General Security 4

Question 1

What are Hashes?

Answer 1

• Data represented as String of Text
• Impossible to recover Data
• Integrity
• Can be Digital Signature

Question 2

What is a Collission?

Answer 2

• Different input same output
• MD5

Question 3

What are practical uses of Hashes?

Answer 3

• Verify downloaded files
• Password storage
• Digital Signature

Question 4

What is salting?

Answer 4

• Adding random data to password when using hash
• slows brute forcing down

Question 5

What is the Blockchain?

Answer 5

• Distributed Ledger: Keeps track of transactions
• Everyone on Blockchain maintains ledger

Question 6

What are practical applications of Blockchain?

Answer 6

• Payment Processing
• Digital Identification
• Supply Chain monitoring
• Digital voting

Question 7

How does the Blockchain work?

Answer 7

1. Any kind of Transaction
2. Transaction is sent to every computer (node) on the Blockchain
3. Transaction is verified by every node on Blockchain
4. Verified Transaction is added to block of verified transactions
5. Hash is added to Block to keep integrity of all transactions of block
6. Copy of Block is sent to everyone on ledger
7. If Block has been modified, everyone will notice and will be consequently be thrown out of ledger

Question 8

What are Certificates?

Answer 8

• Binds Public Key with digital signature
• Adds trust
• Can be built in OS or via third party

Digital Certificate
* X.509 standart format
* Included Certificate Details: Serial Number, Version, Algorithm, issuer, Name of Cert holder, public key, extensions and more…

Question 9

What is a CA?

Answer 9

Certificate Authority
* Third Party signing certificates
* Built into Browser
* Does verification of the website and its owner

Question 10

What are private Certificate Authorities?

Answer 10

You are your own CA
* Build it in-house
* Your devices must trust the internal CA

Needed for medium-to-large organizations
* Many web servers and privacy requirements

Implement as part of your overall computing strategy
* Windows Certificate Services, OpenCA

Question 11

How does certificate signing process work?

Answer 11

1. Applicant creates Key Pair
2. Combines public key with applicant information to Certificate Signing Request (CSR)
3. Sends CSR to Certificate Authority
4. CA validates CSR and digitally signs it with private key

Question 12

What are self-signed certificates?

Answer 12

Internal certificates don’t need to be signed by a public CA

• Your company is the only one going to use it
• No need to purchase trust for devices that already
  trust you

Build your own CA

• Issue your own certificates signed by your own CA

Install the CA certificate/trusted chain on all devices

• They’ll now trust any certificates signed by your
  internal CA
• Works exactly like a certificate you purchased

Question 13

What are Wildcard Certificates?

Answer 13

• Type of SSL/TLS certificate that certifies domain and subdomains with the same certificate

Question 14

What is Key Revocation?

Answer 14

• Certificates can be revoked by CA via Certificate Revocation list (CRL)
• Reason can be vulnerability

Question 15

What is OCSP stapling?

Answer 15

Online Certificate Stapling Protocol
* Certificate holders verify their own status
* OCSP status is “stapled” into SSL/TLS handshake
* Digitally signed by CA