Domain 5 Flashcards
Encryption
Uses mathematical operations to transform information into a format where it is unreadable by anyone other than the authorized user
Encrypting Data
Takin plain text information and use an encryption algorithm in combination with an encryption key to encrypt the data
Plain text
Information in its normal form
Ciphertext
Plaintext data that has been encrypted
Decrypting Data
Use decrypting algorithm and decryption key to perform that transformation
Two Major categories of Encryption algorithms
Symmetric algorithms
Asymmetric algorithms
AES: Symmetric
RSA: Asymmetric
Symmetric Encryption
“Shared secret encryption algorithms”
Encryption and decryption operations use the same key.
n: number of people who want to communicate
k: number of keys required
n(n-1) ÷ 2 = k
Asymmetric Encryption
Solves problem of scaling to large groups
Each user gets 2 keys:
- Public key: can freely distribute to anyone they want to communicate with
- Private key – Kept secret
Anything encrypted with one key from the pair can be decrypted with the other key pair.
Slower than symmetric, but solves problem of creating keys for large organizations.
Environments where encryption is used
To protect:
- Data at rest
- Data in transit
Data at rest
Stored data
Full-disk encryption (FDE): technology built into some operating systems that automatically encrypt all of the data stored on a device.
Data in transit
Data moving over a network
HTTPS, VPN
Hash functions
One-way function that consistently transforms a variable-length input into a unique, fixed-length output
- One-way function: can’t reverse process
- Map variable-length input to fixed-length outputs: you can send input of any length to a hash function and hashes t produces will always be same length
- Produce unique outputs: not be able to find two different inputs that produce same hash value as output
- Repeatable: always get same output from hashing same input using same hash functions
Can fail in one of two ways:
1. If has function is reversible, it is not secure.
2. It is not collision-resistant. Does not achieve the “unique output”. Possible to find two inputs that produce same hash output.
Message Digest 5 (MD5)
Created by Ron Rivest (1991).
5th in series of hash functions that became more and more secure.
Replaced MD4
Another term for “Hash”
Produces 128-bit hash
No longer considered secure after 2013 collision resistant break discovery
Secure Hash Algorithm (SHA)
Approved by NIST for use in federal computing applications
SHA-1: 160-bit hash value. No longer secure
SHA-2: family of 6 different hash algorithms – 224-,256-, 384-, 512-bit hashes
SHA-3: Keccak algorithm. Uses completely different mathematical algorithm. Produces a hash of any desired length.
Race Integrity Primitives Evaluation Message Digest (RIPEMD)
Created as alternative to government-sponsored hash functions
Produces 128, 160, 256, and 320-bit hashes
Contains flaws in 128-bit
Hash-Based Message Authentication Code (HMAC)
Combines symmetric cryptography and hashing
Provides authentication and integrity
Create and verify message authentication code by using a secret key in conjunction with a hash function
Data Life Cycle
Create - Store - Use - Share - Archive - Destroy - Create
Create
Data generated either in an on-premise system or in the cloud.
Can be modifications to existing data
Store
Data placed into one or more storage systems
Use
Active usage of data
Share
Data made available to other people through one or more sharing mechanisms.
Archive
Data is retained in long-term storage where it is not immediately accessible but can be restored to active use if necessary
Destroy
Data is destroyed when it is no longer needed.
Destroying Electronic Records
NIST SP 800-88
3 different activities to sanitize electronic media:
1. Clearing – Writing new data to device that overwrites sensitive data.
2. Purging – Use cryptography functiosn to obscure media on disk. Use of degaussing.
3. Destroying – Ultimate type of data sanitization. Shred, pulverize, melt, incinerate, or completely destroy the media. Media cannot be reused.
Destroying Paper Records
Options:
1. Shredding – cross-cut shredder.
2. Pulping – chemical process to remove ink from paper.
3. Incineration – burning papers.
Data classification
Security levels of information used in an organization and the process for assigning information to a particular classification level.
Helps determine the appropriate storage, handling, and access requirements for classified information.
Assigned based on sensitivity and criticality.
Classification schemes
High, medium, low sensitivity.
Military:
1. Top Secret
2. Secret
3. Confidential
4. Unclassified
Business:
1. Highly Sensitive
2. Sensitive
3. Internal
4. Public
Pay attention to:
- PII
- Financial Info
- Health info
Labeling
Ensures users are able to consistently recognize sensitive information and handle it appropriately
Logging
Organizations can look at specific events and achieve 3 objectives:
1. Determine who caused it. Accountability or identity attribution
2. Track down all other events related to investigation. Traceability
3. Provide documentation of those actions. Auditability.
Security information and Event Management (SIEM)
Two functions:
1. Act as central, secure collection point for log entries.
2. Apply artificial intellience.
Has access to all log entries from across the organization.
Log Correlation
Actvity SIEM does when it collects all the information pieces to recognize combinations of activities that could indicate a security incident.
Configuration Management
Establishes and monitors the way that specific devices are set up.
Tacks both OS settings and inventory of software installed
Baseline
Snapshot of a system or application at a given point in time
Used to assess if a system has changed outside of an approved change management process.
Version Control
Assigns each release of a piece of software an incrementing version number that can be used to identify any given copy.
Three part decimals:
1. Major version
2. Major update
3. Minor update
Default Configurations
If not modified, can contain misconfigured firewalls with open ports and services, open permissions, guest accounts, default passwords, unsecured root accounts, or other serious security issues.
Weak Security Settings
Dependent on documented security standards and configuration baselines to help install systems in secure manner
Cryptographic weakness
Subject to eavesdropping and tampering
Admins must carefully manage encryptions keys to ensure they don’t fall into the wrong hands
Patch and Updates
Ensures systems and applications receive all of the security updates provided by manufacturers to correct known vulnerabilities.
Account Management
If accounts are improperly configured, user can use those extra privileges to cause damage.
Acceptable use policy (AUP)
Describes what users are permitted to do with organization’s technology assets and what is prohibited.
Data handling policies
Describes security controls and procedures that must be used to protect sensitive information.
Password policies
Covers the protection and use of passwords in the organization.
Bring Your Own Device (BYOD) policy
Documents requirements for using personal devices, the security controls that must be in place, and type of information that can be processed.
Privacy Policy
Important way to communicate with employees, customers, and other individuals about what info the organization retains about them and the ways that they store, process, transmit, and maintain that information.
Change Management Policy
Describes how changes are made in the organization.
Rollback plan
Can restore the previous configuration if something goes wrong during or after the change.
Social Engineering
One of the most dangerous risks and hardest threats come from human threat.
Use psychological tricks to manipulate people into performing actions or divulging sensitive info that undermines the organization’s security.
Successful for:
1. Authority and trust
2. Intimidation
3. Consensus and social proof
4. Scarcity
5. Urgency
6. Familiarity and liking
Authority and Trust
Describes person that gives an air of authority and outward signs of authority to make people listen
Intimidation
Browbeating people into doing what you want by scaring them and threatening that something bad will happen to them and/or the organization.
Consensus and Social Proof
Herd mentality
When people don’t know how to react in a situation, they look for behaviors of others and follow.
Scarcity
Making people believe that if they don’t act quickly, they will miss out.
Urgency
Hackers create situations where people feel pressured to act quickly because time is running out.
Familiarity and Liking
Use of flattery, false compliments, and fake relationships to get on a target’s good side and influence their activities.
Security Training
Provides users with detailed info they need to protect the organization’s security.
Security Awareness
Reminds employees about the security lessons they’ve already learned.
