Misc Concepts in Network Security

Descripción

Net SEC Fichas sobre Misc Concepts in Network Security, creado por Moh.enab el 10/05/2013.
Moh.enab
Fichas por Moh.enab, actualizado hace más de 1 año
Moh.enab
Creado por Moh.enab hace más de 11 años
54
1

Resumen del Recurso

Pregunta Respuesta
Freshness assurance to a principal that a message has not been used previously and originated within an acceptably recent timeframe
Liveness an assurance that a principal sent a particular message within an acceptably recent timeframe
ISO-7498-2 Security Services (5) Authentication (entity Auth. & Data origin Auth.) Access Control Confidentiality Integrity Non-Repudiation
ISO 7498-2 Confidentiality categorize Confidentiality as; Connection Confidentiality (all connections) Connection-less confidentiality (single session/packet) Selection Field Confidentiality (some fields encryption) Traffic Flow Confidentiality (Traffic type protection)
ISO-7498-2 Integrity (against active threats) Integrity with Recovery (detects violation & trying to recover) Integrity without Recovery (detects violation without trying to recover) Selective field Integrity (part of data has integrity) Connection-less Integrity (validation of SW download) Selective Field Connection-less (as above but selective)
ISO 7498-2 Non-Repudiation Non Repudiation of Origin (Denying Data Sent) Non Repudiation of Delivery (Denying date received)
Security Mechanisms (13) that implements the Security Services (5) Specific Security Services (8) Pervasive Security Services (5) [ support provision of other sec services]
Specific Security Mechanisms (8) Encipher Data Integrity Digital Signatures Access Control Authentication exchange Traffic Padding Routing Control Notarization (3rd party)
Pervasive Security Mechanisms Trusted Function Security Labels Event Detection Audit Trail Recovery
Layers vs. Servcies
ARP Translate Specific IP Address to MAC
ARP Spoofing Falsify IP (Send G-ARP to direct traffic to attacker PC) MAC Flooding (makes switch act like a hub by filling ARP Table, or DOS for the switch )
Defenses Against ARP Spoofing Static Translation between Port & MAC Prevent GARP to be sent limit the number of MAC at each port
WAN Security Measures Partition networks physically Partition networks logically Data Confidentiality & Encryption
ISO 7498-2 Network Management Security Management of Security Security of Management
SNMP at least 1X network management station & number of network elements they support; configuration management event logging accounting
SNMP Operations SET GET TRAP
SNMP Threat Possibility that one device might act with the authority of another device
SNMP Security Security services Authentication Service (Community name) Access Control (Defines Community access rights)
SNMP V3 Network managers should have UN & PSW for Authentication each SNMP entity has Identity Confidentiality
Fundamental Threats Data Leakage Integrity Violation DOS illegitimate use
Primary enabling Threats Masquerading (Entity claims itself another entity) Trojan Horse Trapdoor (software function hidden to pass security policy) Bypass Control Authorized violation (e.g. XSS)
OSI 7 layers Application, Presentation, Session, Transport, Network, Data link & Physical
Session layer function establishes session, control session parameters (half duplex, full duplex...), synch done at this layer
Presentation Layer Function Prepares the data to be ready for other layers and recipient Compression & Encryption is done here
Transport Layer responsible for moving the App from one PC to another, establishes virtual connection to specify which application to be used Guarantee messages revival
OSI Layering Advantages Allows protocol designers and implementers to divide up the problem and focus on solving one piece of the problem at a time.
Services vs. Protocols Service is provided by one layer to the other one above it Protocol is specifying how service is implemented
ISO 7498-2 Dealing specifically with the security of communications networks
ISO-7498-2 stages life cycle Define a security policy. Analyze the security threats according to the policy. Define the security services to meet threats. Define the security mechanisms to provide services. Provide on-going management of security.
Rules Describes how the system should work and configured, there are two types; identity based (based on the identity) & rule based (based on the configured rules)
Mostrar resumen completo Ocultar resumen completo

Similar

Unit3: Biometrics
Moh.enab
Biometric System Modules
Moh.enab
Untitled
Moh.enab
Creando una Ficha
Diego Santos
Las Ciencias Sociales
paolaf_mata99
PINTURAS FAMOSAS: Título y Autor...
Ulises Yo
CLASIFICACIÓN DE LAS EMPRESAS
ivon nieto
Les Métiers
Katia García López
Cáncer de mama
Hugo Sau
Crisis del Antiguo Régimen
Claudia Romero
LA DIVERSIDAD CULTURAL
ramiroosoriorubi