Effective CISSP Questions

The man-in-the-middle attack intercepts, relays, and possibly alters the communication between two systems. Which of the following incorporates encryption to mitigate the threat of a middle man?
A. DSSS (Direct Sequence Spread Spectrum)
B. ARP (Address Resolution Protocol)
C. TCP (Transmission Control Protocol)
D. DNS (Domain Name System)

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. DSSS (Direct Sequence Spread Spectrum).

DS and SS

Direct Sequence (DS) is similar to the encryption key of the stream cipher. The source signal (plaintext) together with the signal of DS, pseudo-random sequence (a PN sequence), is modularized (encrypted) to generate the target signal (ciphertext).

ARP and MACSec

ARP is vulnerable to the spoofing attack. It is MACSec that can mitigate attacks on Layer 2 protocols. MACsec (802.1AE) is the IEEE MAC Security standard that defines connectionless data confidentiality and integrity for media access independent protocols.

TCP and TCPCrypt

TCP itself doesn’t provide encryption mechanisms in terms of TCP 3-way handshaking, segmentation, or activities of transmission control. Security is provided by other services, e.g., TLS/SSL or IPSec.

TCP can fall back to its complement, the “tcpcrypt” protocol, a transport layer communication encryption protocol. However, “tcpcrypt” is an experimental project for the time being.

DNS and DNSCrypt

Traditional DNS doesn’t provide encryption either. Its extension, DNSSEC, doesn’t employ encryption to enforce confidentiality, instead, it digitally signs DNS records to enforce data integrity and authenticity.

DNSCrypt is the secure version of DNS. However, the protocol was never proposed to the Internet Engineering Task Force (IETF) by the way of a Request for Comments (RFC).





Leave a Reply