General Security 4 Flashcards
What are Hashes?
- Data represented as String of Text
- Impossible to recover Data
- Integrity
- Can be Digital Signature
What is a Collission?
- Different input same output
- MD5
What are practical uses of Hashes?
- Verify downloaded files
- Password storage
- Digital Signature
What is salting?
- Adding random data to password when using hash
- slows brute forcing down
What is the Blockchain?
- Distributed Ledger: Keeps track of transactions
- Everyone on Blockchain maintains ledger
What are practical applications of Blockchain?
- Payment Processing
- Digital Identification
- Supply Chain monitoring
- Digital voting
How does the Blockchain work?
- Any kind of Transaction
- Transaction is sent to every computer (node) on the Blockchain
- Transaction is verified by every node on Blockchain
- Verified Transaction is added to block of verified transactions
- Hash is added to Block to keep integrity of all transactions of block
- Copy of Block is sent to everyone on ledger
- If Block has been modified, everyone will notice and will be consequently be thrown out of ledger
What are Certificates?
- Binds Public Key with digital signature
- Adds trust
- Can be built in OS or via third party
Digital Certificate
* X.509 standart format
* Included Certificate Details: Serial Number, Version, Algorithm, issuer, Name of Cert holder, public key, extensions and more…
What is a CA?
Certificate Authority
* Third Party signing certificates
* Built into Browser
* Does verification of the website and its owner
What are private Certificate Authorities?
You are your own CA
* Build it in-house
* Your devices must trust the internal CA
Needed for medium-to-large organizations
* Many web servers and privacy requirements
Implement as part of your overall computing strategy
* Windows Certificate Services, OpenCA
How does certificate signing process work?
- Applicant creates Key Pair
- Combines public key with applicant information to Certificate Signing Request (CSR)
- Sends CSR to Certificate Authority
- CA validates CSR and digitally signs it with private key
What are self-signed certificates?
Internal certificates don’t need to be signed by a public CA
- Your company is the only one going to use it
- No need to purchase trust for devices that already
trust you
Build your own CA
- Issue your own certificates signed by your own CA
Install the CA certificate/trusted chain on all devices
- They’ll now trust any certificates signed by your
internal CA - Works exactly like a certificate you purchased
What are Wildcard Certificates?
- Type of SSL/TLS certificate that certifies domain and subdomains with the same certificate
What is Key Revocation?
- Certificates can be revoked by CA via Certificate Revocation list (CRL)
- Reason can be vulnerability
What is OCSP stapling?
Online Certificate Stapling Protocol
* Certificate holders verify their own status
* OCSP status is “stapled” into SSL/TLS handshake
* Digitally signed by CA