Computer security Flashcards
What is authentication?
The process of verifying someone’s identity
How can you verify authentication?
What you know, who you are, or what you have
What is authorization?
Finding out if a person is permitted to access a resource
What is Access control?
Controlling access to a resource based on time of day, position, web browser, department, etc.
What are the three types of encryption?
Symmetric, Asymmetric, and hash
How many keys does symmetric encryption use?
1
How many keys does asymmetric encryption use?
2 - public and private
What are examples of symmetric encryption?
AES and 3DES
What are examples of Asymmetric encryption?
RSA and ECC
What are examples of Hash?
SHA1, MD5
What kinds of changes can be applied to symmetric keys?
Sub bytes, shift rows, mix columns, add round key
What are the three phases of asymmetric encryption?
Key change, negotiation, communication
How does hashing work?
Hash(message, salt)=hash value (256 bit)
What is the salt?
The salt is mixed in with the message so it becomes impossible to unhash. Otherwise it could be done using Google
What does CIA stand for?
Confidentiality - how do we keep something secret
Integrity- How do we prevent modification/control
Availability - How to ensure something is ready when needed
What is PII
Personally identifying information
What are the principals of PII
Notice, purpose, consent, security, disclosure, access, and accountability
What are the OWASP top three
Injection, Cross site scripting, broken authentication and access managment
What is XSS
Occurs when a application takes untrusted data and sends it to a web browser without proper validation. Attackers can execute scripts in the victims browser and hijack sessions and deface web sites or redirect.
WPA2
Better than WEP but is only as strong as the password that someone chooses.
