Domain 3 Flashcards

Question

What is Paging and Page Fault?

Answer 1

Paging occurs when the OS copies virtual memory from disk to main memory or vice-versa. Page fault is an exception that results in paging - it is when the process realizes the data is in disk and needs to be called to main memory to be used which prompts paging - e.g., you dont use a word document for a while. when you go to open it you notice it takes a second or two to load - this is because the document went to disk and is being called back to main memory. There was a page fault which prompted paging to occur Swaps are similar to paging but swap is one big swap all at once Locked memory prevents data from being paged

Answer 2

The theoretical ability to store and retrieve data in memory is useless without the ability to tell the memory system where to store or fetch the data. Each byte in memory is assigned a unique address that distinguishes it from the other bytes.

Answer 3

1) Direct addressing - simplest form of addressing. The system knows the exact location of data in memory and requests the data by passing the actual address to the memory subsystem 2) Indirect addressing - The first location contains an address (a pointer) to another location that holds the data 3) Register direct addressing - the CPU contains tiny memory areas known as registers. Registers are temporary storage for the task the CPU works on at that instant. To operate on values from main memory, the values must first be loaded into a register. Register direct addressing is slightly different from the other types of addressing in that it never refers to main memory. It simply refers to a specific register that already contains the required data 4) Register indirect addressing - In this addressing mode, the system looks in the specified register for the data's address in main memory 5) Indexed addressing - Uses a memory location, plus an offset (called an index register). For example, the address may contain an array and the index register references an element of the array (go here plus this)

Answer 4

The OS is the heart of the computer and is loaded by a boot program. It controls everything that happens with the hardware and brings the hardware to life The mainframe boot process is called Initial Program Load (IPL) The OS does: 1) program execution 2) system access 3) error detection 4) accounting Process States are: 1) run 2) wait 3) ready 4) sleep 5) interrupt

Answer 5

1) User - layer in the operating system where user applications run 2) Privileged - protected area of the operating system (or kernel) responsible for memory, process, disk and task management.

Answer 6

The kernel is the essential nucleus of the OS, the core that provides basic services for all other parts. A kernel can be contrasted with a shell, the outermost part of an OS that interacts with user commands. Typically, a kernel includes an interrupt handler that handles all requests that compete for the kernels' services, a scheduler that determines which programs share the kernel's processing time in what order, a virtual memory manager, and a supervisor that gives use of the computer to each process when it is scheduled. Applications can request kernel service through system calls. When the kernel is executing on a CPU, the system is operating in privileged mode. This means it can interface directly with other parts of the OS and view all the internal data structures. When user applications run in user mode, they rely on the system call interface to request services from the kernel. Because the code that makes up the kernel is needed continuously, it is loaded into protected memory so that it will not be overlaid with other less frequently used parts of the OS. In a VM system, the kernel would never be swapped out to the disk and would remain in physical RAM at all times.

Answer 7

1) Layering - organization of functions into separate components, each of which interacts with the others in a sequential way. Each layer will interface only with the layer above it and the layer below it and should work independently. If one layer in the system fails, it should not affect the other layers. 2) Abstraction - the process of finding commonality in different objects, and then exploiting it to make the objects simpler to manage. The ultimate goal is to reduce complexity and to hide the inner workings of the system. A good example of this is when you hit the save button in word. You dont know all the detail in the background of what is happening to save the file. All you see is the file was saved - you dont want to see the inards of saving. Example - you turn on a sink and water comes out, you dont want to know how the water gets out, just that it works. Simplification.

Answer 8

1) Ring 0 = OS Kernel 2) Ring 1 = Operating System components that are not part of the kernel 3) Ring 2 = I/O drivers and utilities 4) Ring 3 = Applications and programs Note that most systems only use Ring 0 and Ring 3 - if all rings were used, you would have to go to each ring for a system call which would cause latency and slow down the program. Example if when you hit the save button, its easier to go from ring 3 to ring 0 vs. go through every ring to save the file. Grinds away and does every step. Ring 3 = least secure Ring 0 = most secure

Answer 9

Pull the disk from the motherboard but without the TPM chip, it wont work, even if you have username and password. Key use is full disk encryption - if you pull the drive form the laptop and dont have the TPM chip, you cannot decode the data

Answer 10

Think Cloud... Virtualization takes an application, desktop, or server and provides virtualized hardware. There is no direct hardware access as all access is via virtualized hardware created by the virtualization software. the hy[pervisor runs on the host, controlling the virtual machines and their access to the real hardware.The hypervisor is the key to the security. Attacks on virtualization usually target the hypervisor. Benefits of virtualization - lower hardware costs, cooling and electricity costs, simplified administration (easier patching, backups, etc.), server consolidation, create system snapshots and restore later, clone systems, simpler system testing, simpler BCP The hardware server is called the host and runs multiple virutalized operating systems (called virtual machine or guests). VDI - think NYL desktop - Virtual Desktop Infrastructure VPS - virtual private server (VPS) - virtual machine hosted by a third-party internet hosting company. Offer full VM OS access - you own it. This is similar as putting your own physical server in a co-location, facility, the owner has full control of the server OS. P2V - physical to virtual - change a physical host to a virtual machine

Answer 11

1) Full virtualization - runs unmodified applications or operating systems designed to run directly on computer hardware 2) Para-virtualization - runs specially modified applications or operating systems

Answer 12

* Still need to patch and harden * Must properly segment the network Specific requirements for virtualization: - protect the hypervisor - protect the special host

Answer 13

It is the risk of a successful attach from: 1) virtual machine to host operating system 2) virtual machine to another virtual machine The attack is against the hypervisor or virtual devices controlled by the hypervisor - all virtual machines and potentially the host itself, are at risk. This is a risk if you co-mingle VM with different security requirements on the same hypervisor - consider having a different hypervisor for each network. Basically, the VM gives you access to not just your RAM but other RAM - you can copy on or off to all hypervisor ram, run code on the hypervisor, and therefore, can disrupt other systems and anything on the hypervisor even if you shouldnt have accesss to it. You escape out of your VM to others through the hypervisor and copy data or write code. You should disable drag, drop, and copy and paste and turn off as many virtual devices as you can. PATCH your hypervisor routinely!

Answer 14

1) A collection of related data intended for sharing by multiple users 2) DBMS - stores data and provides operations on the database, such as create, delete, update and search. It also provides security and integrity controls

Answer 15

1) Data definition language (DDL) - defines database schema | 2) Data manipulation language (DML) - examines and manipulates contents of a database

Answer 16

1) Ensure users do not attempt to access the same data at the same time - control this through use of locks that are imposed on rows or fields in the database. Or use a deadlock. This handles the issue of concurrency (2 people entering into the same cell) 2) Semantic Integrity - wrong data type. ensures that data types, logical values, uniqueness constraints and operations are enforced. Keep track of what type of data is entered and only valid types are accepted. (e.g., if you are recording number of sick days, you cannot have a letter in the field, it should be a number. 3) Entity Integrity - cannot have duplicate keys- ensures each entry has a unique primary key that is not null 4) Referential Integrity - Prevents users from entering inconsistent data - The data must be able to refer back somewhere. All foreign keys must point to an existing primary key or there can be a serious integrity problem. 5) Commit - executed when the changes you make to a record are submitted to the database. As long as the commit is not completed, the information is temporarily stored and not saved - --- 2-phase commit: vote first before committing (distributed databases). Someone made a change on server a and someone else made a change on server b - server a asks if you are good with this, if server b says no I am not, they roll back to the snapshot - --- rollback if commit is unsuccessful - when you return to a previous known good state and revert to a specific checkpoint if a problem had arisen - --- Database returns to its previous state 6) Checkpoint & Database Journal - If a system fails, there is a return to the point before failure. Roll back to the checkpoint and replay the database journal. Checkpoint is not live. So you roll-back to the most recent snapshot, and then you replay the journal which has the log of every change. Restore to a checkpoint and then replay the journal which is every time and therefore you restore integrity

Answer 17

Brings together structured data from disparate data sources. Key goal is to allow for complex queries to be performed in a manager that will not negatively impact an online data store intended for immediate access needs.

Answer 18

Detecting abnormal patterns in large datasets - --- intrusion detection - --- fraud detection - --- auditing the database think when your bank calls you if you make a purchase out of the country. This is an example of the data mining identifying an abnormal pattern and alerting you

Answer 19

1) Inference - pentagon pizza story - user deducts information of higher sensitivity from lower sensitivity information. - --- controls - (1) content dependent access rules (you asked for 5 phone numbers so go away) - (2) Enforced during query processing 2) Aggregation - user has aright to only certain data items in a larger collection of items. The user obtains knowledge that he or she does not have a right to about the larger collection of data. - --- I will download the whole phone book. You can ask for some peoples extensions, however, if you ask for each extension one by one you can eventually aggregate the whole collection and have the whole collection which you shouldn't have access to.

Answer 20

1) Active-active: All databases are taking transactions simultaneously with synced data. If one computer fails the user does not notice the difference. The failed computer will get fixed while the other computer maintains the availability. 2) Active-passive (shadow) - you have 2 databases with synced data. One takes transactions and one does not. Primary goes down, the secondary stands up

Answer 21

A small Java program downloaded by users who visit web pages. They provide more functionality and a richer experience to users. They are common on dynamic websites or sites that have animated or interactive functions. They are restricted from accessing the local file system or the network. Due to some of the difficulties in delivering applets to a variety of different browsers, a lot of developers have switched to server side Java programs instead. these programs are called ServLets. A remote code also runs on a client which introduces additional risks.

Answer 22

Java is a programming language. Is is: - Object-oriented - Platform independent - generates bytecode which is interpreted into machine code by Java Virtual Machine (JVM) and can be run cross-platform which is not specific to a processor. You can write one application and run it on Linux, Windows, Mac, etc. Each platform has its own JVM but the JVM runs the same bytecode. You can write one app and be done. How do you maintain security? - Sandbox - an application that runs your browser is executed in what is similar to a VM. It does not have the capability to perform functions outside of this box. It protects against malicious applets.

Answer 23

When a user connects to a web page that has an embedded control, the browser's Authenticode technology will verify the signature with the Certificate Authority (CA) that has signed the control to verify it has not been modified. It then downloads the control. Internet Explorer does not allow untrusted or unsigned controls to execute. Relies on the use of a digital signature that can be disabled by the end-user. Used a lot to distribute valid patches or updates to users. It is an object-oriented programming technology and tool. It can be run anywhere in the ActiveX network, is equivalent to a Java applet and can be created with several languages.

Answer 24

Open Web Application Security Project - focused on web application security risks

Answer 25

tricks a user into clicking on a malicious link or taking harmful action by putting an innocuous window on top of another one. A window that appears benign is placed over a window that is malicious. The usr only sees the top window and doesnt realize there is another window below it. Also called UI redressing.

Answer 26

Cookies are used to store information related to an HTTP session (unique session ID). They can be used to maintain a session state (e.g., active) which identifies a user whilst in the middle of using the applications. A secure session ID should be at least 128 bits in length and random. The two types of cookies are: 1) Session cookies - in memory and deleted upon browser exit 2) Persistent - saved to disk and may be used long-term. Cookies can be altered by a user. Secure cookies are transmitted via SSL/TLS only. You can intercept SSL/TLS.

Answer 27

Reflects a scrip via a trusted website that launches an attack on web server clients and commonly uses JavaScript. It is based on a lack of input validation and/or output encoding by websites. e.g., you can input malicious javascript code into a a blog because there is no input validation into the blog site. The common goal is to steal cookies (Cross-Site Request Forgery) Protection - same origin policy - if a site gives me a cookie, only that site can ask for it back. Protection - input validation: - --- blacklisting - ban specific characters. Say whats banned and accept the rest - --- whitelisting - say what you allow and reject the rest (superior to blacklisting)

Answer 28

Structured Query Language (SQL) is a database language. Goal of SQL injection is to achieve read/write access to the data tier, via the presentation and logic tier. The attacker sends SQL commands via the web server. This requires poor input validation, allowing characters such as sing quote. Basically - in an input field, instead of a last name lets say, you enter a SQL code and command the database to spit back information you shouldnt have access to. Can also command the computer to do malicious things like delete the records or manipulate the data.

Answer 29

Things like citrix - minimizes the complexity on a personal computer, using a universal client such as a browser. It gets all its apps from the network. Does not download apps directly to the computer itself. Must be connected to the network to get things like web server and mail server and word. The central server distributes applications and data They represent a movement back to a centralized model. This removes the need to install specific applications on end systems. The browser is usually already installed. They lower the TCO of end systems. Applications and data are stored centrally, served out to clients via the browser. Patching and backups are simpler. However, thin clients are sold by a separate vendor from the OS vendor. The patches are custom from the thin client vendor but come after the OS vendor patch. Original patch from the OS usually cannot be installed on the thin client. There is usually a lag between the thin client vendor and the OS vendor.

Answer 30

There is a need to manage additional devices beyond the typical corporate standard. Management platforms used for laptops/desktops usually will not also support the three most common mobile operating systems (iOS, android, blackberry). Alternate mobile device management suites exist specifically for managing confirmation of smartphones. Protection: - encryption - remote wipe - backup of data - unlock code should be required mobile device management (MDM) systems are better through the use of containers

Answer 31

1) full disk encryption 2) patching 3) backups 4) host based security 5) Full tunnel - VPN

Answer 32

Internet-connected embedded devices - thermostats, appliances, light bulbs, etc. Risks - default credentials are common - enterprise management tools are lacking - patching can be difficult - legacy SCADA protocols are cleartext - no built in security Hacking into online devices and internet accessible SCADA systems can be searched through SHODAN, a search engine that exposes online devices (e.g., webcams, routers, iphones, etc.)

Answer 33

Supervisory Control and Data Acquisition - these are used for industrial applications such as: - elevators, prison doors, pipelines, heating, electrical grid. They are pretty insecure because they never used to be connected to the internet. When they were connected, they were not secured as they should be Key Terms: - Supervisory system - gathers data and sends commands - Remote Terminal Unit (RTU) - connects devices to the SCADA network and converts analog data to digital. collects the onsite information and sends it to a central location with the help of the communication element. - Human Machine Interface (HMI - presents data to the operator. display the information received in an easy to understand graphical way and also archive all the data received.

Answer 34

Centralized - all data is maintained in one place - central data center - all data is in the middle Decentralized - remote offices maintain/access data locally or centrally - each location has its own local server or the centralized server but can never access another store. servers in each place. no store access another stores servers Distributed - remote offices maintain / access data locally, other offices or centrally - need to have integrity and the more places you put data the more attack surface there is so make sure to secure that. - --- Requirements - portability - ensures that an app easily adapts to different platforms with little effort. Apps that connect to different platforms should connect to these platforms in a unified manner, regardless the type of platform (Linux, unix, etc.). ; interoperability; transparency; extensibility; robustness and security; accommodation of standards; meet users functional requirements - --- Benefits - mobility; lower cost of infrastructure; system downtime; savings resulting from communication costs; more control over local data - --- Disadvantages - not always clear how to ensure and maintain all of these entry points at all times; ensure the remote host is not already compromised and cannot be used as a gateway into the corporate infrastructure; larger attache surface

Answer 35

1) Cryptology - encompasses both cryptography and cryptanalysis and is the generic term for the study of both of them. 2) Cryptography - scientists called cryptographers create the encryption algorithms. 3) Crytpanalysis - those who dedicate their lives to breaking ciphers. 4) Cryptosystem

Answer 36

1) Plaintext - message in its original form 2) Ciphertext - message in its encrypted form 3) Encryption - creation of ciphertext from plaintext 4) Decryption - transforming ciphertext back into plaintext 5) Ciphers - cryptographic algorithms - the mathematical formula 6) Work factor - effort required to break, rather than decrypt, ciphertext yielding plaintext

Answer 37

It is the amount of disorder (randomness) per bit. A fair coin flip of 50/50 has one bit of entropy. It is very important for cryptography especially as applied to password and passphrase strength. The 50/50 element is a 1 or a 0 - so for a 128 bit encryption, there is a 1 or a 0 for 128 bits which makes up the whole key and should be random and different every time.

Answer 38

It is a cipher text which is created by combining a key with plaintext via XOR. The plain text and the key will be compared to determine the ciphertext which are all made up of 1's and 0's. If the plain text and the key (the bits) are the same number (1 or 0) the ciphertext will be 0 (false). If they plain text and key (the bits) are different numbers (1 or 0) the ciphertext will be 1 (true). If you then apply the key to the ciphertext, it will convert back to the plain text ``` Example: plaintext = 0110100 key = 1001101 ------------------------------------- ciphertext = 1111001 ```

Answer 39

Confusion = destroys patterns connecting the key to the ciphertext - substitution provides confusion Diffusion = destroys patterns connecting the plaintext to the ciphertext - permutation provides diffusion

Answer 40

Rotation substitution ciphers use a one-to-one substitution of characters, so its also easy to break You rotate the alphabet by x characters Examples: 1) Caesar Cipher = ROT-3 - rotate the alphabet by 3 characters so A-->D and B --> E, etc. 2) ROT-13 = rotates the alphabet by 13 so A--> N. A second round of ROT-13 brings the alphabet back to its original position.

Answer 41

Swap one letter for another. Replaces one arbitrary letter for another. For example: A-->J , B-->S. Also known as mono-alphabetic arbitrary substitution This may be defeated via frequency analysis. There are more common letters in the alphabet so you will see frequency of letters and begin to guess what those letters are

Answer 42

user of multiple substitution ciphers. A matrix of 26 alphabets. Because of the use of multiple alphabets, frequency analysis is countered.

Answer 43

Permutation provides diffusion by diffusing the contents of the plaintext into the ciphertext. It does this by rearranging (permutating) the order For example - BEAD --> ADEB Modern day ciphers use both substitution and permutation

Answer 44

A potentially unbreakable cryptosystem. It is unbreakable if: 1) the key is truly random and the randomness is difficult 2) The key is used only once 3) The pads are kept secure There are two identical pads created where each page contains a matching key. The keys must be random and must be at least as long as the plaintext. A 1,000 byte plaintext requires a 1,000 byte key. Therefore, the ciphertext will also be 1,000 bytes.

Answer 45

1) Block cipher = break the data into blocks and encrypt each block 2) Stream cipher = encrypt the entire stream on a bit-by-bit basis

Answer 46

1) Confidentiality - by encrypting 2) Data Integrity - data is not altered and if it is we will know. make it possible to prove that the message has not been tampered with and that this message is exactly the same as the one that Alice sent to Bob - use hashing and digital signature 3) Authentication - Prove the identity claim and who the user is. If Alice walks up to Bob and hands him a message, he positively knows that the message is from Alice. Alice might require the cryptosystem to provide an equivalent service for her. Bob must hand deliver messages to her - use asymmetric encryption (public and private key) and a digital signature 4) Non-repudiation - Marriage of data integrity and authentication. You cannot deny you sent something. system should be able to prove that Alice and only Alice sent the message and that it has not been falsified or subsequently altered. In essence, this is a requirement that both authentication and integrity are provable. Both authentication and integrity must be in place to provide non-repudiation. Cannot alter that data or be someone else.

Answer 47

Symmetric cryptosystems use a single key for both encryption and decryption. The key must also be a shared secret between sender and receiver. Faster and stronger than asymmetric but no way to securely share the key They are: 1) strong and fast 2) not technical 3) requires secure key distribution channel such as pre-shared secret, asymmetric encryption, diffie hellman key exchange

Answer 48

Also known as public-key encryption. Use of two keys - one private and one public. Do not have to pre-share a secret. slower and weaker compared to symmetric but does not require sharing a key The primary use of public key cryptography is to provide the exchange or symmetric keys, authentication and non-repudiation They are: 1) slow 2) trusted channel 3) public keys widely distributed within digital certificates 4) technical non-repudiation via digital signatures 5) private key cannot be derived from public key 6) message encrypted with one key can only be decrypted with the partner key 7) the private key must not be shared

Answer 49

One way encryption using an algorithm and no key. This is encryption. It transforms plaintext into a fixed length string called a hash or message digest. You cannot run a hash algorithm backwards. There is an extremely low probability that two different plaintext messages will yield the same hash value but they can collide and you must have a good hash that is impossible to brute force. Primary use is integrity.

Answer 50

Hashing: - Hashed Message Authentication Code (HMAC): combines authentication via a shared secret with hashing - MD5: 128-bit message digest - SHA 1 (Secure Hash Algorithm): 160-bit hash - proposed by NIST - SHA 2 = SHA2-56 bit and SHA-512 bit = includes six hash functions. Symmetric Key Encryption: - DES (Data Encryption Standard): - describes the data encyrption algorithm (DEA) - this is the name of the cipher which. The standard is the document that describes DEA. DEA is the algorithm and is a valid answer! - fast - symmetric - Key length = 56 bit - Block size = 64 bit block cipher - 1 bit stream cipher - not secure because of small key size - Triple DES - Key Length = 168 bit keyspace (although only 112 after meet-in-the-middle attack - IDEA (International Data Encryption Algorithm) - Block cipher intended to be global replacement for DES - Key length = 128 bit - Block size = 64-bit - Challenges = patented algorithm, slower than AES - international alternative to DES - licensed - not free - pay to use - AES = advanced encryption Standard - Symmetric Block cipher - Underlying Algorithm = Rijndael (Rhine-doll) - Block size = 128 bits - Variable Key Lengths = 128, 192, 256 bits (AES-128, AES-192, AES-256) - Blowfish - Symmetric block cipher - Block size = 64-bit - Key Length = variable 32-448-bit - Twofish - Symmetric block cipher - Block size = 128 bit - Key Length = 128, 192, 256 - RC5 - Symmetric block cipher developed by Rivest (RSA) - Block size = 23, 64 or 128 bit - Key length = variable 0-2040 bit - RC6 - AES finalest - Block size = 128 bit - Key Length - variable 128, 192, 256 bit Asymmetric Encryption: - RSA (prime numbers and factoring (what two numbers multiplied by each other equals this prime number?) - Discrete logarithm (this to the exponent - what to the what equals this number) - Eliptical curve encryption - 4 dots on a curve, take away the curve and have the four dots but have to know what the curve looks like

Answer 51

1) Electronic Codebook (ECB) 2) Cipher Block Chaining (CBC) 3) Output Feedback (OFB) 4) Cipher Feedback (CFB) 5) Counter Mode (CTR)

Answer 52

It is a standard or native mode DES. This is where plaintext message is broken into 64 bit blocks and each block is encrypted with the key. If two blocks of the plaintext are identical, then the corresponding ciphertext is also identical. The othe rmodes of DES are meant to stop this from occurring. - Weakest operational mode of DES - Patterns are not destroyed, it is not recommended Identical plaintext input yields identical ciphertext - Lack of chaining or feedback allows parallel operations - Block cipher - No initialization vector employed - Errors propagate - no How do you stop the patterns? They added in chaining (cipher block chaining (CBC).

Answer 53

The system starts off with an Initialization vector. The IV is combined with the key and used to encrypt the first block of text. The encrypted ciphertext of the first block is combined with the key to encrypt the second block of text and the process continues in this fashion. It is used to stop the evidence of patterns (ECB). kick off with a random block of data, and then XOR the random block with block 0 and then XOR the previous encrypted block to it. Each encrypted block is XOR to the next block - Requires unpredictable IV for initiating operation - IV ensures confidentiality given identical or known plaintext - Operations cannot be carried out in parallel because they are on a chain - Block cipher - Initialization vector employed - Errors propagate - yes (if a bit gets flipped in one block, it will mess up the next block and so on and the data integrity will be lost. the error in the first block will propagate to the subsequent blocks)

Answer 54

A random number meant to seed the encryption.

Answer 55

Output Feedback: - Destroy patterns but errors wont propagate - instead of changing the last block in, it drops bits off the key - Act as a stream cipher and allows operating on plaintext sizes smaller than typical block (1-bit OFB mode). - Feedback is stream style equivalent to chaining - Requires IV - Errors will not propagate due to how feedback is derived - Same as CFB but errors will not propagate because of how feedback is derived Cipher Feedback Mode: - Similar to CBC but operates like a stream - Acts as a stream cipher and allows operating on plaintext sizes smaller than a typical block - Feedback is the stream style equivalent to chaining - Requires IV - Errors will propagate

Answer 56

- There is a different counter for every block of text (subsequent blocks incremented) - Used by ATM and IPsec - 64 bit random number - Stream cipher - Counter - Errors do not propagate

Answer 57

No - DES is not a group because multiple encryptions increase the security. If you encrypt with DES multiple times, it will not be equivalent to encrypting once. An example of a group is the Caesar Cipher which does not increase security if you encrypt multiple times. This is how triple DES came to be. However, Double DES is not strong enough and suffers a meet-in-the-middle flaw and is not used.

Answer 58

Apply three rounds of DES. Increases work factor beyond that required for single DES. Considered solid but not preferred due to to performance. Three keys supplied in encrypt, decrypt and encrypt order. Decrypting with a different key further encrypts. 168-bit keyspace bt the key is reduced to 112 bit key due to meet in the middle attack.

Answer 59

- IDEA (International Data Encryption Algorithm) - Symmetric block cipher - Block cipher intended to be global replacement for DES - Key length = 128 bit - Block size = 64-bit - Challenges = patented algorithm, slower than AES - international alternative to DES - licensed - not free - pay to use

Answer 60

- Symmetric Block cipher - Underlying Algorithm = Rijndael (Rhine-doll) - Block size = 128 bits - Variable Key Lengths = 128, 192, 256 bits (AES-128, AES-192, AES-256) This was discovered during a competition. Follow up in the competition was MARS, RC6, Serpent and Twofish Function names: - SubBytes - substitutes bytes providing confusion - ShiftRows - shifts rows providing diffusion - MixColumns - mixes columns providing diffusion - AddRoundKey - XORs state with a subkey at end of each round

Answer 61

- Blowfish - Symmetric block cipher - Block size = 64-bit - Key Length = variable 32-448-bit - Twofish - Symmetric block cipher - Block size = 128 bit - Key Length = 128, 192, 256

Answer 62

- RC5 - Symmetric block cipher developed by Rivest (RSA) - Block size = 23, 64 or 128 bit - Key length = variable 0-2040 bit - RC6 - AES finalest - Symmetric block cipher - Block size = 128 bit - Key Length - variable 128, 192, 256 bit

Answer 63

Tractable / easy problems: - symmetric encryption - can be solved in a polynomial amount of time (quickly). Intractable / hard problems: - asymmetric encryption - think factoring large integers into primes (remember example of integers and prime numbers) - RSA = factoring larger integers into their two prime factors - Elliptic curve - discrete logarithm problem over finite fields

Answer 64

It is a key exchange algorithm. It is not an encryption algorithm but is used to allow for exchanging a symmetric key via a public channel - secure way to exchange keys, normally symmetric keys. It does NOT provide confidentiality, it only provides a key. Two parties agree on a symmetric key via a public channel. I come up with a secret number, you come up with a secret number, I send a third number that is public. Bounce it back and forth and make calculations based on our secret number. You need to have one of the secret numbers.

Answer 65

Asymmetric encryption Intractable Factoring numbers into their primes. What times what is this number? Slower and weaker than DES but is a secure way to exchange keys.

Answer 66

9^13 = 232424232 and then ask what to the what is that answer Intractable

Answer 67

Asymmetric encryption Intractable If you draw a curve and pick off 4 points on the curve and erase the curve, the curve is the secret and private part. You have the 4 points but not the curve Offers higher speed, lower power consumption and tighter code. Stronger than RSA and Discrete Logarithm Low cost, save on CPU, better encryption but with less computational power needed. Strongest of the asymmetric but not stronger than DES and AES

Answer 68

It is a digital signature for a file / application (code). Vendors much sign their code). This is so you know that the code has not changed Validates the integrity of the executable and authenticates the executable creator

Answer 69

It is like a digital signature that uses a pre-shared key. This creates integrity. It uses symmetric vs asymmetric encryption. They are used when the complexity of PKI is not needed or wanted, such as signing zone transfers from a primary DNS server to slaves. Could also be used for authentication if you know my pre-shared key.

Answer 70

Use both symmetric and asymmetric together! Modern systems like TLS do this. Use asymmetric public key to encrypt a key. Only receiver with the private key can open it. Then use the key shared from asymmetric to perform symmetric encryption over the content. Then use hashing to verify the integrity of the session.

Answer 71

PKI provides a technical mechanism for encrypting an organization's data. It is a tool most often used for e-commerce and Business-to business (B2B) and allows users to exchange encrypted information over a public network. A hierarchy of infrastructure systems is used to create digital certificates Digital certificates are used to encrypt data. PKI provides a managed infrastructure for - creating certificates - maintaining certs - revoking certs RSA is the main algorithm and verisign is a CA "User A" trusts "PKI Server A" and therefore, "User A" trusts: - any server signed by "Server A" - any certificate signed by "Server A" - any certificate or server trusted by "Server A" or subordinate Five components of PKI: - CA - issue and revoke certs - Organizational registration authorities (ORA) - vouch for the binding between public keys, certificate holder identities, and other - Certificate holders - issued the cert - clients who validate the digital signatures and certification paths of a trusted CA - Repositories that make certs and cert revocation lists available. Types of trust models for PKI: - hierarchical - bridge - mesh - hybrid

Answer 72

They are responsible for issuing certificates to individuals (or entities such as web servers) and only CAs are allowed this function within a PKI. When a user or entity wants to join a PKI, they must petition a CA for a certificate. The user presents his credentials, which must be validated. If they pass, the CA creates a certificate based on the user's identity information A Certificate Practice Standard (CPS) is the document that establishes tightly controlled standard practice for the insurance of certificate. They state: - how certificates are issued - how certificates are protected - how users ensure they continue to be eligible for certificates Security of the root CA is paramount - if crhome trusts 400 CAs - one can be the kingmaker of all the certs and if its hacked the underlying certs can be hacked`

Answer 73

it is a credential used to help someone decide whether a key is genuine. It works by binding a public key with identification information such as name and email address. This information is then signed by at least one third party. They bind an individuals identity to a public key. Current standard for digital certificats is x.509 certificate. Each cert contains - x.509 version number - serial number - identity info of the certificates owner in the form of a distinguished name (DN) - owners public key and the algorithm used to generate it - period that the key is valid - identity information of the issuing CA

Answer 74

It is designed to overcome the limitations on CRL. It offers real-time notification of revoked certifications.

Answer 75

Have a central authority which contains a copy of everyones key so the CA can decrypt any message they want. It is a third party that is trusted and maintains a copy of your key in case need to decrypt something. Governments, lawmakers use this so multiple people can get access to the key. Divide the key in half - give half to one organization and half to another so that when they come together you have the full key. This is how you can get the key that is stored in a third party. this helps with separation of duty. you can divide it as much as you want.

Answer 76

First free and easy to use encryption that combined: - symmetric, asymmetric and hash ciphers - digital signatures - secure communication without pre-sharing a key PGP is decentralized unlike PKI. There is no CA at the top. you dont pay money for certs. It uses a decentralized Web of Trust Model - web of trust model is that I generate my own digital certificate, if I trust you, I trust your certificate, It may also work in reverse - you trust me and my certificate. Then it expands if you trust me, then your friend may trust me. If I trust you, I could decide to trust everyone you trust. There were no free implementations of asymmetric encryption before but PGP used RSA

Answer 77

Transport encryption protects data in motion as it moves across a network. It provides end-to-end encryption Example is VPN - IPsec - SSL/TLS (CA) - SSH (no CA)

Answer 78

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protect packet data above the transport layer TLS 1.0 = SSL version 3.1 - TLS is an upgrade to SSL3.0 - Retains backward compatibility with SSL - Current TLS version is 1.2 SSL for web traffic but TLS has evolved to cover smail and chat, etc. It can be used as a tunneling protocol

Answer 79

IPsec is a type of transport security to encrypt information. It is a protocol with two primary encryption algorithms: - AH: Authentication Header - protects the entire packet including headers. It provides authentication and integrity but no confidentiality. It acts as the digital signature for the packet - ESP: Encapsulating Security Payload - provides confidentiality, integrity and authentication - protects the payload ****Remember - AH provides NO confidentiality You can use AH, ESP or both. You can use only AH if you want. You certainly want ESP but mostly you want both.

Answer 80

On-way connection that allows endpoints to negotiate details for AH or ESP communication. Bi-directional communication would require two SAs. Each SA can only accommodate either AH or ESP but not both Each SA can only accommodate either AH or ESP, but not both

Answer 81

If key 1 is used to generate key 2 session and key 1 is compromised or know, key 2 session is still safe. This is used to protect session keys. This is used commonly in IPsec Previous symmetric session keys remain secure, even if the private key or other session keys are compromised.

Answer 82

A Replacement for insecure protocols such as: - telnet - plain text - protected by SSH - FTP - rlogin - rshell provies secure network terminal access and file transfer. It can also be used as a VPN tunnel to other protocols like http. It operates on TCP port 22 v2 is preferred over v1

Answer 83

1) Brute force - try all combinations of keys and passwords 2) Man-in the middle - attacker intercepts messages between two parties 3) ciphertext only - portion of ciphertext is known 4) Known plaintext - portions of plaintext and corresponding ciphertext are known - have known matching plain and cipher text 5) chosen plaintext - you choose the plaintext you want encryptied and then can see the resulting ciphertext which may give clues about the key 6) adaptive chosen plaintext - chosen plaintext attack with iterations of input is based on knowledge of output - after choosing plaintext, you can also choose other blocks to be encrypted. This allows even more analysis based on the results of each encryption step. 7) Chosen ciphertext only - encrypted messages; no plaintext is available. Recover one or more plaintext messages or the key used to encrypt the messages 8) chosen ciphertext - choose the ciphertext to be decrypted. with a portion of the ciphertext, you attempt to obtain the corresponding plaintext. Primarily used against public-key ciphers 9) Chosen key attack - knows something about a specific relationship between the keys. do not choose the key but can help crack the key. 10) Analytic - use algorithms and mathematics to deduce key or reduce key space to be searched 11) statistical - using statistical characters of language or weaknesses in keys 12) differential - analyze resultant differences as related plaintexts are encrypted using a cryptographic key - if you change the plaintext in a specific way, will the key change the same and show relationships between ciphertext. If you make this change in plaintext do you see the same type of change in ciphertext?find non-randomness if possible 13) linear - linear analysis of pairs of plaintext and ciphertext - line them up and do a whole bunch and find a non-random key - for plaintext 14) Differential Linear - applying differential analysis with linear analysis 15) side-channel attack - using physical data to break a cryptosystem - example, monitor CPU utilization to see how hard it is working as it encrypts and decrypts. data

Answer 84

When 23 people are put tother, the odds are greater than 50% that two people share a birthday. This relates to the probability to the likelihood of hash signatures collisions existing. Output of a hash is not always unique - there can be a collision - every md5 hash is 128 bits - if you hash 10k files - 1,000 bytes and creates 128 bit output. Theres more bytes of output then the hash bits so there will be a collision

Answer 85

Concealing the fact you are sending sensitive information by hiding data within a file such as an image or sound file. So that the meaning of the message and the fact that a message is being sent is concealed. This provides secrecy - cryptography provides confidentiality but not secrecy. With stego - you may not even know that someone is sending a message as you are hiding the true intent

Answer 86

They are detective measures such as x-ray machines, metal detectors and bag inspections. The are primarily detective but can also deter someone from doing something if they think they will be caught. If you have files or a USB in your bag that you are trying to sneak out with data it will be check

Answer 87

Cameras are detective controls. It may also deter someone if they see the camera. Depth of field - Bright light gives you a much wider view and what is in focus. you must have enough light in the parking lot to make sure things are in focus. Do you have enough light to have a proper depth of field (light needs to be 2 candle power) Field of view - what is in the frame CCD is modern

Answer 88

Varying heights provide varying levels of protection. Need to know the heights in ft and meters: 1) 3-4ft / 1 meter = deterrent 2) 6-7 / 2 meters = to high to easily climn 3) 8 ft / 2.4 me + 3 strands of barbed wire = preventative

Answer 89

Class I = residential gate Class II = commercial gate (garage) Class III = industrial gate (loading dock, factory) ClassIV = restricted access (prison, airport)

Answer 90

Secure portal that require the individual to provide sufficient identification for the gateway to open toward the restricted area. There are two doors. it prevents piggy backing. Physical preventative control intruder confined between 2 doors need an emergency button to enable exit without identifying.

Answer 91

``` Guard = armed guard on the exam Pseudo guard = unarmed guard - check entrance credentials - issue and recover visitor badges - monitor cctv ``` Use the following for restricted areas: - motion detector - escort from restricted area (employee or guard) - perimeter - show restricted vs non restricted access for a visitor. and separate the areas - educate "employees only" sign - discourage - uniformed pseudo guards (unarmed)

Answer 92

used mainly for perimeter security in controlled and enclosed areas - might use for contraband recovery have good hearing and night vision - good for low-light and lightly trafficked areas They cannot check badges or make decisions. dog is usually binary - they are either biting you or not biting you. They know to attack or not attack A question on a dog is that they are a liability on the exam - they are a liability. insurance costs could increase. ***Answer is liability!!

Answer 93

1) photo - dumb card - needs a person to verify access which is a down fall 2) digitally encoded - smart card and memory card

Answer 94

Need 2 candle power of light for adequate depth of field. - two candle power is if you had white paper and two candles and one foot away from the paper the paper is not lit to 2 candle power. Light is also 8 ft tall If you have a parking lot illuminated, the whole parking lot must be lit to 2 candle power to whatever is watching it. Light is the same height as the preventive fence

Answer 95

1) higher ground to avoid floods 2) reliable utilities (electric) 3) safe neighborhood 4) earthquake faults 5) do not label a data center in any special way 6) do not put in the basement 7) do not have shared walls with your neighbors 8) do not have shared demarc - telecom - circuts enter the building here. where the ISP responsibility stops and yours starts - people can get into this 9) near transportation for ease of access 10) not near high traffic area 11) do not want shared tenancy 12) close proximity to fire, police and hospital

Answer 96

Slab to slab Walls, ceilings, floors - 1 hour fire rated - resistant to fire, takes 1 hour for the wall to fail Wall Fire rating - how long it will resist against fire Doors - is it solid core, hollow core is weak. Need solid all the way through. Are there raised floors? - can you scoot under it? Have slab to slab construction - does the wall go all the way to the top and all the way to the bottom dont want static buildup - can cause a fire mail slots are bad - they can be used to gain access or information.

Answer 97

Panic button to allow people to get out doors open out not in how the door is installed is critical, if the higns are on the outside facing a non-secure area, someone can pop them and remove the door. Door opening should not block a critical point for safety and should always swing out not in All exits must be clearly marked and never blocked

Answer 98

Lock-bumping - make the pins inside jump and flip open the lock - can do it very fast and makes it look like you unlocked it with the key locks only buy you time, they all can be picked or bumped combination locks - offer little as well

Answer 99

- Always securely locked - Secure the demarcation - demarc is the point where voice and circuits enter a building. It is the point where the client's responsibility for voice and data network equipment begins and the ISP's responsibility ends. Access to the demarc puts the CIA of all data flowing through it at risk. - Wires should never be intermingled. do not intermingle power and network cables. - This can lead to increases in total cost of ownership of future management and increase the likelihood for future mistakes (e.g., unplugging the wrong cable). Can also lead to crosstalk: an electric signal bleeding from on cable to another and violate integrity.

Answer 100

- All dimensions should be equally secure - walls, doors, windows, floors, ceilings. - All walls, doors, windows, floors and ceilings should have a on-hour fire rating**** Walls should go to the true floor and the true ceiling - slab to slab

Answer 101

- All sensitive backup data should be stored off-site and encrypted - Sites using backup media should follow strict procedures for rotating media off-site - Always use a bonded and insured company for off-site media storage - Be sure that the storage site is unlikely to be impacted by the same disaster that may strike to primary site - Never use informal practices, such a storing backup media at an employees house

Answer 102

Servers- Should be placed in a physical location that is protected such as a server room or locking cabinet. Each server should have some or all of the following: Tamper-proof seals, disabled removable media, disabled external ports and faceplate locks Workstations- We must trust that physical access to workstations will be protected by the building security. Other prevention measures include floppy locks, disabled removable media, BIOS passwords, tamper-proof seals, visual perspective limiters (screen filerts), idkle use screensavers, password locked screen savers. Laptops- Laptops have all the same issues as workstations without the protection of the location's physical security. PC and biometrics, leash locks, lockable luggage. BIOS passwords, multi-factor authentication, file encryption, disk encryption Additional controls include - port controls - pc locking devices - switch controls

Answer 103

everything goes out - untreated air and water go out. nothing comes in. Should not have people working in the data center. You can have personnel going in and out but they should not be sitting there all day long. the humidity and temperature is designed for the machines not humans. *humidity should be 50% + or - 10 (between 40-60%) - low humidity can cause static (fry equipment) and high humidity can cause moisture/ corrosion **temperature should range 70-75 F and 21-23 C Green data centers - run at 80 F - with proper cooling its ok. Means you have the right cooling and equipment How to help against humidity - - propoer humidity level - antistatic flooring and sprays -

Answer 104

Aiborne particulate levels should be maintained at appropriate levels. Dust and other contaminants can impact sustained operations of computer hardware Excess concentration of certain gases can accelerate corrosion and cause failure in electronic components. Air flowing in and out of the room is carfully controlled and filtered.

Answer 105

``` Noise - unwanted electrical signals Electromagnetic interference (EMI) and Radio Frequency interference (RFI) - unwanted signals generated by electric motors, fluorescent lighting, computer systems and so on ``` Protection methods: - shielding - proper grounding - conditioning of power lines - care in routing of cables Definition: - Fault - momentary power loss - Sag - Momentary low voltage - Brownout - prolonged low voltage - Blackout - loss of all power - Spike - Momentary high voltage - Surge - Prolonged high voltage - Transient - Short duration noise interference

Answer 106

Detective - smoke detectors (by smoke interfering iwth alight beam OR as a result of change in the ionization current generated by a minute radioactive source - heat sensors (detect the temperature in the room or detect the rate of change of temp in the room - flame detectors (sense the pulsation of the flame or sense the IR energy produced by the flame) You always want smoke detectors - the flame detectors need line of site and see the fire. smoke detectors and then aim a fire detector that might catch on fire. Suppressive - Sprinklers (chemical, H2O) - Fire extinguishers (ABC, Halon)

Answer 107

A - think Ash- Common Combustibles - woode products, laminates - supress with water or soda acid) B - think banana suit - liquid - petroleum products, coolants, etc. (supress with gas (halon, CO2, and soda acid) C - think conductive - electrical - electronic equiment, wires - suppress with gas, CO2 D - combustible metals (suppress with dry powder) Co2 and soda acid remove fuel and oxyen Water removes temperature Gas interferes with chemical reactions between elements - halon you fill the room bottom to top WATER is the safest for humans in the absence of electicity

Answer 108

1) wet pipe - always filled with water up to the sprinkler head. When the temp exceeds 165 F the material holding back the water melts and releases the water 2) Dry pipe - water is not filled up to the sprinkler head. It is held back at a distance from the sprinkler by a valve. When the temp in the room reaches or exceeds 164 F the valve opens. Air that is in the pipe is expelled and the water begins to flow. In this approach the delay allows computer systems to power down to avoid water damage 3) pre-action - hybrid of wet and dry pipe - when temp is reached, the valve opens and releases water to the nozzle head. Then, the link in the nozzle head melts and releases water. Head senses 165 and temp senses 165. - there are two sensors here and use this in more instances you want to be absolutely certain 4) deluge - similar to dry pipe, sprinkler releases a large amount of water when discharging. 5) gas discharge - discharges an inert gas such as CO2 or Halon, usually installed under the floor of the computer area 6) portable extinguishes to minimize fire damage - filled with an approved/applicable suppression agent and located within 50 ft of any electrical equipment 7) Water - preferred method by insurance companies and safest for humans 8) CO2 - removes oxygen and is partially lethal - gas masks give no protection but its best for unattended facilities - use a built in delay in manned areas