Chapter 3

Question 1

Algorithm

Answer 1

A set of rules and procedures, usually mathematical in nature. Algorithms can define how the encryption and decryption processes operate. Often very complex, many algorithms are publicly known; anyone can investigate and analyze the strengths and weaknesses of an algorithm.

Question 2

Assymetric Cryptography

Answer 2

A means of encoding and decoding information using related but different keys for each process. A key used to encode cannot decode, and vice versa. Cryptography based on algorithms that use either key pairs or some other special mathematical mechanism. Asymmetric cryptography that uses key pairs is commonly known as public key cryptography. Different keys serve different purposes. Different keys are used by different members of the communication session. Some systems use something different from keys altogether.

Question 3

Authentication, authorization, and accounting

Answer 3

Programs used to control access to computer resources, enforce policies, audit usage, and provide billing information. Examples include RADIUS, TACACS, 802.1x, LDAP, and Active Directory.

Question 4

Authenticity

Answer 4

The security service of the combination of authentication and access control (authorization) that provides either the identity of the sender of a message or controls who is the receiver of a message.

Question 5

Avalanche effect

Answer 5

A common feature of hash algorithms. This effect ensures that small changes in the input data produce large changes in the outputted hash value. A single binary digit change in a file should produce a clearly recognizable differ-ence in the resultant hash value.

Question 6

Certificate authority (CA)

Answer 6

A trusted third-party entity that issues digital certificates to verify and validate identities of people, organizations, systems, and networks digitally.

Question 7

Channel

Answer 7

A communication pathway, circuit, or frequency dedicated or reserved for a specific transmission.

Question 8

Ciphertext

Answer 8

The seemingly random and unusable output from a cryptographic function applied to original data. Ciphertext is the result of encryption. Decryption converts ciphertext back into plaintext.

Question 9

Client-to-server VPN

Answer 9

A VPN created between a client and a server either within the same local network or across a WAN link or intermediary network to support secure client interaction with the services of a resource host. Also known as a host-to-host VPN.

Question 10

Corporate firewall

Answer 10

An appliance firewall placed on the border or edge of an organization’s network.

Question 11

Decryption

Answer 11

The process of converting cipher text back into plain text.

Question 12

Dedicated connection

Answer 12

A network connection that is always on and available for immediate transmission of data. Most leased lines are dedicated connections.

Question 13

Dedicated leased line

Question 14

Digital certificate

Answer 14

An electronic proof of identity issued by a certificate authority (CA). A digital certificate is an entity’s public key encoded by the CA’s private key.

Question 15

Digital envelope

Answer 15

A secure communication based on public-key cryptography that encodes a message or data with the public key of the intended recipient.

Question 16

Digital signature

Answer 16

A public-key cryptography–based mechanism for proving the source (and possibly integrity) of a signed dataset or message. A digital signature uses the private key of a sender. Not the same as a “digitized signature,” which is a digital image of handwriting.

Question 17

Distributed LAn

Answer 17

A LAN whose components are in multiple places that are interconnected by WAN VPN links.

Question 18

Eavesdropping

Answer 18

The act of listening in on digital or audio conversations. Network eavesdropping usually requires a sniffer, protocol analyzer, or packet capturing utility. Eavesdropping may be able to access unencrypted communication, depending on where it occurs.

Question 19

Edge Router

Answer 19

A router positioned on the edge of a private network. Usually an edge router is the last device owned and controlled by an organization before an ISP or telco connection.

Question 20

Extranet VPN

Answer 20

A VPN used to grant outside entities access into a perimeter network; used to host resources designated as accessible to a limited group of external entities, such as business partners or suppliers, but not the general public.

Question 21

Fragmentation

Answer 21

This occurs when a dataset is too large for maximum supported size of a communication container, such as a segment, packet, or frame. The original dataset divides into multiple sections or fragments for transmission across the size-limited medium, then reassembles on the receiving end. Fragmentation can sometimes corrupt or damage data or allow outsiders to smuggle malicious content past network filters.

Question 22

Hardware VPN

Answer 22

A dedicated device hosting VPN software. Also known as an appliance VPN. Hardware VPNs can connect hosts and/or networks.

Question 23

Hash

Answer 23

The unique number produced by a hash algorithm when applied to a dataset. A hash value verifies the integrity of data.

Question 24

Hash algorithm

Answer 24

A set of mathematical rules and procedures that produces a unique number from a dataset.

Question 25

Hash value

Answer 25

The unique number produced by a hash algorithm when applied to a dataset. A hash value verifies the integrity of data.

Question 26

Hashing

Answer 26

The process of verifying data integrity. Hashing uses hash algorithms to produce unique numbers from datasets, known as hash values. If before and after hash values are the same, the data retain integrity.

Question 27

host-to-host VPN

Answer 27

A VPN created between two individual hosts across a local or intermediary network. Host-to-host VPNs is also known as client-to-server or remote-to-office or remote-to-home VPNs.

Question 28

Host-to-site VPN

Answer 28

A VPN created between a host and a network across a local or intermediary network. Also known as a remote access VPN.

Question 29

Hybrid VPN

Answer 29

A form of VPN establishing a secure VPN over trusted VPN connections.

Question 30

Identity proofing

Answer 30

The act of authentication. Confirming the identity of a user or host.

Question 31

Intermediary network

Answer 31

Any network, network link, or channel located between the endpoints of a VPN. Often the Internet.

Question 32

Key or encryption key

Answer 32

The unique number used to guide an algorithm in the encryption and decryption process. A valid key must be within the keyspace of an algorithm.

Question 33

Key exchange

Answer 33

The cryptographic function ensuring that both endpoints of a commutation have the same symmetric key. Key exchange occurs by simultaneous key generation or with a digital envelope.

Question 34

Key pair

Answer 34

The set of associated keys including a public key and a private key used by public key cryptography. Only the public key can decrypt data encrypted by the private key, and vice versa.

Question 35

Keyspace

Answer 35

The range of valid keys used by an algorithm. Keyspace is the bit length of the keys supported by the algorithm.

Question 36

Leased line

Answer 36

A network communications line leased from an ISP or telco service. A leased line is usually a dedicated line between network locations or to the Internet.

Question 37

Non-dedicated Connection

Answer 37

A network connection not always on and available for immediate trans-mission of data. A connection must be established through a negation process before the channel is open and ready for data transmission. Dial-up, ISDN, and DSL lines are non-dedicated connections.

Question 38

Nonrepudiation

Answer 38

A security service that ensures that a sender cannot deny sending a message. This service can be provided by public key cryptography, typically through a digital signature.

Question 39

One-time pad

Answer 39

A form of cryptography in which each encryption key is used once before being discarded. Keys are pseudorandom and never repeat. Key length must match message length, so that each character is encrypted with a unique key character.

Question 40

One-way function

Answer 40

A mathematical operation performed in one direction relatively easily; reversing the operation is impossible—or nearly so.

Question 41

Optical Carrier (OC)

Answer 41

A form of network carrier line, often leased or dedicated, which uses fiber optic cables for very high-speed connections. An OC-1 connection supports a throughput of 51.84 Mbps.

Question 42

Out of band

Answer 42

A method of communication through an alternative route, mechanism, or pathway than the current one employed (the current communication is known as “in band”). Commonly used as a technique for secured data exchange or verification of an identity.

Question 43

Private branch exchange (PBX)

Answer 43

A type of business telephone network. PBX systems allow for multiple phone extensions, voice mailboxes, and conference calling. PBX systems require specialized equipment. PBX systems are largely being replaced by VOIP (Voice over IP) solutions.

Question 44

Private key

Answer 44

The key of the public key cryptography key pair kept secret and used only by the intended entity. The private key decodes information encoded with its associated public key, encrypting information that can be decrypted only by its associated public key. This process validates the identity of the originator and creates a digital signature.

Question 45

Pseudo random number generator

Answer 45

The mechanism of computer systems that produces partially random numbers using a complex algorithm and a seed value that is usually time based. Computers are currently unable to produce true random numbers and a PRNG approximates randomness.

Question 46

Public Key

Answer 46

The key of the public key cryptography key pair shared with other entities with whom the holder of the private key wishes to correspond. The public key decodes messages encoded with its associated private key, originates messages that only the holder of the associate private key can decrypt, and creates digital envelopes.

Question 47

Public key cryptography

Answer 47

A subset of asymmetric cryptography based on the use of key pair sets. Public key cryptography uses public and private keys to create digital envelopes and digital signatures.

Question 48

Public network

Answer 48

Any network that accessible by entities from outside an organization. Most often, use of this term implies the Internet, but many other public networks exist.

Question 49

Rekeying

Answer 49

The process of triggering the generation of a new symmetric encryption key and secure exchange of that key. Rekeying can take place based on time, idleness, volume, randomness, or election.

Question 50

Remote access VPN

Answer 50

Another name for host-to-site VPN.

Question 51

Remote-to-home VPN

Answer 51

A VPN used to connect a remote or mobile host into a home computer or network. Also known as a host-to-host VPN.

Question 52

Remote-to-office VPN Scalability

Answer 52

A VPN used to connect a remote or mobile host into office network workstation. Also known as a host-to-host VPN.

Question 53

Secured VPN

Answer 53

A VPN that uses encryption to protect the confidentiality of its transmissions.

Question 54

Site-to-site VPN

Answer 54

A VPN used to connect networks. Also known as a LAN-to-LAN VPN and WAN VPN.

Question 55

Software VPN

Answer 55

A VPN crafted by software rather than hardware. Software VPN may be a feature of the operating system or a third-party application.

Question 56

Split Tunnel

Answer 56

A VPN connection that allows simultaneous access to the secured VPN link and unsecured access to the Internet across the same connection.

Question 57

Symmetric cryptography

Answer 57

Cryptography based on algorithms that use a single shared secret key. The same key encrypts and decrypts data and the same key must be shared with all communication partners of the same session.

Question 58

Traffic congestion

Answer 58

The problem when too much data crosses a network segment. This results in reduced throughput, increased latency, and lost data.

Question 59

Trusted third party

Answer 59

A mechanism of authentication using a third entity known and trusted by two parties. The trusted third party allows the two communicating parties, who were originally strangers to each other, to establish an initial level of inferred trust.

Question 60

Trusted VPN

Answer 60

A VPN whose components are wholly owned by the organization it serves.

Question 61

Virtual private network (VPN) VPN appliance

Answer 61

A mechanism to establish a secure remote access connection across an intermediary network, often the Internet. This allows inexpensive insecure links to replace expensive security links. VPNs allow for cheap long-distance connections established over the Internet. Both endpoints need only a local Internet link. The Internet itself serves as a “free” long-distance carrier. VPNs employ encapsulation and tunneling protocols, such as IPSec.
A hardware VPN device

Question 62

WAN VPN

Answer 62

A VPN between two networks over an intermediary network. Also known as LAN-to-LAN VPN and site-to-site VPN.

Question 63

multi factor authentication

Answer 63

Authentication that requires multiple valid proofs of identity used in simultaneous combination.

Question 64

LAN-to-LAN VPN

Answer 64

A VPN between two networks over an intermediary network. Also known as WAN VPN and site-to-site VPN.

Question 65

compression

Answer 65

Removal of redundant or superfluous data or space to reduce the size of a data set. Compression consumes less storage space and increases the speed of data transmission.

Question 66

Cryptography

Answer 66

The art and science of hiding information from unauthorized third parties. Cryptography is divided into two main categories: encryption and decryption.