SANS SEC 301 EVALUATION EXAM UPDATED QUESTIONS
AND ANSWERS GRADED A+
✔✔The validity of a transmitted message. It deals with methods that ensure that the
contents of a message have not been tampered with and altered. The most common
approach is to use a one-way hash function that combines all the bytes in the message
with a secret key and produces a message digest that is impossible to reverse. Integrity
checking is one component of an information security program. See one-way hash
function, security protocol, Parkerian Hexad and data integrity. - ✔✔message integrity
✔✔A condensed text string that has been distilled from the contents of a text message.
Its value is derived using a one-way hash function and is used to create a digital
signature. See digital signature and MD5. - ✔✔message digest
✔✔An IEEE standard security protocol for 802.11 wireless networks that was developed
to replace the original WEP protocol. Also known as "Robust Security Network" (RSN),
802.11i provides sophisticated authentication using a variety of protocols (802.1X, EAP
and RADIUS) and strong security with the AES-CCMP encryption protocol. However, in
order to allow in-place upgrading of older WEP hardware, 802.11i also supports the
TKIP protocol, which is less robust than AES-CCMP, but far superior to WEP (see WPA
for more details).
Wi-Fi Certification
The Wi-Fi Alliance provides certification for 802.11i-compliant products with its Wi-Fi
Protected Alliance (WPA) logo program. The WPA and WPA2 logos certify compliance
with a subset of 802.11i or the full 802.11i protocol. See WPA. - ✔✔802.11i
✔✔(2) See Windows Product Activation.
(1) (Wi-Fi Protected Access) A security protocol for wireless 802.11 networks from the
Wi-Fi Alliance that was developed to provide a migration from WEP. The WPA logo
certifies that devices are compliant with a subset of the IEEE 802.11i protocol. WPA2
certifies full support for 802.11i.
Strong Security
WPA and WPA2 use a sophisticated key hierarchy that generates new encryption keys
each time a mobile device establishes itself with an access point. Protocols including
802.1X, EAP and RADIUS are used for strong authentication. A RADIUS server
provides automatic key generation and enterprise-wide authentication.
For home and small business users who do not have an authentication server, WPA
can be used in preshared keys (PSK) mode, which requires that a shared secret key be
manually entered into the access points and each user's computer. The shared secret is
used to automaticall - ✔✔WPA
,✔✔(Wired Equivalent Privacy) An IEEE standard security protocol for wireless 802.11
networks. Introduced in 1997, WEP was found to be very inadequate and was
superseded by WPA, WPA2 and 802.11i. Its authentication method was extremely
weak and even helped an attacker decipher the secret encryption key. As a result, WEP
authentication was dropped from the Wi-Fi specification.
Passwords Are Required
WEP uses passwords that are entered manually at both ends (see preshared keys).
Using the RC4 encryption algorithm, WEP originally specified a 40-bit key, but was later
boosted to 104 bits. Combined with a 24-bit initialization vector, WEP is often touted as
having a 128-bit key. See WPA, 802.11i and initialization vector. - ✔✔WEP
✔✔(Extensible Authentication Protocol) A protocol that acts as a framework and
transport for other authentication protocols. EAP uses its own start and end messages,
but then carries any number of third-party messages between the client (supplicant) and
access control node such as an access point in a wireless network.
EAP and LANs
EAP originated with the dial-up PPP protocol in order to support protocols beyond PAP
and CHAP. For use on packet networks, EAP Over LAN (EAPOL) was created. EAPOL
added new message types and allowed an Ethernet header to be prefixed onto EAP
messages so they could be transmitted via Ethernet. Following are various EAP
methods used mostly in wireless networks, but also in wired networks. See 802.1X,
WPA and 802.11i.
EAP-TLS (EAP-Transport Layer Security)
Uses the handshake protocol in TLS, not its encryption method. Client and server
authenticate each other using digital certificates. Clie - ✔✔EAP
✔✔(2) (Secure Sockets Layer) The leading security protocol on the Internet prior to
TLS. Developed by Netscape, SSL has been widely used to validate the identity of a
Web site, to create an encrypted connection for credit card and personal data and to
ensure the transmission is without error.
HTTPS and Port Number 443
An SSL session starts by sending a request to the Web server with an HTTPS prefix in
the URL, which inserts SSL port number 443 into the packets. See well-known port.
The Handshake
After both sides acknowledge each other, the browser sends the server a list of
supported algorithms, and the server responds with its choice and a signed digital
certificate. From an internal list of certificate authorities (CAs), the browser uses the
appropriate public key to validate the certificate. Both sides also send each other
random numbers. See digital certificate.
Data for Secret Keys Is Passed
, The browser extract - ✔✔SSL
✔✔(2) (Transport Layer Security) A security protocol from the IETF that is based on and
supersedes Secure Sockets Layer 3.0 (SSL 3.0). Very similar to SSL, TLS uses digital
certificates to authenticate the user as well as authenticate the network (in a wireless
network, the user could be logging into a rogue access point). TLS adopted a more
secure message authentication code (see HMAC) and added new alert messages.
The TLS client uses the public key from the server to encrypt a random number and
send it back to the server. The random number, combined with additional random
numbers previously sent to each other, is used to generate a secret session key to
encrypt the subsequent message exchange. For more details, see SSL. See EAP and
TLS. - ✔✔TLS
✔✔A service from a carrier that links remote Ethernets together. It is called
"transparent" because the connected Ethernets are viewed as one Ethernet by the
customer, regardless of the technology employed by the carrier in between.
Transparent LAN service between two sites, more accurately known as a "LAN
interconnect," has been successful, but multipoint transparent LANs have been
problematic due to the difference in architecture between the broadcast-based Ethernet
and the carrier's point-to-point network. The VPLS standard was developed to resolve
the problem using IP and MPLS routers (see VPLS). See virtual private network. -
✔✔transparent LAN service
✔✔A continuously changing number used in combination with a secret key to encrypt
data. Initialization vectors (IVs) are used to prevent a sequence of text that is identical to
a previous sequence from producing the same exact ciphertext when encrypted. For
example, packets have address fields that are generally fixed in location within the
header of the packet. If attackers view the same encrypted data over and over, it
provides them with clues to interpret their original values. See nonce. - ✔✔initialization
vector
✔✔(Number ONCE) An arbitrary number that is generated to provide a unique
identification or for security purposes such as when logging in to a network (see
initialization vector). The nonce is used only once and not repeated. Although random
and pseudo-random numbers theoretically produce unique numbers, there is the
possibility that the same number can be generated more than once. However, if a very
large, true random number is used, the chances are extremely small. A perfect nonce is
the time of day; for example, 12.53 seconds past 5:13pm on 1/18/2012 can only occur
once.
Pronounced like the "nons" in "nonsense," nonce is actually an English word that means
"for the present occasion or time." - ✔✔nonce
AND ANSWERS GRADED A+
✔✔The validity of a transmitted message. It deals with methods that ensure that the
contents of a message have not been tampered with and altered. The most common
approach is to use a one-way hash function that combines all the bytes in the message
with a secret key and produces a message digest that is impossible to reverse. Integrity
checking is one component of an information security program. See one-way hash
function, security protocol, Parkerian Hexad and data integrity. - ✔✔message integrity
✔✔A condensed text string that has been distilled from the contents of a text message.
Its value is derived using a one-way hash function and is used to create a digital
signature. See digital signature and MD5. - ✔✔message digest
✔✔An IEEE standard security protocol for 802.11 wireless networks that was developed
to replace the original WEP protocol. Also known as "Robust Security Network" (RSN),
802.11i provides sophisticated authentication using a variety of protocols (802.1X, EAP
and RADIUS) and strong security with the AES-CCMP encryption protocol. However, in
order to allow in-place upgrading of older WEP hardware, 802.11i also supports the
TKIP protocol, which is less robust than AES-CCMP, but far superior to WEP (see WPA
for more details).
Wi-Fi Certification
The Wi-Fi Alliance provides certification for 802.11i-compliant products with its Wi-Fi
Protected Alliance (WPA) logo program. The WPA and WPA2 logos certify compliance
with a subset of 802.11i or the full 802.11i protocol. See WPA. - ✔✔802.11i
✔✔(2) See Windows Product Activation.
(1) (Wi-Fi Protected Access) A security protocol for wireless 802.11 networks from the
Wi-Fi Alliance that was developed to provide a migration from WEP. The WPA logo
certifies that devices are compliant with a subset of the IEEE 802.11i protocol. WPA2
certifies full support for 802.11i.
Strong Security
WPA and WPA2 use a sophisticated key hierarchy that generates new encryption keys
each time a mobile device establishes itself with an access point. Protocols including
802.1X, EAP and RADIUS are used for strong authentication. A RADIUS server
provides automatic key generation and enterprise-wide authentication.
For home and small business users who do not have an authentication server, WPA
can be used in preshared keys (PSK) mode, which requires that a shared secret key be
manually entered into the access points and each user's computer. The shared secret is
used to automaticall - ✔✔WPA
,✔✔(Wired Equivalent Privacy) An IEEE standard security protocol for wireless 802.11
networks. Introduced in 1997, WEP was found to be very inadequate and was
superseded by WPA, WPA2 and 802.11i. Its authentication method was extremely
weak and even helped an attacker decipher the secret encryption key. As a result, WEP
authentication was dropped from the Wi-Fi specification.
Passwords Are Required
WEP uses passwords that are entered manually at both ends (see preshared keys).
Using the RC4 encryption algorithm, WEP originally specified a 40-bit key, but was later
boosted to 104 bits. Combined with a 24-bit initialization vector, WEP is often touted as
having a 128-bit key. See WPA, 802.11i and initialization vector. - ✔✔WEP
✔✔(Extensible Authentication Protocol) A protocol that acts as a framework and
transport for other authentication protocols. EAP uses its own start and end messages,
but then carries any number of third-party messages between the client (supplicant) and
access control node such as an access point in a wireless network.
EAP and LANs
EAP originated with the dial-up PPP protocol in order to support protocols beyond PAP
and CHAP. For use on packet networks, EAP Over LAN (EAPOL) was created. EAPOL
added new message types and allowed an Ethernet header to be prefixed onto EAP
messages so they could be transmitted via Ethernet. Following are various EAP
methods used mostly in wireless networks, but also in wired networks. See 802.1X,
WPA and 802.11i.
EAP-TLS (EAP-Transport Layer Security)
Uses the handshake protocol in TLS, not its encryption method. Client and server
authenticate each other using digital certificates. Clie - ✔✔EAP
✔✔(2) (Secure Sockets Layer) The leading security protocol on the Internet prior to
TLS. Developed by Netscape, SSL has been widely used to validate the identity of a
Web site, to create an encrypted connection for credit card and personal data and to
ensure the transmission is without error.
HTTPS and Port Number 443
An SSL session starts by sending a request to the Web server with an HTTPS prefix in
the URL, which inserts SSL port number 443 into the packets. See well-known port.
The Handshake
After both sides acknowledge each other, the browser sends the server a list of
supported algorithms, and the server responds with its choice and a signed digital
certificate. From an internal list of certificate authorities (CAs), the browser uses the
appropriate public key to validate the certificate. Both sides also send each other
random numbers. See digital certificate.
Data for Secret Keys Is Passed
, The browser extract - ✔✔SSL
✔✔(2) (Transport Layer Security) A security protocol from the IETF that is based on and
supersedes Secure Sockets Layer 3.0 (SSL 3.0). Very similar to SSL, TLS uses digital
certificates to authenticate the user as well as authenticate the network (in a wireless
network, the user could be logging into a rogue access point). TLS adopted a more
secure message authentication code (see HMAC) and added new alert messages.
The TLS client uses the public key from the server to encrypt a random number and
send it back to the server. The random number, combined with additional random
numbers previously sent to each other, is used to generate a secret session key to
encrypt the subsequent message exchange. For more details, see SSL. See EAP and
TLS. - ✔✔TLS
✔✔A service from a carrier that links remote Ethernets together. It is called
"transparent" because the connected Ethernets are viewed as one Ethernet by the
customer, regardless of the technology employed by the carrier in between.
Transparent LAN service between two sites, more accurately known as a "LAN
interconnect," has been successful, but multipoint transparent LANs have been
problematic due to the difference in architecture between the broadcast-based Ethernet
and the carrier's point-to-point network. The VPLS standard was developed to resolve
the problem using IP and MPLS routers (see VPLS). See virtual private network. -
✔✔transparent LAN service
✔✔A continuously changing number used in combination with a secret key to encrypt
data. Initialization vectors (IVs) are used to prevent a sequence of text that is identical to
a previous sequence from producing the same exact ciphertext when encrypted. For
example, packets have address fields that are generally fixed in location within the
header of the packet. If attackers view the same encrypted data over and over, it
provides them with clues to interpret their original values. See nonce. - ✔✔initialization
vector
✔✔(Number ONCE) An arbitrary number that is generated to provide a unique
identification or for security purposes such as when logging in to a network (see
initialization vector). The nonce is used only once and not repeated. Although random
and pseudo-random numbers theoretically produce unique numbers, there is the
possibility that the same number can be generated more than once. However, if a very
large, true random number is used, the chances are extremely small. A perfect nonce is
the time of day; for example, 12.53 seconds past 5:13pm on 1/18/2012 can only occur
once.
Pronounced like the "nons" in "nonsense," nonce is actually an English word that means
"for the present occasion or time." - ✔✔nonce
