General Security Concepts Flashcards

Question

# Proof of Integrity Cryptography

Answer 1

Hash - Represent data as a short string of text. - A message digest, a fingerprint. if data changes, hash changes. (person changes, different fingerprint)

Answer 2

-integrity -authentication -non-repudiation -sign with private key -verify with public key

Answer 3

Authentication, Authorization, and Accounting

Answer 4

-Identification, who you claim to be, usually your username - Authentication, prove who you are, password and other factors

Answer 5

How to authenticate a device? -Put a digitally signed certificate on the device.

Answer 6

device or software that is responsible for managing all of the certificates in our environment. -SIGNED BY ROOT

Answer 7

Organization has -trusted CA -creates certificate for a device (digitally signs with org's CA) -Cert can now be included on a device as an authentication factor ( CA's digital signature is used to validate the cert)

Answer 8

- Authorization, based on your identification and authentication, -what access do you have? -add abstractions to reduce complexity - create clear relationship between user and resource.

Answer 9

- Accounting, resources used: login time, data sent and received, logout time.

Answer 10

-Where you are compared with where you want to be -the gap between the two - This is an extensive study with numerous participants.

Answer 11

Zero trust is a holistic approach to network security - covers every device, every process, every person. - NOTHING is trusted - everything must be verified. -MFA, encryption, system permissions, additional firewalls, monitoring and analytics

Answer 12

-Manages the actions of the data plane -define policies and rules - determines how packets should be forwarded -routing tables, sessions tables, NAT tables

Answer 13

-Where we are examining the identify of the individual and apply security controls based on not just which the user is telling us but info we are gathering => -Consider the source and the requested resources -multiple risk indicators -relationship to the organization, physical location, type of connection, IP address, etc. - Once we examine all these resources we can Make the authentication stronger if needed.

Answer 14

-Another way to limit this trust is to decrease the number of possible entry points in the network. -Entry points could be limited by VPN or inside of the building for example

Answer 15

Once you have Adaptive Identity and Threat scope reduction in place - Puts them all together and determines if the person is who they say they are.

Answer 16

- the gatekeeper between subject and system. - Allow, monitor, and terminate connections, can consist of multiple components working together. Does not make decisions to allow or disallow traffic but does gather info and provides it to Policy Decision Point.

Answer 17

includes the Policy Admin and Policy Engine. - There's a process for making an authentication decision.

Answer 18

Communicates with the Policy Enforcement Point -Takes decision from PEP and generates access tokens or credentials - Tells the PEP to allow or disallow access.

Answer 19

Evaluates Each access decision based on policy and other information sources - Grant, deny, or revoke.

Answer 20

-part of the device that is performing the actual security process (switch, router, or firewall) -Process the frames, packets, and network data - Processing, forwarding, trunking, encrypting, NAT

Answer 21

The subject or system is the user or device that is requesting access to the resources.

Answer 22

- another way to qualify the identity of a person is WHERE they are connecting from - and where we are connection to -ex: untrusted to trusted, internal to external, VPN1 to VPN5, Marketing to IT.

Answer 23

Trusted to Internal Zones - and inherited trust from one location to another

Answer 24

- way to attract attackers to your system and keep them involve - see what type of tactics they are using - what type of automation they are using and what systems they are trying to attack - honeypots are Virtual worlds

Answer 25

multiple honeypots turn into a honeynet - network that is more than a single device - servers, workstations routers, switches, firewalls. - make it look real to an attackers

Answer 26

attract the attacker with more honey - files with fake info - bright and shiny - important or sensitive info (fake) -an alert is sent if the file is accessed -virtual trap

Answer 27

- traceable data - if copied or distributed you'll know where it came from - example - fake API credentials , database records, browser cookies.

Answer 28

Change before, during, and after implementation to reduce potential impacts that the change may incur. -WHAT needs to change

Answer 29

* formal process for managing change -avoid downtime, confusion and mistakes * Typical approval process -request **request** forms -purpose for the change -**review phase** -identify the scope of the change - schedule a date and time of the change - determine affection systems and the impact - analyze the risk associated with the change - get **approval/reject** from the change control board - get end-user acceptance after the change is complete

Answer 30

-refers to the primary person who is responsible for overseeing the change process. - ensures the process is followed and acceptable - process updates are prided to the owner - they don't OWN the process and don't usually perform the actual change

Answer 31

-they are who are imapcted by this change - they will want to have some input on the change management process. -

Answer 32

* determines the risk value - high, medium, low

Answer 33

* Sandbox testing envirnomnet (testing in controllable environment) -no connection to real world or production system -a technological safe space * Use before making changes to the production -try the upgrate, the apply the patch -test and confirm before deployment * Confirm the backout plan

Answer 34

* A plan to revert back to your original configuration -prepare for the worst and hope for the best.

Answer 35

* What time frame to implement the change with the least impact on business operations. * Can be the most difficult part of the process.

Answer 36

* Process must be well documented * Should be available on the Intranet along with all standard processes and procedures. -request -review -approve/reject -test -schedule and implement -document

Answer 37

* Putting the change management process into acting / executing the plan * HOW to change it

Answer 38

* Security policy that can control app execution. -Allow list- nothing runs unless approved, very restrictive -Deny List - nothing on the bad list can be executed - anti virus, anti malware

Answer 39

* During change, certain activities may need to be restricted. * These restrictions on activity might affect business processes and should be considered when developing a change management strategy to reduce the impact on business processes.

Answer 40

* Services will eventually be unavailable. -usually scheduled during non-production hours. * if possible prevent downtime -switch to secondary system, upgrade primary, switch back. * If downtime - send emails and calendar updates.

Answer 41

* Implement the new configuration, reboot the OS, power the switch, bounce the service. * Services -Stop and restart the service/daemon, may take seconds or mins * Apps -Close the app completely, launch new app instantly

Answer 42

* No longer supported by the manufacturer or vendor * May not be compatible with the change or create a vulnerability in the system, threatening confidentiality.

Answer 43

* To complete A, you must complete B -modifying one componenet may require changing or restarting other components. * Dependencies may occure across systems.

Answer 44

* Required with the change management process * can become outdated very quickly

Answer 45

* Modifications to network configs * traffic flow diagrams, physical diagrams, logical, or business flow diagrams.

Answer 46

* Policies are statements of intent * Procedures ate step by step guides the define the process to be followed based on circumstances. * Policies and procedures may not be the same after the change.

Answer 47

* Process that all users and systems are using the latest software or apps. * also tracks how and when an update is applied during change. - router config, windows os patches, app registry entrires

Answer 48

* changing data from one form to another to protect it.

Answer 49

* Policies and procedures (hardware/software/people) -Responsible for creating, distributing, managing, storing, revoking associated with Digital Certificates. * PKI for people or devices for Certificate Authority - all about trust, who they say they are.

Answer 50

* Share with public during communication * key is predefine set of characters, used in an encryption algorithm to change indecipherable state back to plan text data.

Answer 51

* Only known and avaiable for use by the user.

Answer 52

* storage of cruptographic keys by third party. * owner to recover keys in case of loss.

Answer 53

* Single, shared key. * encrypt/decrypt with same key. * Secret Key Algorithm - shared secret. * Often combined with asymmetric * DES (Data Encryption Standard) - Highly insecure 64 bit, Triple DES, more secure, and (AES) Advanced Encryption Standard - most widely used, 3 lengths: 128, 192, 256 bit.

Answer 54

* two or more mathmatically related keys. * private key- only key that can decrypt - can't derive the private key from the public key. * public key - if they gain access to info, they cannot decrypt with public key, they have to have private key. * most common is RSA public key algorithm, based on factoring prime numbers.

Answer 55

* encrypts all data on a disk including OS, system files, user files. * BitLocker/FileVault/etc

Answer 56

* encryption to specific partition on disk * commonly used on dual-booted systems * BitLocker/FileVault/etc

Answer 57

* Encryption to specific section of disk. * Large number of files but don't want entire partition or full disk. * BitLocker/FileVault/etc

Answer 58

* Or file-level encryption , specific files * Encryption File System (EFS) * third-party utilites.

Answer 59

* protects stored data and transmission of that data * Transparent Data Encryption (TDE) -encrypts entire database with symmetric key * Record Level Encryption / Column Level Encryption (CLE) -encrypts specified column in database. -uses separate symmetric keys for each column.

Answer 60

* encrypt data in transit / protect data traversing the network. * VPN -client based VPN using SSL/TLS - Site to site VPN using IPsec

Answer 61

* convert plaintext to ciphertext using key. * key value is inserted into encryption algorithm, applied to data resulting in cyphertext that can be deciphered by reversing encryption algorithm with key.

Answer 62

* the larger the key the more secure * symmetric encryption -128 bit or larger are common, larger and larger as time goes on * asymmetric encryption -complex calculations of prime numbers -largery keys than symmetric encryption -common to see key lengths of 3072 bits or larger

Answer 63

* make a weak key stronger by performing multiple processes -hash a password, hash the hash, hash the hash of the hash. etc. -key stretching is key strengthening.

Answer 64

* securely distributing keys needed for cryptographic algorithms * Out of band exchange/ -telephone exchange, courier, or in-person/Offline distribution (physical distribution) * In-band exchange -on the network, protect with additional encryption -asymmetric encryption to deliver a symmetric key.

Answer 65

* module/chip with built-in cryptoprocessor functions. * Persisten Memory -Unique keys burned in during manufacturing. * Versatile Memory -Storage keys, hardware config info -Securely store BitLocker Keys. * Password Protected

Answer 66

* used in large environments * securely creates, manages, stores thousands of cryptographic keys. * Cryptographic accelerator

Answer 67

* Services are everywhere, on premises, cloud-based. * Manages all keys from centralized manager. * provdes security of cryptographic keys. -How keys are encrypted -composition requirements of keys -validity length of keys -retirement of keys -distribution of keys -storage of keys

Answer 68

* a protected area for our secrets * implemented as hardware processor * isolated from main processor *

Answer 69

* take something that is normally easy to understand and you make it much more difficult to understand. * hide info in plain sight. -hide info within an image: steganography

Answer 70

* used to hide data inside other data * not encrypted but hidden using obfuscation * can be detected by comparing hash files. - data can be hidden in audio, video and image, etc. - embed messages in tcp packets (network based) - or invisible watermarks (yellow dots on printers)

Answer 71

* replace sensitive data with a non-sensitve placeholder -is not encryption or hasing, since original data and token aren't mathmatically related.

Answer 72

* Data Obfuscation -hiding some of the original data * Protects PII * May only be hidden from view -substituting, shuffling, encrypting, masking out -"are the last four digits of your social "****____"

Answer 73

* represent data as a short string of text -message digest, a fingerprint * Impossible to recover the original message from the digest * Confidentiality -used to store passwords * Integrity - verify downloaded document is the same as original * Can be a digital signature - authentication, non-repudiation, and integrity.

Answer 74

* 256 bits, 64 hexadecimal

Answer 75

* different inputs should never create the same has. * Duplicated hashes create a collision * MD5 has a collision problem -found in 1996 - don't use for anything important.

Answer 76

* Verify a DL -hashes may be provided on the dl site -compare the dl file hash with the posted hash value. * Password storage - don't store passwords, store salted (hash plus extra info) hash - compare hashes during authentication process - noone knows actual password.

Answer 77

* random data added to password when hashing * every user gets their own random salt * rainbows tables won't work with salted hashes * slows things down with brute force process

Answer 78

* proves message was not changed -integrity * proves source of the messgae -authentication * makes sure signature isn't fake -non repudiation * sign with private key -doesn't need to be encrypted * verify with public key -any change in message will invalidate

Answer 79

* distributed ledger - public -keeps track of transactions * everyone in the blockchain network maintins the ledger -records and replicates to anyone and everyone. * Many practical applications -payment processing -digital identification -supply chain monitoring -digital voting

Answer 80

* transaction is requested * transaction is sent to every computer (or node) in a decentralized network to be verified. * Verified transaction is added to a new block of data containing other recently verified transactions. * To complete to block, a hash is calculated from the previous blocks of transaction data in the block chain. Hash is added to the new block of verified transactions. * Block is added to the end of the Blockchain, which is then updated to all nodes in the nework for security. Transaction is complete. * If any blocks are altered, it's hash and all following hashes in the chain are automatically recalculated. * The altered chain will no longer match the chains stored by the rest of the network, and will be rejected.

Answer 81

* file that contains public key and digital signature. -digital versions of ID card. * Digital signature adds trusts -PKI uses CA (certificate authority) for additional trust. - Web of Trust adds other users for additional trust. * Certificate creation can be built into the OS - part of windows domain services - many third party options * X.509 format * Certificate Details -serial number -version -signature algorithm -issurer -name of the cert holder -public key -extensions

Answer 82

* third party vouch that something is trustworthy. - can be hardware, software, firmware or other component. - HSM (hardware security module), Secure Enclave, Certificate Authority, etc.

Answer 83

* third party that digitally signs certificates stored on websites signifying we can trust them. * real time verification

Answer 84

* built into your browswer * purchase your website certificates * CA is responsible for vetting the request -CA confirms the certificate owner, additional veritification info may be required by the CA.

Answer 85

* Create key pair, send the public key (with applicant identifying info) to CA to be signed -called Certificate Signing Request (CSR) * CA validates the request -confirms DNS emails and website ownership. * CA digitally signs the cert -returns to the applicant.

Answer 86

* YOU are your own CA -build it in house -your devices must trust the internal CA * Needed for medium to large organizations -may web servers and privacy reqs. * Implement as party of your overal computing strategy -example: Windows Certificate Services, OpenCA

Answer 87

* Internal Certs don't need to be signed by a public CA - your company is the only one going to use it. - no need to purchase trust for devices that already trust you. * Build your own CA -Issue your own certificates signed by your own CA * Install the CA cert/trusted chain on all devices - they'll now trust any certs signed by your internal CA - Works exactly like a cert you purchased.

Answer 88

* Subject Alternative Name (SAN) -Extension to an X.509 cert -Lists additional identification information - Allows a cert to support many different domains.

Answer 89

* Certificates are based on the name of the server * will apply to a server names in a domain.

Answer 90

* Maintained by the CA * Can contain many revocations in a large file -revoked by issuing CA prior to expiration date - cannot be trusted. * Heartbleed is an example

Answer 91

* Provides scalability for OCSP checks * alt. way of checking certs validity. * instead of CRL, OCSP provides real-time check of cert's validity. * IN the SSL/TSL handshake - OCSP handshake. -signed by the CA digitally.