - What are some disadvantages of UTP? 348-350 - What are some advantages and disadvantages of fiber-optic cabling? - What is cable noise? - What is attenuation? How do you minimize it? - What is crosstalk? How do you minimize it? 350-351 - What is plenum space? Why is it relevant to cabling? - What is a pressurized conduit? - What is unicast? - What is multicast? How is it done across routers? - What is broadcast? 352-353 - What is MTU? - What is a token? - Can token-passing networks have collisions? Why or why not? - What is CSMA/CD? - What is contention? - What is collision? What does a system do when it detects one? - What is the back-off algorithm? - What is CSMA/CA and how does it differ from CSMA/CD? 354-355 - What is a collision domain? - What is latency and how does it happen? - A subnet will be on the same broadcast and collision domain if it is not separated by what? - What is polling? 356-357 - What is ARP and how does it work? - What is a MAC address? How many bits? What's the layout? - What is ARP table poisoning, and what kind of attack is it? - What is RARP and how does it work? - What is a DHCP server and how does it work? - What is BOOTP and how does it work? - What's the difference between ARP and RARP? 358-359 - What is ICMP and what does it do? - What is a repeater? - What is a hub, and what other name is it known by? - What is a bridge and why is it used? - What is the difference between a local bridge, a remote bridge, and a translation bridge? 360-361 - What are the functions of a bridge? - What's the difference between a bridge and a router? - What's transparent bridging? - What's source routing? (also 386) - What is an internetwork? - What is STA and what is it used for? - What's a security risk associated with source routing? 362-363 - A router can connect similar networks. Can it connect dissimilar ones (e.g., Ethernet LAN and Token Ring LAN)? - What does a router use to filter traffic? - What actually happens inside the router when it receives a packet? - What is TTL and what's it used for? - What happens if the destination network requires a smaller MTU than the packet being routed? - What are the differences between routers and bridges? - What is routing? - Where does the sending computer send the packet if the destination computer is on a remote network? 364-365 - How were routing tables originally built, and why aren't they done that way anymore? - What are ASs and how do they come into play in routing? - What's a border router? - A switch functions as a combination what and what? 366-367 - What's a VLAN? - What's a gateway? - What's IPX? - What's a NAS? - What standard do all mail servers understand? 370-371 - What's a PBX? 372-373 - What's a firewall? - What is a DMZ and how is it used? - What's packet filtering? - Are packet filtering firewalls considered 'stateful?' Why/why not? 374-375 - What are pros and cons of packet filtering? - What is stateful inspection, and what are some characteristics of a stateful inspection firewall? - What's a firewall state table? - What's a proxy? 376-377 - How can a proxy fight attempts by an attacker to probe a network? - What are some pros and cons of proxy firewalls? - What is a dual-homed firewall? - What two functions should be shut down on a dual-homed firewall for security reasons? - What's an application-level proxy? 378-379 - What's a circuit-level proxy? - What is SOCKS? 380-381 - What is dynamic packet filtering? - What is a kernel proxy? What makes it different from the others? - What are the characteristics of a 'bastion host' firewall architecture? - How can a system be configured as a bastion host? 382-383 - Should all systems in DMZs be running as bastion hosts? Why/why not? - What is a screened host? - What is a screened subnet? Why is it superior to a screened host or standalone firewall? 384-385 - What should the default action of any firewall be? 386-387 - What is masquerading or spoofing? - What's a zombie? - What should a firewall do when it encounters a fragmented packet? What's the catch? - What are some disadvantages to firewalls? - Some firewalls perform authentication. How does this help? - What's a honeypot? 388-389 - What's the difference between enticement and entrapment? - Why is suppressing broadcast and collision domain formation important? - What's a NOS? - What's a redirector? 390-391 - What is DNS? - Who maintains the authoritative root databases? - Who allocates IP addresses? - Where do DNS servers live? - Why are internal DNS servers usually split up? What is this called? - The DNS server that holds the file for a zone is called the for that zone? - What is a resource record? - If a router does not know the necessary path to the destination of a packet, what does it do? - If a DNS server does not know the necessary necessary resource record to resolve a hostname, what does it do? 392-393 - What are the seven most common top-level domains? - What seven top-level domains did the International Ad Hoc Committee create? - What is a directory service, and what model and protocol is it built on? 394-395 - What is a metadirectory and what is it used for? - What is a schema? - What's Microsoft's directory service? - What's Novell's directory service? - What is an intranet? - What are the non-routing class A, B and C networks? - What is an extranet? 396-397 - What is EDI? - What is NAT? How does it help provide security? - How does NAT distinguish between IPs of all the computers connected downstream of it, if all are accessing the WWW at the same time? - What is a MAN? 398-399 - What is SONET? - What is self-healing? - What is multiplexing? 400-401 - What's the bandwidth of a T1 line? How many telephone calls can it carry? - How many T-1 lines can a T3 carry? - What is ATM? Describe its relationship with SONET in terms of a highway analogy. - What is OC? What's the throughput of an OC-1 line? 402-403 - What is SDH? Is it compatible with SONET? - What are the bandwidth of E1 and E3 lines? - How could an SDH network communicate with a SONET network? - What is a dedicated link and what other names is it known by? - What is TDM and who uses it? - How many bits in a time slot? How many time slots in a frame? - How many T1 frames go in a second? - What's it called when a T1 line is split between more than one customer? - What's the main driver in the cost of a dedicated line? - What is S/WAN? 404-405 - What is a CSU/DSU? - What is DTE? Give an example of a DTE object. (also 408-9) - What is DCE? Give an example of a DCE object. (also 408-9) - What's the difference between circuit switching and packet switching? (also 406-7) - What scheme does ISDN use? 406-407 - What is frame relay? - What is CIR? 408-409 - What is the frame relay cloud? - What's the difference between PVC and SVC? - What is X.25? - What is an HDLC frame and how large is it? - Why was X.25 good for its time but obsolete today? 410-411 - What is ATM? - Are ATM and frame relay connectionless switching technologies? - What's the difference between packet switching and cell switching? - How large is an ATM cell? - Is ATM a good choice for voice and video transmission? Why or why not? - What is SMDS? - What is SDLC? What's its primary use? - What is HDLC? What is it an extension of? - What is HSSI? What's its max bandwidth? 412-413 - What is a multiservice access technology? - What is the Signaling System 7 protocol? - How does VoIP get around some of the barriers present in today's PSTN? - What's the term used to describe packet loss or latency in a VoIP call? - What's an H.323 gateway? 414-415 - (good WAN comparison table on 415) 416-417 - Remote access can be a huge security problem. Why allow it at all? - What is a NAS? - What is a RAS? - How can a call-back mechanism be defeated? - Is it a good idea to have modem-pool access filtered through a firewall? - What is wardialing? - What's the local loop? - What is ISDN? What are the three implementations of it in use today? 418-419 - What is DSL? What's its bandwidth? What are the two biggest disadvantages? - What's the difference between symmetric and asymmetric DSL, and which one is better suited for home use? - What's the biggest drawback of cable modems? - What's the security risk behind DSL and cable connections being 'always-on?' 420-421 - What's a VPN? - What's a tunnel? - Why would you use an encapsulated but unencrypted tunnel? 422-423 - What is PPP? What protocol did it replace? How does it use PoPs? - What are PAP, CHAP, and EAP? - Is PPP alone sufficient to bring serial data to, say, a corporate network? Why/why not? - What is PPTP? How does it use MPPE? - What is a GRE header, and how does it work in PPTP? 424-425 - What is L2F, and why did Cisco then create L2TP? - What is PAP? 426-427 - What is PAP's major security drawback? - What is CHAP? How does it overcome PAP's major security drawback? - Is CHAP vulnerable to man-in-the-middle attacks? Why or why not? - What is EAP, and how is it different from CHAP and PAP? 428-429 - Modem pools should be set up to answer after how many rings? Why? - What is a possible effect of two machines on a network having the same MAC address? - What is a single point of failure and what's the best defense against it? 430-431 - What is RAID? - Name and describe the following RAID levels: 0-6, 10. - Why is RAID 10 not called RAID 7? - What are the characteristics of these RAID classifications: . Failure Resistant Disk Systems . Failure Tolerant Disk Systems . Disaster Tolerant Disk Systems - What is HSM? - What is SAN? - What is clustering, and what is its advantage over just having secondary servers? (also 432) 432-433 - What's the relationship between frequency, bandwidth, and distance? - What is CSMA/CA? - What is spread spectrum? 434-435 - What is FHSS? What two problems with wireless communication does it address? - What is DSSS? - What is a chip? A chipping code? - What are some advantages DSSS has over FHSS? 436-438 - What is the IEEE wireless LAN standard? - What is the frequency range and bandwidth of these wireless standards: . 802.11b . 802.11a (and how is it different from .11b?) . 802.11g . 802.11h (and where is it used?) - What are the characteristics of these standards? . 802.11e . 802.11f . 802.11i . 802.11j . 802.16 . 802.15 439 - What is WAP and why is it necessary? 440-441 - What is WTLS? What are the three classes of WTLS? - What is the 'gap in the WAP?' - What is an infrastructure WLAN and how does it differ from an ad-hoc WLAN? 442-443 - What's a channel? - What's a SSID? When is it required? Why should it not be relied on as a security mechanism? - What two ways can a wireless device authenticate to an access point, and what is the difference between them? - What is WEP and how secure is it? - What is wardriving? - What is NetStumbler? - What are NetSnort and WEPCrack? - What are some security best practices to implement a wireless LAN? ===== Chapter 8 - Cryptography p457 - What is cryptography? - Since most crypto algorithms can be broken, what's the point? p458-459 - What is a substitution cipher? Monoalphabetic substitution? Polyalphabetic substitution? p460-461 - What is DES and how does Lucifer play a role in it? - What is the Clipper Chip and what were some problems with it? (also p470-472) P462-463 - What is the unencrypted message called? The encrypted message? - What is a cryptosystem? - How are algorithms used in cryptography? - What is a keyspace, and what are its characteristics? - Should the algorithm for a cryptosystem be kept secret? Why or why not? p464-465 - What factors comprise the strength of the encryption method? - What is 'work factor'? - What four of the Big Five does cryptography contribute to? - What different emphasis wrt crypto might military, financial, legal institutions have? p466-467 - What is key clustering? - What is a transposition cipher? - What is frequency analysis and how is it used? p468-469 - What is a running key cipher? - What is a concealment cipher? - What is steganography? p470-471 - What is Kerckoff's Principle? - What is EES? - What is key escrow? p472-473 - By what name is key escrow also known when describing a software cryptosystem? p474-475 - What is symmetric cryptography? What are symmetric keys also called? - How many different keys would be needed for N people to communicate without more than two people sharing any one key? - What is an 'out-of-band' method? - Which of the Big Five does symmetric cryptography contribute to? - What are the main strengths/weaknesses of symmetric cryptography? p476-477 - Are the following stream or block ciphers: DES, 3DES, Blowfish, IDEA, RC4, RC5, RC6, AES? - What is asymmetric cryptography? By what other name is it known? - What are asymmetric keys also called? - What is an important distinction between the public and private keys? - Which of the Big Five does symmetric cryptography contribute to? - What is a secure message format? - How is authentication accomplished with asymmetric crypto? p478-479 - What is an open message format? - What is a 'secure and signed message format?' - What are some strengths and weaknesses to asymmetric crypto? - Between the list of algorithms on this page, and the list on p476, which are symmetric and which are asymmetric? p480-481 - What's the difference between a block cipher and a stream cipher? - What's the distinction between confusion and diffusion? - What is an S-box? p482-483 - What is a keystream generator? - What are the characteristics of a good stream cipher algorithm? - Are stream ciphers better suited for HW or SW implementations? Why? - What is DEA? What's its effective key size, and why is it different than its full key size? 484-485 - What is 3DES? - What is AES? What algorithm does it use? - What block size does DES use? - How many rounds of transposition/substitution does DES use? - What are the four DES operation modes and how are they different? 486-487 - Why 3DES and not 2DES? - How many computation rounds does 3DES use? - How much stronger than DES is 3DES? - How much slower? - Define and explain the three different operation modes of 3DES. 488-489 - What is IDEA? What's its block size? Key size? Number of rounds? - What is Blowfish? What's its block size? Key size? Number of rounds? - What is RC5? What's its block size? Key size? Number of rounds? - What is RSA? What Big 5 functions can it perform? - What provides the strength of the RSA algorithm? - What's a one-way function? How does it apply to the RSA algorithm? 490-491 - What is El Gamal? What is it based on? - What are ECCs? What are they based on? What advantages does it have over RSA? 492-493 - What is public key crypto? Describe a message exchange using it. 494-495 - What is a session key? Describe a message exchange using it. - What is a disadvantage of reusing the same secret key over and over? - What is the Diffie-Hellman algorithm used for? 496-497 - What is PKI? What's the difference between it and public key crypto? - What is a digital certificate? - What is a certificate authority? Name two well-known CAs. - What is a registration authority? (also p498) 498-499 - What is a CRL? - Why might a certificate be revoked? - What is the current standard for creating a digital certificate? - Describe an example of all components of a PKI working together. - What's another name for a directory of public keys? 500-501 - What security services does PKI provide? - How can crypto detect if a message has been modified in an unauthorized way? - Why aren't parity bits a sufficient means of ensuring message integrity? - What's a one-way hash? How does it differ from an encryption algorithm's 'one-way function?' - What's a message digest? 502-503 - What is a weakness of using a simple message digest to verify integrity? - What is a MAC? How does it work? What is its weakness? 504-505 - What kind of authentication does MAC provide (two different terms)? - How is system authentication different than user authentication? - What is a digital signature? - Go through an example of sending a digitally-signed message. 506-507 - Encrypting a message provides which security service(s)? - Hashing a message provides which security service(s)? - Digitally signing a message provides which security service(s)? - Encrypting and digitally signing a message provides which security service(s)? - What are DSS, DSA, ECDSA, and SHA? - How large a message digest does SHA produce? - What does it mean if a hashing algorithm is 'collision free?' - Re-create Table 8-2. - What is a 'birthday attack?' - What are features of a good hash function? 508-509 - What are characteristics of MD4, MD5, MD2, HAVAL? - Describe the digital signing process using SHA and DSS. 510-511 - For a hash algorithm with n-bit output, using a brute-force attack, how many messages could it take to determine the input from a given output? - For a hash algorithm with n-bit output, using a brute-force attack, how many messages could it take to determine two messages with the same output? - What is a one-time pad? What is its major advantage? Its major flaw? 512-513 - What does it mean that cryptography is based on a 'trust model?' - What is a KDC? - What is KEA? - Describe a good way to manage backups of crypto keys. 514-515 - What are the rules of key management? - For link encryption and end-to-end encryption, answer the following: > What is it? > What part of the packet is encrypted? > What are its advantages? > What are its disadvantages? > Which part (higher or lower) of the OSI model is it performed in? - Where is end-to-end encryption usually initiated? - What is traffic-flow security? - What is link encryption? What part of the packets are encrypted? - What is end-to-end encryption? What part of the packets are encrypted? - What are the advantages/disadvantages of each? 516-517 - What are the tradeoffs of hardware v. software encryption? - If a company's security needs are as given below, what cryptosystem / scheme is the best choice: > only encrypting the occasional email message? > encrypting all network traffic, both internal and external? > single sign-on? - What is MIME? 518-519 - What is S/MIME? What security services does it provide? - What is PEM? What security services does it provide? Why hasn't it really caught on? - What is MSP? What security services does it provide? Who uses it? - What is PGP? What security services does it provide? - What is a PGP 'web of trust?' 520-521 - What is a PGP key ring? - What disadvantages does PGP have when compared to a CA model? - Is PGP a complete cryptosystem? Why or why not? - What is the main security issue with browser plug-ins? 522-523 - What is a stateless protocol? Is HTTP a stateless protocol? Is S-HTTP? - How is S-HTTP different from HTTP? - What security services does S-HTTP provide? - What is the difference between S-HTTP and HTTPS? - What is SSL and how is it different from S-HTTP? What security services does it provide? Where on the protocol stack does it reside? - Describe an SSL session. - Does SSL provide security for the data once it is received? - How does a user verify an SSL connection? 524-525 - What is SET? Why hasn't it caught on? - Describe an SET transaction. - What are cookies? Why are they used? 526-527 - What potentially damaging information can be in cookies? - What is SSH? - Describe an SSH session? - What is IPSec? What two basic security protocols does it use? - What is AH? - What is ESP? - What two modes can IPSec work in? 528-529 - Describe an IPSec session. - What is an SA, and how does it work? - Are SAs directional or omnidirectional? - What is the SPI? - How does AH use MAC? - What security services do AH and ESP provide? Why would you choose one over the other? - Which would you choose to set up a VPN? - Which would you choose in a NAT environment? 530-531 - What is an ICV? What part of the packet is used to calculate the ICV in AH? ESP? - Does IPSec dictate how hashing and encryption algorithms are to be used? - What is IKE? - What is ISAKMP? OAKLEY? - What is a passive attack? An active attack? - What is a cyphertext-only attack? - What is a known-plaintext attack? 532-533 - What is a chosen-plaintext attack? - What is a chosen-ciphertext attack? - What is 'adaptive' when applied to all the above attacks? - Why are public crypto algorithms generally better than private/proprietary ones? - Why would you want to keep your crypto algorithm secret? - What is the man-in-the-middle attack? Describe it in action. - What protocol is vulnerable to MITM? - How can MITM be prevented? 534-535 - What is a dictionary attack? - What is a replay attack? - What is a side-channel attack?