Chapter 7 Securing the basic lan Flashcards
What is encryption?
Encryption is the science of converting human-readable data into something unreadable and then back again to secure communications.
What is symmetric cryptography?
Symmetric cryptography is a type of cryptography where the same key is used for both encryption and decryption.
What is the primary purpose of cryptography?
The primary purpose of cryptography is to protect data.
What constitutes data in the context of IT?
Data includes anything stored digitally, such as photographs, text messages, phone conversations, or interactions with a web server.
What is data at rest?
Data at rest refers to data stored on mass storage devices like hard drives, SSDs, or optical media, without being accessed or processed.
What is an example of data at rest?
An example of data at rest is a MySQL database storing personal information on a hard drive.
What is data in use or data in computation?
Data in use or data in computation is data being actively accessed and processed by software, typically residing in RAM.
What is a potential risk with data in use?
A risk with data in use is that it can often be unencrypted while in RAM, making it vulnerable to attacks like shoulder surfing or keylogging.
What is data in transit?
Data in transit is data moving through networks, such as over a local area network (LAN), wireless network, or the internet.
What is sniffing in the context of data in transit?
Sniffing is the act of intercepting and capturing data as it moves between two points on a network.
What is a man-in-the-middle attack?
A man-in-the-middle attack is when an attacker intercepts and potentially alters data being transmitted between two parties without their knowledge.
Why are wireless networks attractive to hackers?
Wireless networks are attractive to hackers because data in transit is broadcast through the air, making it easier to intercept and sniff.
What are the three types of data discussed in the Security+ exam?
The three types of data are data at rest, data in use, and data in transit.
What is symmetric encryption?
Symmetric encryption is a method where the same key is used for both encryption and decryption of data.
What is a session key in symmetric encryption?
A session key is a temporary key used for a single encryption and decryption session between two parties.
What is the main problem with symmetric encryption?
The main problem with symmetric encryption is securely transmitting the key between parties.
What are in-band and out-of-band key exchanges?
In-band key exchange involves sending the key with the encrypted data, which is risky. Out-of-band key exchange involves transmitting the key through a separate, secure channel.
What is an ephemeral key?
An ephemeral key is a temporary key used only for a single session and then discarded, providing perfect forward secrecy.
What is perfect forward secrecy?
Perfect forward secrecy ensures that a compromised key from a past session cannot be used to decrypt data from a current session.
What is asymmetric encryption?
Asymmetric encryption uses a pair of keys—one public and one private. The public key is used for encryption, and the private key is used for decryption.
How does asymmetric encryption solve the key exchange problem in symmetric encryption?
In asymmetric encryption, the public key is shared freely to encrypt data, and only the holder of the private key can decrypt it, eliminating the need to securely transmit the key.
What is a key pair in asymmetric encryption?
A key pair consists of a public key (used for encryption) and a private key (used for decryption).
Why is asymmetric encryption considered slower and more complex than symmetric encryption?
Asymmetric encryption is slower and more complex because it requires key pair generation, key exchange, and management of multiple keys.
What is a cryptosystem?
A cryptosystem is a well-defined process in cryptography that outlines how algorithms and keys are used to secure communications in IT systems.
How is asymmetric encryption typically used in practice?
Asymmetric encryption is often used to securely exchange session keys, which are then used for faster symmetric encryption during the actual data exchange.
What is the problem with using Electronic Codebook (ECB) mode in symmetric encryption?
ECB mode encrypts identical blocks of data with the same key, leading to patterns that can reveal information about the original data.
Why is ECB mode not recommended for symmetric encryption?
ECB mode is not recommended because it can create visible patterns in the encrypted data, making it easier for attackers to infer the original content.
What is Cipher Block Chaining (CBC)?
CBC is a block mode that combines each plaintext block with the previous ciphertext block (after an XOR operation with an initialization vector) before encryption, creating a chain of blocks that improves security.
How does Cipher Feedback (CFB) mode work?
CFB mode encrypts an initialization vector and then XORs the result with the plaintext block. The output is used both as ciphertext and as input for the next encryption operation, creating a feedback loop.
What is Output Feedback (OFB) mode?
OFB mode repeatedly encrypts an initialization vector and XORs the result with plaintext blocks. Unlike CFB, OFB uses the same initialization vector for each block, which is continuously encrypted to generate the key stream.
How does Counter (CTR) mode work in symmetric encryption?
CTR mode combines a nonce with a counter that increments for each block, encrypts the result, and then XORs it with the plaintext block to produce ciphertext. This mode allows blocks to be encrypted in parallel.
What is the purpose of using different block modes in symmetric encryption?
Different block modes prevent patterns from appearing in the ciphertext, which enhances security by obfuscating the data more effectively.
What is an initialization vector (IV)?
An initialization vector (IV) is a random or pseudo-random value used in several block modes to ensure that identical plaintext blocks produce different ciphertexts.
Why is it important to use block modes other than ECB?
Using block modes other than ECB prevents the creation of recognizable patterns in the ciphertext, making the encryption more secure and resistant to attacks.
What happens to the data when a good block mode is applied to encryption, as shown in the example with the image of Maddie?
When a good block mode is applied, the encrypted data appears completely randomized, with no discernible patterns, making it secure against decryption attempts.
What is the main problem with symmetric key encryption?
The main problem with symmetric key encryption is securely transmitting the key between parties, as the same key is used for both encryption and decryption.
What is asymmetric encryption?
Asymmetric encryption uses a pair of keys: a public key for encryption and a private key for decryption. This allows secure communication without needing to transmit the key.
Who are Alice and Bob in cryptography?
Alice and Bob are fictional characters commonly used to illustrate cryptographic concepts, such as secure communication using encryption.
What is the role of the public key in asymmetric encryption?
The public key is used to encrypt data and can be shared freely with others, as it cannot be used to decrypt the data.
What is the role of the private key in asymmetric encryption?
The private key is used to decrypt data that has been encrypted with the corresponding public key and is kept secure by the owner.
What is RSA?
RSA is one of the first and most popular asymmetric encryption algorithms, named after its inventors Rivest, Shamir, and Adleman. It is based on the difficulty of factoring large semi-prime numbers.
What is a semi-prime number in the context of RSA encryption?
A semi-prime number is the product of two prime numbers and is difficult to factor back into its original primes, which is the basis for RSA’s security.
Why are large keys important in RSA encryption?
Large keys are important in RSA encryption because they increase security by making it computationally infeasible to factor the semi-prime number used in the encryption process.
: What is elliptic curve cryptography (ECC)?
ECC is a type of asymmetric encryption that provides strong security with smaller key sizes compared to RSA, based on the mathematical properties of elliptic curves.
How does ECC compare to RSA in terms of key size and security?
A digital signature is a cryptographic technique where data is encrypted with a private key to verify the sender’s identity, ensuring the authenticity of the message.
What is the typical use case for asymmetric encryption in web communications?
Asymmetric encryption is typically used to securely exchange a symmetric key for encrypting the rest of the session, combining the strengths of both encryption methods.
What is the main advantage of asymmetric encryption?
The main advantage of asymmetric encryption is that it allows secure communication by passing a public key to anyone, which can then be used to encrypt data that only the private key holder can decrypt.
What problem arises when using asymmetric encryption for web connections?
The problem is ensuring that the public key provided by a server, like Amazon, actually comes from the legitimate server and not from an imposter, such as in a man-in-the-middle attack.
What is a digital signature in the context of asymmetric encryption?
A digital signature is a hash of a web page or document that is encrypted with the private key. It is used to verify that the public key and the document came from the legitimate owner of the private key.
How does a digital signature help in verifying the authenticity of a public key?
A digital signature allows the recipient to verify that the public key and the associated document came from the holder of the private key by decrypting the signature with the public key and comparing the hash.
What is a digital certificate?
A digital certificate is a document that includes a public key, the associated digital signature, and often a third-party digital signature, all of which help verify the authenticity of the public key.
Why might a third-party digital signature be included in a digital certificate?
A third-party digital signature is included to provide an additional layer of trust, verifying that the public key and the digital signature come from a legitimate source, not an imposter.
What is a self-signed certificate?
A self-signed certificate is a digital certificate where the issuer signs the certificate with their own digital signature, without involving a trusted third party.
When might a self-signed certificate be appropriate?
A self-signed certificate might be appropriate for internal or in-house servers where there is no need to involve a third-party for verification, such as within a company’s local area network.
Why is it important to trust the third party that signs a digital certificate?
Trusting the third party is important because they verify the identity of the certificate holder, ensuring that the public key truly belongs to the person or organization claimed.
What role does hashing play in creating a digital signature?
Hashing is used to create a unique fingerprint of the document or data. This hash is then encrypted with the private key to form the digital signature, ensuring the document’s integrity and authenticity.
What is a self-signed certificate?
A self-signed certificate is a digital certificate that is signed by the entity itself, rather than by a trusted third-party certificate authority. It is often used in trusted environments like in-house applications or internal networks.
When might a self-signed certificate be used?
A self-signed certificate is commonly used in trusted environments, such as in-house applications, internal email systems, or wireless networking setups, where external validation is not required.
What is the main drawback of using a self-signed certificate in a public environment?
In a public environment, self-signed certificates are generally not trusted by other users or systems, leading to warnings and errors, such as in web browsers.
What is a Web of Trust?
A Web of Trust is a decentralized trust model where individuals sign each other’s certificates based on mutual trust, creating a network of trusted connections without a central authority.
What are the challenges of using a Web of Trust?
The main challenges of a Web of Trust include the responsibility placed on individuals to verify and sign certificates, and the complex and manual process of establishing trust, which has limited its widespread adoption.
What is Public Key Infrastructure (PKI)?
Public Key Infrastructure (PKI) is a hierarchical trust model that uses certificate authorities (CAs) to issue and manage digital certificates, providing a more structured and widely accepted system of trust for public communications.
What is a Certificate Authority (CA)?
A Certificate Authority (CA) is an organization responsible for issuing and verifying digital certificates, ensuring the authenticity and integrity of the certificates used in secure communications.
What role do Intermediate Certificate Authorities play in PKI?
Intermediate Certificate Authorities help distribute the workload of the main Certificate Authorities by issuing certificates to end users, creating a layered trust hierarchy.
Why is PKI widely used for public internet communications?
PKI is widely used for public internet communications because it provides a structured and trusted way to issue and manage digital certificates, ensuring secure and authenticated exchanges of information.
What are the three types of trust models mentioned in the transcript?
The three types of trust models are self-signed certificates, Web of Trust, and Public Key Infrastructure (PKI).
What is Public Key Infrastructure (PKI)?
PKI is an idea or framework for managing digital certificates and public-key encryption, but it is not a specific standard.
What is the X.509 standard?
The X.509 standard is a methodology that defines how systems can query other systems for certificates and how those certificates are organized and used.
What is PKCS?
PKCS (Public Key Cryptography Standards) is a set of standards that specify how certificates are structured, managed, and used within the PKI framework.
What is a Root Certificate Authority?
A Root Certificate Authority (CA) is the top-level authority in a PKI hierarchy, responsible for issuing the root certificate, which is the basis for all other certificates in the chain.
Why is the root certificate often taken offline?
The root certificate is extremely valuable and sensitive, so it is often taken offline to protect it from being hacked or compromised.
: What is an Intermediate Certificate Authority (ICA)?
An Intermediate Certificate Authority (ICA) is a subordinate CA that handles most of the certificate issuance and management, reducing the load on the Root CA and helping to protect the root certificate.
What is a Registration Authority (RA)?
A Registration Authority (RA) is responsible for handling the registration and initial setup of new certificates, especially as the demand for certificates has increased with the growth of secure web services.
What is certificate chaining?
Certificate chaining is the process where a series of certificates link together from the Root CA through any number of Intermediate CAs to the end entity (e.g., a web server), creating a chain of trust.
Why might multiple intermediates be used in a PKI?
Multiple intermediates might be used to distribute the load of certificate management, create layers of trust, and improve the security and organization of the certificate issuance process.
What is the primary role of an Intermediate Certificate Authority (ICA)?
The primary role of an ICA is to issue and manage certificates, validate them, and act as a bridge between the Root CA and the entities that need certificates.
What is the purpose of the lock icon in a web browser?
The lock icon indicates that the connection to the website is secure and encrypted, often using an SSL/TLS certificate.
What standard are all certificates based on?
All certificates are based on the X.509 standard, which defines the structure and usage of digital certificates.
What is a Domain Validation (DV) certificate?
A Domain Validation (DV) certificate is a basic SSL certificate that verifies the ownership of a specific domain, typically used for securing a single domain.
What is a Wildcard SSL certificate?
A Wildcard SSL certificate secures all subdomains of a particular domain, such as *.example.com, allowing multiple subdomains to be protected under a single certificate.
: What is an Extended Validation (EV) certificate?
An Extended Validation (EV) certificate is an SSL certificate that undergoes more rigorous validation processes, providing higher assurance of the certificate’s legitimacy and often offering more significant warranty protection.
What is a Subject Alternative Name (SAN) certificate?
A Subject Alternative Name (SAN) certificate allows multiple specific domains or subdomains to be included in a single certificate, offering flexibility without using a wildcard.
What is an email certificate?
An email certificate is used to encrypt and sign email communications, ensuring the authenticity and confidentiality of the emails sent and received.
What is code signing?
Code signing is the process of applying a digital signature to software or code to verify its source and ensure it has not been altered since it was signed.
What are catalog files (.cat) used for in Windows?
Catalog files (.cat) store device drivers and their associated files, and they often include digital signatures to verify the integrity and source of the drivers.
Why might a wireless network use certificates?
Certificates in wireless networks can be used to secure communications between devices and the wireless access point, ensuring only authorized devices can connect.
What is the main challenge in using certificates?
The main challenge in using certificates is ensuring the correct type of certificate is used for the intended purpose, such as web servers, email, or code signing, and properly importing and managing the certificates for each application.
What does a digital signature in a certificate indicate?
A digital signature in a certificate indicates that the certificate has been verified by a trusted authority and that the software or data it protects has not been tampered with.
How can you view and manage digital certificates on a Windows system?
You can view and manage digital certificates on a Windows system using the Microsoft Management Console (MMC), which can be accessed by searching for “certificates” in the search box or through the Edge browser.
What information can you find in the General tab of a certificate in Windows?
The General tab provides information about who the certificate is issued to, who issued it, and the validity dates.
What does the “Issuer” field in a certificate detail?
The “Issuer” field indicates where the certificate came from, such as the issuing Certificate Authority (CA).
Why is it important to check the signature algorithm and hash of a certificate?
The signature algorithm and hash determine the security of the certificate. Weaker algorithms like MD5 are less secure, while stronger ones like SHA-256 provide better encryption and trustworthiness.`
What is a thumbprint in a certificate?
A thumbprint is a unique identifier or serial number for the certificate, used for identification and revocation purposes.
What is the purpose of personal certificates?
Personal certificates are used to identify individuals and provide secure access to services, such as VPNs or corporate email systems.`
What are Trusted Root Certificate Authorities (CAs)?
Trusted Root Certificate Authorities are the top-level authorities in the trust chain, responsible for issuing and verifying other certificates. They serve as the foundation of trust for digital certificates.
Why might you need to export a certificate?`
Exporting a certificate allows you to create a backup or share the certificate with another system, such as when setting up a secure connection on a different device.
What are the common formats for exporting certificates, and when might you use them?
Common formats include DER-encoded binary, Base64-encoded, and PKCS #7. The format choice depends on the system where the certificate will be imported, with PKCS #7 being the most widely accepted standard.