Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Low Latency > Info Sec/ Remediation > Flashcards

Info Sec/ Remediation Flashcards

common vulnerabilities and fixes

1
Q

Weak SSL/TLS protocols should not be used

A

SSL and TLS version before TLS1.2 are considered weak
TLSv1.3 being the most secure as it removes support for older and insecure cipher suites.

Refactor uses of “SSLContext.getInstance” to a central SSLContextFactory that defaults to “TLS”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Whats the different parts of a cipher suite

A

Share

A cipher suite is a set of cryptographic algorithms used to secure a network connection, particularly in the context of TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer). During the handshake phase of a TLS connection, the client (e.g., a web browser or application) and the server agree on a cipher suite, which determines how various aspects of the connection are secured.

A cipher suite typically defines:

Key Exchange Algorithm: How the client and server will securely exchange the keys to be used for encryption (e.g., RSA, Diffie-Hellman, ECDH). This step is crucial for setting up a secure communication channel without prior key knowledge.

Authentication Algorithm: How the server’s identity is authenticated to the client (e.g., RSA, ECDSA). The server proves it holds a private key corresponding to a trusted certificate.

Symmetric Encryption Algorithm: How the actual data transferred between the client and server is encrypted (e.g., AES, ChaCha20). This encryption ensures confidentiality, meaning that only the client and server can understand the exchanged data.

Message Authentication Code (MAC) Algorithm: How the data’s integrity is ensured (e.g., HMAC-SHA256). This prevents tampering or unauthorized alteration of the messages being exchanged.

For Example

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
can be broken down as follows:

TLS: Specifies that the cipher suite is for use with the TLS protocol.
ECDHE (Elliptic Curve Diffie-Hellman Ephemeral): The key exchange algorithm. It ensures forward secrecy by generating a temporary key pair for each session.
RSA: The authentication algorithm, where the server proves its identity by using an RSA certificate.
AES_128_GCM: The symmetric encryption algorithm. AES (Advanced Encryption Standard) is used with a 128-bit key in GCM (Galois/Counter Mode), which provides both encryption and message integrity in a highly efficient manner.
SHA256: The message authentication code (MAC) algorithm. It uses HMAC (Hashed Message Authentication Code) with the SHA-256 hashing function to ensure the integrity of the messages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How user passwords should be stored in data. What is Syn doing wrong

A

Syn doesnt use one way hashing . It uses encryption
The ideal thing we want is to use the latest hashing algorithm “Argon2id”
Use a different salt to generate the hash.. the modern algo use it by default
use a pepper to generate the hash that stays out of the database

and have a high work factor > 2 or 5 depending on how much is your ssystem capacity as it slows things down

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

jasypt

A

jsypt can be used to encrypt values in the properties file. Its a bidirectional encryption so you can decrypt it also

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Low Latency (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions