Flash Flashcards
Storage timing covert
Process and ram related
Certification and accreditation
Trust and assurance
Certification is the comprehensive technical analysis of a solution to confirm it meets the desired needs.
Accreditation is management’s official sign-off of certification for a predetermined period of time.
other words, trust is the presence of a security mechanism, function,
or capability. Assurance is the degree of confidence in satisfaction of security needs.
PP; toe and security target
The first component is the Protection Profile (PP). The PP lists the security capabilities that a type or category of security products should possess.
Target of Evaluation (TOE) is the next component. Using the earlier firewall example, if a vendor desires for their firewall to be rated according to the Common Criteria, the firewall would be considered the TOE. The TOE—the Target of Evaluation—is simply a vendor’s product that’s being rated and being assessed according to the Common Criteria.
The next component, the Security Targets (ST), describe—from the vendor’s perspective—each of the firewall’s security capabilities that match up with capabilities outlined in the Protection Profile.
Written statement by vendor explaining how functional and assurance specifications of the product meet the protection profile (PP) requirements
Binding and sealing in TPM
Binding – A cryptographic operation in which data is encrypted in such a way that it is tied (bound) to a specific TPM’s hardware and software configuration. For example, encryption keys that are stored on a TPM can be bound to it, ensuring that keys are only accessible by that specific TPM and that the system’s integrity has not been compromised.
Sealing – A cryptographic operation that involves encrypting data. However, unlike binding, sealing is not tied to the TPM’s state or configuration. Instead, sealing is used to only allow the data to be decrypted in certain conditions, such as in the presence of certain software or after user authentication. As an example, sealing can be used to ensure that certain data can only be decrypted by the TPM if a user logs into a system with the correct credentials.”
Resource pooling in cloud
Resource pooling relates to sharing the three primary sources of cloud computing (processors, disk space, and the network). They are almost never directly accessible because of typically being shared—pooled—among multiple users. So, resource pooling describes the relationship between the fundamental hardware that makes up the compute, storage, and network resources—the pool—and the multiple customers that utilize those resources. This is one of the key characteristics of cloud computing that points to significant value and economies of scale for consumers and cloud providers.
Difference between monolithic ; micro services and server less (Faas)
Monolithic applications typically comprise of a back-end database, an application and a user interface. Correspondingly, this implies a single large code base, and changes to an application may require updates to all three areas.
Compared to a monolithic application that exists and operates as one unit, microservices exist and function as separate units that are loosely coupled via API calls.
The term serverless takes the basic premise of microservices—hyperfocused, independent pieces of functionality coupled together through APIs—and extends it to the cloud.
SASE
Secure access service edge (SASE), pronounced sassy, is a suite of technologies that is often looked upon as the future of wide area networks (WANs). It combines network security and wide area networking into a cloud-based service. It aims to get data and services as close to the end users as possible, while still maintaining robust security.
Difference between xss and csrf
With XSS, the target of attack is the user’s browser; with CSRF, the target of attack is the web server
The success of a cross-site request forgery attack is predicated upon the concept of “persistence” that cookies in
Reflected and stored xss
In the first example, malicious code is stored on the web server. This type of cross-site scripting is known as stored or persistent because the malicious code is stored on the server, and every user who visits that webpage is going to fall victim to that attack. In the second example, malicious code is reflected back to the victim via a carefully crafted URL. So, unlike the persistent cross-site scripting attack (which leverages multiple victims) reflected cross-site scripting targets one victim—the person who clicks on the provided crafted URL. Anyone else who visits the normal URL will not be impacted.
Confusion and diffusion
The first property is known as confusion, which focuses on hiding the relationship between the key and the resulting ciphertext. The confusion property suggests that if one bit of the key is changed, then about half of the bits in the ciphertext should change.
Diffusion follows similar thinking as confusion, but is focused on the plaintext. It suggests that if a single bit of the plaintext is changed, then approximately half of the bits in the ciphertext should change. The diffusion property focuses on hiding the relationship between the plaintext and the ciphertext.
Block vs stream
However, block mode ciphers also provide an advantage, namely, that they have a high diffusion rate and are very resistant to tampering.
stream ciphers provide a clear speed advantage over block mode ciphers, because they work with one bit at a time as opposed to block ciphers that need to fill blocks and do creative operations with those blocks.
Null cipher
A null cipher involves hiding a plaintext message within other plaintext.
Deffie helman
Diffie–Hellman Key Exchange (uses discrete logarithms) is an asymmetric algorithm used primarily for symmetric key exchange.
CSR and issuance of certificates
After completing this process, the CSR will be effectively signed by the root of trust (root CA) private key, following the X.509 standard, and the certificate will be issued by an intermediate/issuing CA.
Key recovery
Dual control
Split knowledge
Key escrow
Side channel attack and fault injection attack
With a side-channel attack, the target is not the system or the algorithm itself. Rather, using complex tools, a system’s operations can be monitored and measured. Based upon these observations and measurements of items like timing (the length of time to perform an activity), power used (how much power is consumed during an activity), and radiation emissions (emissions made by all devices and systems), significant insight can be gleaned.
Fault Injection Attack In these attacks, the attacker attempts to compromise the integ- rity of a cryptographic device by causing some type of external fault. For example, they might use high-voltage electricity, high or low temperature, or other factors to cause a malfunction that undermines the security of the device.
Side-Channel Attack Computer systems generate characteristic footprints of activity, such as changes in processor utilization, power consumption, or electromagnetic radi- ation. Side-channel attacks seek to use this information to monitor system activity and retrieve information that is actively being encrypted.
Golden and silver ticket
The KRBTGT account is the Kerberos Key Distribution Center (KDC) service account and is responsible for encrypting and signing all Kerberos tickets. Through this access, an intruder can forge ticket granting tickets (TGT),
In this context, TGS tickets are known as silver tickets, because the scope of access is limited compared to the access of a golden ticket—the KRBTGT service account password hash. Silver tickets only allow for access to a particular resource, including the host system. However, the ability to forge silver tickets also means that an attacker can create TGS tickets undetected, because interaction with the KDC is not required.
HMAC
However, it operates in a more efficient manner than the digital signature standard described in the following section and may be suitable for applications in which symmetric key cryptography is appropriate. In short, it represents a halfway point between unencrypted use of a message digest algorithm and computationally expensive digital signature algorithms based on public key cryptography.
IP sec modes and security associations
IPsec provides for two discrete modes of operation. When IPsec is used in transport mode for end-to-end encryption, only the packet payload is encrypted. This mode is designed for peer-to-peer communication. When it’s used in tunnel mode, the entire packet, including the header, is encrypted. This mode is designed for link encryption.
At runtime, you set up an IPsec session by creating a security association (SA). The SA represents the communication session and records any configuration and status information about the connection. The SA represents a simplex connection. If you want a two-way channel, you need two SAs, one for each direction. Also, if you want to support a bidirec- tional channel using both AH and ESP, you will need to set up four SAs.
Some of IPsec’s greatest strengths come from being able to filter or manage communica- tions on a per-SA basis so that clients or gateways between which security associations exist can be rigorously managed in terms of what kinds of protocols or services can use an IPsec connection. Also, without a valid security association defined, pairs of users or gateways cannot establish IPsec links.
throughput
actual rate of successful data transfer achieved, measured over a period of time. Note that bandwidth is the maximum amount, while throughput is the actual amount.
signal-to-noise ratio
The level of the desired signal in comparison with the amount of background noise. A higher signal-to-noise ratio can allow for higher data transfer rates, because it means that there is less chance of lost packets and corrupt data.
Infiniband
InfiniBand A protocol for remote direct memory access (RDMA). This protocol is designed to provide access to memory as quickly as possible across the network. It is commonly used in applications like machine learning.
