Chapter 10 Flashcards

1
Q

What is symmetric encryption?

A

Symmetric encryption uses the same key to encrypt and decrypt data. It can either use a stream cipher or block cipher to encrypt data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the difference between block ciphers and stream ciphers?

A

Block cipher: Encrypts data in blocks. More complex and requires more time. High diffusion. Less susceptible to malicious insertions, a single error in a block can corrupt an entire block. Block ciphers require an initialization vector. Generally efficient to use when the size of the data is known, database files.

Stream cipher: Encrypts data one bit at a time. High performance requires fewer resources. lowe diffusion. A single error in a bit is not likely to corrupt subsequent bits. Generally efficient to use when the size of the data is unknown or if it is sent in streams (like streaming video or audio).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is asymmetric encryption?

A

Asymmetric encryption used a key pair (private and public key) to encrypt and decrypt data. Asymmetric encryption requires a public key infrastructure (PKI) to issue certificates.

It is also slow and inefficient compared to symmetric encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is steganography?

A

steganography is the process of hiding or embedding information inside another piece of information ( a picture for example). It can provide a level of confidentiality, but not as well as encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What do digital signatures provide?

A

Authentication, Integrity, Nonrepudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a digital in an email (its composition)?

A

A user’s digital signature is a hash of the email message encrypted with the sender’s private key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What’s the general difference between a hash and a checksum?

A

Hash: More cryptographically secure, produces much longer numeric outcomes.

Checksum: Normally used as a fast way to quickly check the integrity of data, not meant to be cryptographically secure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is MD5 and what is its recommended use?

A

MD5 is a hashing algorithm that has since been compromised and is not safe for use cryptographically. MD5 however, is still used to get quickly check the integrity of data, as a checksum.
MD5 is highly susceptible to Hash Collision.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is HMAC and does it differ from MD5 and SHA?

A

Hash-based Message Authentication Code (HMAC) is similar to MD5 and SHA and it provides a fixed-length string of bits (HMAC-MD5, HMAC-SHA256).

Where it differs is it also uses a shared secret key to add additional randomness to the result and only the sender and the receiver know the secret key. It is able to provide both integrity and authenticity of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which secure protocols often use a version of HMAC?

A

IPsec and TLS often use a version of HMAC such as HMAC-MD5 or HMAC-SHA256

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a Hash Collision?

A

A Hash Collision occurs when a hashing algorithm creates the same hash for two different inputs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What’s the difference between Online and Offline password attacks?

A

Online password attacks: Attempts to discover passwords from an online system. Systems logs can be used to identify failed login attempts and locked accounts due to multiple failed attempts.

Offline password attacks: Attempts to discover passwords from a captured database or captured packet scan offline. This attack gives attackers more time to discover a password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What do Event ID 4625 and Event ID 4740 mean in Windows system log?

A

Event ID 4625: Multiple failed login attempts

Event ID 4740: Account locked due to multiple failed login attempts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a dictionary attack?

A

A dictionary attack is a password attack. It uses a dictionary of common words/phrases and characters (1234) to guess accounts passwords (attempting every word). A dictionary can be used in a brute-force attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the difference between a brute force attack and a spraying attack?

A

These are both brute-force password attacks they use different methods to get the same desired outcome.

Brute force attack: Uses a large number of passwords against a single account in an attempt to guess the account password, or force its way in.

Spraying attack: Uses single passwords in rotation on multiple accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Pass the Hass Attack?

A

In a pass-the-hash attack, an attacker discovers the hash of a user’s password and uses this hash to log on to systems as the user.

Things to keep in mind: Strong indicator of this attack is the usage of NTLM as the authentication package and or a logon process of NtLmSSP shown in Event ID 4624 in Windows security log.
Event 4672 determines the privilege used to connect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a birthday attack?

A

Birthday attacks exploit hash collision and the birthday mathematical paradox which states: In a random group of 23 people there is a 50% chance that 2 of them were born on the same day out of the 366 days in a year.

In a birthday attack, the attacker aims to create a password that produces the same hash as a user’s password.

If the password could only be one of 366 possibilities, the attacker has a 50% chance of guessing it after 23 attempts. This attack is stopped by increasing the number of bits in a hash to increase the number of possible hashes. MD5 is susceptible to birthday attacks (128 bits hash), whereas SHA-3 is not (512 bits hash).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is a Rainbow Table Attack?

A

A Rainbow Table Attack attempts to guess a user’s password from the hash.

Rainbow tables are huge databases of password and their hash. If an attacker gets a hash of a user password they can use a Rainbow table to see if the user’s hash matches any hash in the table. If there is a match, then the attacker knows the password or at least a password that produces the same hash as the user’s password.

Rainbow Tables are normally used in offline attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is salting a password?

A

Password salting adds additional characters to a password before it is hashed, this adds complexity to the password and produces a hash that is different than the hash of just the password itself.

Salting is a great way to stop rainbow table attacks, dictionary attacks, brute force attacks, and other password attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is Key Stretching?

A

Key Stretching is used to increase the strength of the stored password by adding a cryptographic stretching algorithm to a salted password.

Three common key stretching algorithms are bcrypt, PBKDF2, Argon2.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is bcrypt?

A

Bcrypt is used in many Unix/Linux environments to safeguard passwords. It does this by salting a password and using blowfish to encrypt the salted password. It goes through this process of salting and encrypting many times.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is PBKDF2?

A

Password-based Key Derivation Function 2 protects a user password by adding salt of at least 64 bits to a password before adding additional randomness to the password using HMAC or a similar function. This process can be repeated as many times as desired to increase the

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is Argon2?

A

Argon2 works the same as PBKDF2 and Bcrypt, by adding salts and running the slats output through an algorithm several times to increase the security of a password.

There are several versions of Argon2.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What are the 3 common symmetric algorithms outlined in the book?

A

AES: Advance encryption standard

3DES: 3DEs or Trippes DES (Data Encryption Standard) is an improvement of the legacy DES algorithm, 64-bit Block cipher.

Blowfish & Twofish

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is AES and what are its benefits?

A

AES: Advance encryption standard, is a strong symmetric block cipher that encrypts data in 128-bit blocks. AES can use various key sizes to encrypt data (128bits, 192bits, 256bits), the larger the key the stronger the encryption (that is universal for mostly all encryption algorithms).

Benefits of AES:
Fast - encrypts/decrypts data on one pass
Efficient - AES uses fewer resources as compared to other encryption symmetric algorithms
Strong - provides strong encryption, which provides a strong level of confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is 3DES?

A

3DES: 3DEs or Trippes DES (Data Encryption Standard) is an improvement of the legacy DES algorithm. 64-bit Block cipher. 3DES uses 3 separate passes and multiple keys to encrypt and decrypt, use more resources, and is slower than AES. Can be used as an alternative when AES is not supported. Provides strong encryption, key sizes (56 bits, 112 bits, and 168 bits).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What are blowfish and twofish?

A

Blowfish: A block cipher that encrypts in 64 bits blocks, and supports key sizes between 32 bits and 448 bits.

Twofish: related to blowfish, but encrypts data in 128-bit blocks and it supports 128-192- or 256-bit keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What are certificates?

A

A certificate is a digital document that typically includes the public key and information on the owner of the certificate. Certificate Authorities (CA) issue and manage certificates.

Certificates are used for a variety of purposes, including asymmetric encryption, authentication, and digital signatures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What are ephemeral keys and what is its benefit?

A

Ephemeral keys are temporary key pairs typically used for a single session and discarded. in contrast, certificates are based on static keys, which are embedded and can be used for the life cycle of the certificate.

Perfect forward secrecy: simply put, ephemeral keys are randomly generated even given the same input. This ensures that systems are not resuing session keys and that the compromisation of a key has no bearing on other keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is elliptic curve cryptography?

A

Elliptic curve cryptography is a method of cryptography that uses few resources as compared with other cryptographic methods. It produces key sizes that are much smaller than but it’s able to achieve the same level of security as larger keys.

a 256-bit elliptic curve public key can provide the same security benefit as a 3072-bit key used with digital signature algorithm (DSA).

31
Q

What are the 3 aspects of quantum computing that are used for security?

A

Quantum computing utilizes superpositioning, qubit entanglement, and no-cloning theorem.

Superposition: Bits (1&0) are superposition onto each other to create a quantum bit or qubit for short. Simplistic speaking it’s a bit that is both a 1 and 0 at the same time.

Qubit entanglement: In regular computing bits are not dependent on each other’s value. A 1 is not dependent on a 0 and vice versa. In quantum computing, the qubits are dependent on each other’s values.

No-cloning: When data is stored in a quantum state it is nearly impossible to copy or read it because any attempt to do so causes a change in the data itself. This can also serve as an indication of an attack.

32
Q

What is lightweight cryptography and how is it typically used?

A

Lightweight cryptography generally refers to cryptography deployed on smaller devices (RFID tags, sensor nodes, smart cards, and IoT devices).

Lightweight cryptography uses fewer resources to provide the desired security for these devices, without diminishing the device’s performance.

33
Q

What is homomorphic encryption?

A

Homomorphic encryption allows data to stay encrypted while it is being used or processed. Homomorphic encryption method works best when data is stored and manipulated as integers.

34
Q

What are the 3 common encryption modes of operation used with encryption?

A

Authenticated: This mode ensures confidentiality through encryption and authenticity of data by using a Message Authentication Code (MAC) with a symmetric key.

Counter Mode Cipher (CTR): Allows block cipher to function as stream ciphers. CTR uses an IV combined with a counter to produce varying keys. It provides authentication and authenticity as well.

Unauthenticated: This mode just provides authentication through encryption but that’s it. It does not ensure the integrity of data.

35
Q

What keys are used to encrypt and decrypt an email’s digital signature?

A

The sender’s private key encrypts the hash of the message (digital signature).

The receiver of the email will use the sender’s public key to decrypt the hash of the message (digital signature).

The sender’s public key is sent along with the email in a certificate. The public key is a S/MIME.p7s format file.

36
Q

Digital signatures provide what 3 key benefits?

A

Authentication: The sender of the email is authenticated by using a digital signature because their private key is unique to them.

Non-repudiation: When a sender signs an email with a digital signature they cannot later deny it was them that sent it.

Integrity: The matching hash of the message will ensure the receiver of the email that the message has not been corrupted or modified along the way.

37
Q

What keys are used to encrypt and decrypt an email?

A

The sender of the email will use the recipient’s public key (they key this key from their certificate) to encrypt the email message.

The receiver of the email then uses his private key to decrypt the email.

For added step for authenticity, integrity, and non-repudiation, the sender could also digitally sign that encrypted email message.

38
Q

What is the process of encrypting an email message only using asymmetric encryption?

A

1 - The sender retrieves the recipient’s public key from their certificate.
2 - The sender then encrypts the email message with the recipient’s public key and sends the message to the desired recipient.
3 - The recipient gets the messages and uses their private key to decrypt the email message.

This method is a few email applications.

39
Q

What is the process of encrypting an email message using asymmetric and symmetric encryption?

A

1) Sender encrytps the email message with the symmetric encrytpion they would like to use (AES, 3Ds, Blowfish/Twofish, etc.,)
2) The sender retreive the reciptient’s public Key from thier cetrificate and encrypts the symmetric key used to encrypt the emial message, and sends the messages to the precepitent.
3) The recpitent receive the encrypted email and uses thier paired private key to decrypt the the symmetric key.
4) once the symmertic key is decrypted, the recipient that uses the symmetric key to decrypt the emial message.

40
Q

What is S/MIME?

A

Secure Multipurpose Internet Mail Extension (S/MIME) is one of the most frequently used methods to digitally sign and encrypt an email. S/MIME uses both asymmetric and symmetric encryption. It is able to encrypt emails at rest and in transit.

41
Q

What ports are used to implement S/MIME on POP3-over-TLS, SMTP-over-TLS, and IMAP-over-TLS?

A

Port 995 for POP3-over-TLS
Port 587 for SMTP-over-TLS
Port 993 for IMAP-over-TLS

42
Q

What is the process of encrypting an HTTPS session using asymmetric and symmetric encryption?

A

1) The client first requests an HTTPS session from a website server by clicking on an HTTPS link or by typing an HTTPS URL into a web browser
2) The web server responds to the client’s request by sending its certificate to the client which holds its public key
3) The client identifies a symmetric key it would like to use for the session (also called a session key) and encrypts it with the web server’s public key
4) The key is then sent to the web server where it uses its private key to decrypt the symmetric key
5) Now that both the client and the web server know the session key a service session is now established and data can be securely shared between the client and the website.

43
Q

What is a plain text attack a.k.a know plain text attack?

A

This is a cryptographic attack in which the attacker has both a portion or the whole plain text and the encrypted version of that text. Using both data, they are able to discover the encryption and decryption methods and use it to decrypt other text or the rest of the cipher text.

44
Q

What is a chosen plain text attack?

A

This is a cryptographic attack in which the attacker has chosen a portion of the cipher that may be common (like warnings at the end of emails indicating proprietary use) and attempt various method to decrypt the chosen text. if successful, they can decrypt the rest of the message.

45
Q

What is a ciphertext-only attack?

A

This a cryptographic attack in which the attacker has no knowledge of the plain text and is attempting to decrypt the ciphertext.

46
Q

What is high resiliency in cryptography?

A

High resiliency refers to the security of an encryption key even if an attacker discovers part of the key. A strong encryption algorithm ensures that if leakage occurs (a portion of the key is discovered) it does not compromise the encryption key.

47
Q

Hows is obfuscation best supported?

A

Obfuscation is best supported through the use of steganography. Security through obscurity.

48
Q

How do cryptographic concepts support low-power devices?

A

The use of elliptic curve cryptography and other lightweight cryptography algorithms support deploying cryptography on low-power devices. This includes wireless devices, and any IoT devices.

49
Q

What is OCSP and how does it support low latency?

A

Online Certificate Status Protocol (OCSP) provides real-time verification of a certificate revocation status.

Normally certificate revocation lists (CRL) are cached, however, this doesn’t always provide the client with the most up-to-date information regarding a certificate status. To decrease the latency of the client waiting until the CRL is refreshed in the cache, using OCSP the client can request the status of a certificate with the CA or the certificate revocation list issuer, who runs the certificated serial number against its data base and respond to the client in real-time.

50
Q

What are CAs and what do they do?

A

Certificate authority issues, manages, validates, and revokes certificates. They can be large public orgs or small internal.

51
Q

What is a root certificate?

A

A root certificate identifies and verifies the CA as a trusted CA. The root certificate is placed into a trusted root CA store. This is the equivalent of the DVM providing a document (certificate) that they are trusted to issue identification cards (general ID, permits, driver’s licenses, etc.,)

52
Q

What is the hierarchical (aka centralized) trust model?

A

This model established a chain of authority, identifying the root CA (the first in the chain) down to the child CA (the last in the chain).

The public CA creates the first CA within its org, known as the root CA.
If desired, the root CA can create intermediate CAs and issues them certificates.
The intermediate CAs can create child CAs and issue them certificates.
The child CAs can issue certificates to devices and end users.

When attempting to establish an HHTPS session with a web browser, the client verifies the certificate, as well as the chain of authority. Also, any one of the CAs mentioned above can issue certificates to devices and end users, not just the child CA.

53
Q

What is it called when certificates starting at the root CA down to the end user are linked together?

A

Certificate Chaining

54
Q

What is the process for requesting a certificate from a CA?

A

If a website would like to provide HTTPS sessions it would have to fill out a CA’s certificate signing request (CSR).

The owner of the website would create their public and private key pair.

Then they would identify a CA they would like to use and fill out the CSR form. Within this form, the owner would provide information like what the certificate would be used for, info on the website, the public key, the org, and the owner.

After the form is filled out, the CA will conduct their due diligence and verify the requester’s identity. Depending on the purpose of the certificate, this can be an extensive process or as simple as using the credit card used for payment.

55
Q

What is an RA?

A

In a large organization, the registration authority (RA) can assist the CA with collecting registration information. The RA DOES NOT ISSUE certificate.

56
Q

What is an alternative to the CRL, and what use case does it support?

A

An alternate to the Certificate Revocation List (CRL), is the Online Certificate Status Protocol (OCSP) which verifies a certificate in real time by using the serial number of the certificate in question.

CAs respond to the client with a response of good, revoked, or unknown (possible forgery if unknown).

OCSP supports the use case of low latency, as clients can get a response from the CA in real-time, and not have to wait for a new CRL to be downloaded before verification can occur.

57
Q

What was a good way to decrease real-time traffic to the CA for the verification of certificates?

A

OCSP stapling.

OCSP stapling gives a certificate presenter (web browsers, etc) a signed (digital signature) time stamp response from the CA which the presenter can provide to the client along with their certificate and public key. This way the client has no need to send traffic to the CA requesting verification.

58
Q

What is key pinning?

A

The purpose of Key Pinning is to inhibit attackers from impersonating a website by using fraudulent certificates.

When an HTTP request is made by the client, the certificate presenter responds with an extra header. The extra header includes a list of hashes derived from valid public keys used by the website. When the client visits the website again, it recalculates the hash to verify that it is the same website.

59
Q

What are key Escrows?

A

Key escrows are used to safeguard backups of a private key. If the key is lost, a designated individual in an org can retrieve the key (Recovery Agent).

60
Q

Certificates issued primarly to machine/computers (devices) are called what?

A

Machine certificate or computer certificate

61
Q

Certificate issued to users for encryption. authentication, smart cards, and more are called?

A

User certificate

Microsoft systems can create certificates allowing the user to encrypt data using Encrypting File Systems (EFS).

62
Q

What are code signing certificates used for?

A

Code signing certificates are often used to validate the authentication of executable applications or files. This is done by verifying that a code has not been modified before it is run.

63
Q

What are the pros and cons of a self-signed certificate?

A

Self-signed certificates are issued by a CA with a private org.

Pros:
no cost to the org to produce these certificates as they are not buying them from a publicly trusted CA.
They are used internally.

Cons:
They are not issued by a trusted CA, hence they are not trusted to be used externally

64
Q

Who issues a root certificate?

A

Root certificates are issued by the root CAs

65
Q

What is a wildcard certificate?

A

Wildcard certificates start with an asterisk(*). They can be used with multiple domains if each domain name contains the same root domain.

Google.com is the root domain, so a wildcard certificate can be used for account.google.com or support.google.com

66
Q

What is a subject alternative name certificate (SAN)?

A

Subject alternative name certificates (SAN) are used for multiple domains that have different names but are owned by the same organization.
Ex: Google uses SANs of *google.com, *android.com, *.cloud.google.com

It is also used for systems with the same base domain names, but different top-level domains.
Ex: Google uses a single SAN for google.com, and google.net

67
Q

What is the purpose of a Domain Validated (DV) certificate?

A

A domain-validated certificate provides additional evidence to clients that visit a particular website with a DV that the site or organization is trustworthy

68
Q

What is the purpose of an Extended Validated (EV) certificate?

A

Extended validated certificate foes beyond that of a DV certificate. Sites using EV certificates have the organization appear in the browser before the URL. An EV certificate like a DV certificate simply aims to provide more assurance to the client that the site and organization are trustworthy.

EVs are on the decline because most users do not bother to check for them.

69
Q

What are the two file types that certificates are stored in?

A

Binary files or BASE64 American Standard Code for Information Interchange (ASCII) encoded files.

Binary files are stored as 1s and 0s

BASE64 encoding converts binary data to American Standard Code for Information Interchange (ASCII) string format.

70
Q

What are the two base formats for certificates, their extension, and their common purpose?

A

Canonical Encoding Rules (CER) - the common extension for this base format is .cer: used for ASCII certificates

Distinguished Encoding Rules (DER) - the common extension for this base format is .der: uses for binary certificates

71
Q

What file types are Distinguished Encoding Rules (DER) and Canonical Encoding Rules (CER) stored in?

A

Distinguished Encoding Rules (DER) are stored as binary files - files types to do include headers and footers compared to ASCII

Canonical Encoding Rules (CER) are stored as American Standard Coding for Information Interchange files

72
Q

What are the extensions for the Privacy Enhanced Mail (PEM) base certificate format, its file type, and its use?

A

Privacy Enhanced Mail (PEM) base certificate uses the following extensions:
.pem, .cer. crt, .key

File storage type: can be Binary or ASCII

PEM purpose: this base type can be used for almost any certificate purpose, including share public keys within a certificate, request a certificate from a CA as a CSR, install a private key on a server, publish a CRL, or share the full certificate chain.

73
Q

What are the extensions for the P7B base certificate format, its file type, and its use?

A

P7B base certificate uses the following extensions:
.p7b, .p7c

File storage type: ASCII (CER)

P7B: this base type can be used to share public keys. P7B certificates can also contain a public key, certificate chain, or CRL, but NEVER a private key.

74
Q

What are the extensions for the P12/PFX base certificate format, its file type, and its use?

A

P12/PFX base certificate uses the following extensions:
.p12, .pfx

File storage type: Binary (DER)

P7B: this base type can be used to share private keys. P12/PFX certificates can also contain a public key, certificate chain, or private keys.