VOIP ch 10

Card Set Information

VOIP ch 10
2011-07-25 20:15:50

VOIP ch 10
Show Answers:

  1. a third party shoud not be able to read the data that is intended for the recipient
    Confidentiality or Privacy
  2. recipient should receive the packets that the originator sends without any change to their content. A third party should be unable to modify the packets in transit
  3. The sender and recipientof VoIP signaling or media messages need to be sure that the peer they are
    communicating with is in fact who it claims to be.
  4. protection from Denial-of-Service (DoS) attacks. The VoIP service should be available to the users at all times. Malicious or misbehaving users/devices should not be able to disrupt the service. Mitigation of DoS attacks requires taking measures to protect VoIP resources and to protect the underlying IP network.
  5. Users share a single secret key
    Symmetrical. Same key used to encrypt and decrypt
    shared key
  6. Each user has a related public and private key
    Asymmetrical. Different key used to decrypt than was used to encrypt.
    Public-Key cryptography
  7. cant be abe to retrive the message
  8. A hash is created using the original message.
    The hash is encrypted using the private key of the signer.
    The receiver decrypts the hash using the signer’s public key.
    This hash is compared to a recalculated hash from the received message.
    If they match, the message was sent from the signer and was not modified in transit.
    Digital signature
  9. Certificates are a method to distribute public keys
    A certificate authority (CA) issues a certificate validating the requestor’s identity and public key
    you have to pay certificated authority
    public key crytography
  10. evolved from SSL
    Typically used to secure signaling
    Sits on top of TCP
  11. the client authenticates the identity of the server via TLS.
    The server uses some other out-of-band means to authenticate the client.
    server-auth mode
  12. each entity authenticates its peer by verifying its certificate.
    Mutual authentication mode
  13. provides connection security
    It provides privacy and integrity.
    algorithms such as Data
    Encryption Standard (DES) and RC4 for data encryption.
    also without encryption.
    For integrity,MD5 and Secure Hash Algorithm (SHA)
    Record protocol layer
  14. Multiple protocols, such as the TLS handshake protocol,
    The TLS handshake protocol is primarily engaged at the start of the data communication
    client layer
  15. operates at ip layer
    protocols to provide security
    Authentication Header (AH)
    AH provides authentication and integrity.
    Encapsulation Security Payload (ESP)
    provides privacy in addition to authentication and integrity by encrypting parts of the message.
  16. is inserted between the IP header and the upper layer protocol (TCP/UDP) header
    only the payload of an IP datagram is protected.
    Transport mode
  17. the entire IP packet is protected.
    tunnel mode
  18. specified for management of security keys.
    uses public-key cryptography techniques to negotiate an authentication key, security protocol (AH or ESP), hashing algorithm, and encryption algorithm.
    Internet Key Exchange (IKE)
  19. provides to both data packets(RTP) and control packets
    defined in RFC 3711
    does not specify how the keys are exchanged between
    the sender and recipient
    Secure Real-time Transport Protocol (SRTP)
  20. **to much delay or jitter if you encrypt it in the**
  21. disable unsed services on what
    Unused Ports/Services
  22. If you are using Simple Network Management (SNMP) on a device only to gather data, set Simple Network
    Management (SNMP) to
    read only mode
  23. If you are using web-based administration, always use WHAT? with protocols such as Secure Socket Layer (SSL).
    secure access
  24. Administratively disable any unused port on what layer switch
    Layer 2
  25. You can use Host-based Intrusion Protection Systems (HIPS) to secure critical voice devices such as
    processing elements
  26. Separate VOIP traffic, usually by using
  27. IP layer, use separate IP network address spaces for what type of traffic
    data and voice traffic
  28. if from a soft device you dont
    trust it
  29. Filters malicious DHCP messages and builds a database of IP-to-MAC
    acts as a firewall between untrusted sources
    DHCP snooping
  30. All IP traffic on an untrusted port is blocked except for DHCP messages
    IP Source Guard
  31. inspects all ARP messages on untrusted ports and verifies that the ARP messages are not malicious by comparing the ARP messages against the DHCP snooping binding database
    Dynamic ARP Inspection (DAI)
  32. flooding the network with traffic out all ports
    CAM overflow
  33. Configuring a maximum number of MAC addresses per port. If a particular port encounters this limit, the specified action is taken on that port. The offending port can be either shut down or placed in a restricted mode.

    port security
  34. should be on the every host and interface that the switch connected to a pc
    attempts to prevent malicious host devices from sending BPDUs
    BPDU Guard
  35. connected to another switch but should never be the root
    configured on a per-port basis
    Root Guard
  36. monitor and analyze network traffic to detect intrusion.
    Network-based Intrusion Prevention Systems (NIPS)
  37. send first part of the three part hand shake and wont complete
    half open (emboynic)
  38. SYN and ACK what layer they deal with
    Layer 3
  39. trust another server or device for authentication
    is trust that is transmitted through another party.
    transitive trust
  40. they open up pinholes for the voice media to flow through.
    Application-Layer Gateways (ALG).
  41. It is advisable to use a private address space that is specific for VoIP instead of using
    Network Address Translation (NAT)