Module 15 Flashcards
To ensure secure communications across both the public and private infrastructure, the network
administrator’s first goal is to
secure the network
infrastructure, including routers, switches, servers, and hosts.
There are three primary objectives of securing
communications:
- Authentication
- Integrity
- Confidentiality
Authentication
There are two primary methods for validating a source in network communications:
authentication services and
data nonrepudiation services.
In network communications, authentication can be accomplished using
cryptographic methods.
is a similar service that allows the sender of a message to be uniquely
identified.
Data nonrepudiation
With nonrepudiation services in place, a sender cannot deny having been the source
of that message.
ensures that messages are not altered in transit. With___, the receiver can verify that the received message is identical to the sent message and that no manipulation occurred.
Data integrity
ensures privacy so that only the receiver can read the message. This can be achieved through encryption.
Data confidentiality
is the process of scrambling data so that it cannot
be easily read by unauthorized parties.
Encryption
When enabling encryption, readable data is called ____ while the encrypted
version is called __.
readable data = plaintext, or cleartext,
encrypted version = encrypted text or ciphertext
The plaintext readable message is converted to
ciphertext, which is the unreadable, disguised message.
reverses the process of encryption
Decryption
A __ is required to encrypt and decrypt a message. The ___ is the link between the plaintext
and ciphertext.
key
Using a ____ is another way to ensure data confidentiality. A____ transforms
a string of characters into a usually shorter, fixed-length value or key that represents the
original string.
hash function
The difference between hashing and encryption is
in how the data is stored.
The ___ was an electromechanical
encryption device that was developed and used by Nazi Germany during World War II. The device depended on the distribution of pre-shared keys that were used to encrypt and decrypt messages.
Enigma machine
depended on the distribution of pre-shared keys that were used to encrypt and decrypt messages.
Enigma machine
In ____, no letters are replaced; they are simply rearranged.
transposition ciphers
Another example of a transposition cipher is known as the ____. They are staggered, some in front, some in the middle and some in back, across several parallel lines.
rail fence cipher
Modern encryption block cipher algorithms, such as ____, still use transposition as part of the algorithm.
AES and the legacy 3DES,
____ substitute one letter for another. In their simplest form, ____ retain the letter frequency of the original message.
Substitution ciphers
The ____ is based
on the Caesar cipher, except
that it encrypts text by using a
different polyalphabetic key
shift for every plaintext letter.
The different key shift is
identified using a shared key
between sender and receiver.
Vigenère cipher
__ was an AT&T Bell Labs engineer who, in 1917, invented, and later patented, the stream cipher. He also co-invented the one-time pad cipher.
Gilbert Vernam
Vernam proposed a teletype cipher in which a prepared key consisting of an arbitrarily long, non-repeating sequence of numbers was
kept on paper tape. It was then combined character by character with the plaintext message to produce the ciphertext.
To decipher the ciphertext, the same paper tape key was again combined character by character, producing the plaintext. Each tape was used only once; hence, the name one-time pad. Several difficulties are inherent in using onetime pads in the real world.
one-time pad ciphers
the stream cipher
is the practice and study of determining the meaning of encrypted information
(cracking the code), without access to the shared secret key. This is also known as
Cryptanalysis or codebreaking.
Throughout history, there have been many instances of cryptanalysis:
- The Vigenère cipher had been absolutely secure until it was broken in the 19th century by English cryptographer Charles Babbage.
- Mary, Queen of Scots, was plotting to overthrow Queen Elizabeth I from the throne and sent encrypted messages to her co-conspirators. The cracking of the code used in this plot led to the beheading of Mary in 1587.
- The Enigma-encrypted communications were used by the Germans to navigate and direct their U-boats in the Atlantic. Polish and British cryptanalysts broke the German Enigma code. Winston Churchill was of the opinion that it was a turning point in WWII.
Methods of Cracking Code
Several methods are used in cryptanalysis:
- Brute-force method
- Ciphertext method
- Known-Plaintext method
- Chosen-Plaintext method
- Chosen-Ciphertext method
- Meet-in-the-Middle method
- The attacker tries every possible key knowing that eventually one of them will work.
- Brute-force method
- The attacker has the ciphertext of several encrypted messages but no knowledge of the underlying plaintext.
- Ciphertext method
- The attacker has access to the ciphertext of several messages and knows something about the plaintext underlying that ciphertext.
- Known-Plaintext method
- The attacker chooses which data the encryption device encrypts and observes the ciphertext output.
- Chosen-Plaintext method
- The attacker can choose different ciphertext to be decrypted and has access to the decrypted plaintext.
- Chosen-Ciphertext method
- The attacker knows a portion of the plaintext and the corresponding ciphertext.
- Meet-in-the-Middle method
A more scientific approach is to use the
fact that some characters in the English
alphabet are used more often than
others. This method is called
frequency
analysis.
When choosing a cryptanalysis method,
consider the Caesar cipher encrypted
code. The best way to crack the code is
to use ____. Because there are
only 25 possible rotations, the effort is
relatively small to try all possible
rotations and see which one returns
something that makes sense.
brute force
is the science of making and breaking
secret codes.
Cryptology
cryptology combines two separate disciplines:
*Cryptography - the development and use
of codes
*Cryptanalysis - the breaking of those
codes
is often used by governments in military and diplomatic surveillance, by enterprises in testing the strength of security procedures, and by malicious hackers in exploiting weaknesses
in websites.
Cryptanalysis
are individuals who perform cryptanalysis to crack secret codes.
Cryptanalysts
MD5 (legacy)
SHA
Integrity
H for hashing
HMAC-MD5 (legacy)
HMAC-SHA-256
RSA and DSA
Authenticity
3DES (legacy)
AES
Confidentiality
E for encrypting
The three primary objectives of securing communications are
authentication, integrity, and confidentiality.
Authentication may be secured by
HMAC.
is ensured through the use of the SHA family of hash generating algorithms.
Integrity
is ensured through symmetric encryption algorithms, such as AES, and
asymmetric algorithms, such RSA and PKI.
Data confidentiality
proves that a message actually comes from a valid source.
Authentication
is a similar service to authentication in that it allows the sender of a message to be uniquely identified.
Data nonrepudiation
ensures that messages are not altered in transit.
Data integrity
ensures privacy so that only the intended receiver can read the message.
Data confidentiality
Three types of cipher are
transposition, substitution, and one-time pad
is the practice and study of determining the meaning of encrypted information (cracking the code), without access to the shared secret key.
Cryptanalysis, or codebreaking,
The objective of modern cryptographers is
to have a keyspace large enough that it takes too much time and money to accomplish a brute-force attack.
is the science of making and breaking secret codes. It combines cryptography and
cryptanalysis.
Cryptology
The choice of algorithm varies depending on the security requirements, the hardware resources
that are available for encryption and decryption, and the acceptance of the algorithm in the security community.
True
With most modern algorithms, the security of encryption lies in the secrecy of the __ not the
algorithm.
keys
Ensures privacy so that only the receiver can read the message.
confidentiality
Ensures that messages are not altered in transit.
integrity
Guarantees that a message comes from the source that it claims to come from.
authentication
In banking, it can be achieved by requiring a secure personal identification number (PIN) at an ATM.
authentication
Encryption and hashing are used to make certain that only authorized entities can read the message.
confidentiality
A key is required to encrypt and decrypt a message.
confidentiality
The receiver can verify that the received message is identical to the sent message and that no manipulation occurred.
integrity
What is a cipher that replaces one letter for another, possibly retaining the letter frequency of the original message?
A substitution cipher replaces one letter for another, possibly retaining the letter frequency in the cleartext language.
What is a method of cryptanalysis in which an attacker tries every possible key knowing that eventually one of them will work?
In a brute-force attempt to decipher a coded message, every possible value is attempted.
What cipher method does 3DES use as part of the algorithm?
A transposition cipher is used in part by the legacy 3DES algorithm.
What is the term for when a device cannot refute the validity of a message that it has received?
Nonrepudiation means that a device cannot refute the validity of a message sent.
What is the practice and study of determining the meaning of encrypted information, without access to the shared secret key?
Cryptanalysis is the study of determining the meaning of coded messages without access to message key.
Refer to the exhibit. Which type of cipher method is depicted?
transposition cipher
There are many cipher methods developed for message encryptions. In transposition ciphers, no letters are replaced; they are simply rearranged. An example of this type of cipher is known as the rail fence cipher. In this transposition, the words are spelled out as if they were a rail fence, meaning some are in front and some in back across several parallel lines.
What are two objectives of ensuring data integrity? (Choose two.)
data is unaltered during transit
data is not changed by unauthorized entities
The objectives for data integrity include data not being altered during transit and not being changed by unauthorized entities. Authentication and encryption are methods to ensure confidentiality. Data being available all the time is the goal of availability.
A network security specialist is tasked to implement a security measure that monitors the status of critical files in the data center and sends an immediate alert if any file is modified. Which aspect of secure communications is addressed by this security measure?
data integrity
Secure communications consists of four elements:
Data confidentiality - guarantees that only authorized users can read the message
Data integrity - guarantees that the message was not altered
Origin authentication - guarantees that the message is not a forgery and does actually come from whom it states
Data nonrepudiation – guarantees that the sender cannot repudiate, or refute, the validity of a message sent
To answer the question, you do not need to consider the exhibit. The exhibit shows a lock with the word “PASSWORD” above a window that is on the front of the lock. Within the window the following information appears : ***8 OK.
Which type of attack allows an attacker to use a brute force approach?
password cracking
Common ways used to crack Wi-Fi passwords include social engineering, brute-force attacks, and network sniffing.
Why would HMAC be used to help secure the data as it travels across various links?
it is a hashing algorithm used to guarantee that the message is not a forgery and actually comes from the authentic source
MD5 is a hashing algorithm that guarantees that no one intercepted the message and altered it. Advanced Encryption Standard (AES) is a popular symmetric encryption algorithm where each communicating party needs to know the pre-shared key. Public key infrastructure (PKI) is an asymmetric encryption algorithm based on the assumption that the two communicating parties have not previously shared a secret key. HMAC is a hash message authentication code that guarantees that the message is not a forgery and actually comes from the authentic source.
What is the focus of cryptanalysis?
breaking encrypted codes
Cryptology is the science of making and breaking secret codes. There are two separate disciplines in cryptology, cryptography and cryptanalysis. Cryptography is the development and use of codes. Cryptanalysis is the breaking of those secret (encrypted) codes.
What is cryptology?
the science of making and breaking secret codes
Cryptography is the science of creating transposition and substitution ciphers. Cryptanalysis is the science of cracking the code without access to the shared secret key. Cryptology is the science of making and breaking secret codes. Cryptology combines cryptography and cryptanalysis.
Which objective of secure communications is achieved by encrypting data?
confidentiality
When data is encrypted, it is scrambled to keep the data private and confidential so that only authorized recipients can read the message. A hash function is another way of providing confidentiality.
What is the purpose of a nonrepudiation service in secure communications?
to ensure that the source of the communications is confirmed
Nonrepudiation uses the unique characteristics of the sender of a message to confirm that the reputed sender is in fact the actual sender.
A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration?
confidentiality
Confidentiality ensures that data is accessed only by authorized individuals. Authentication will help verify the identity of the individuals.
What is an example of the transposition cipher?
rail fence
RC4 is an example of the one-time pad cipher, and it is widely used on the Internet. The Caesar cipher is a simple substitution cipher, and the Vigenère cipher is based on the Caesar cipher. An example of the transposition cipher is the rail fence cipher.
To answer the question, you do not need to consider the exhibit. The graphic displays a conveyor belt with items on it. The items include a combination of the characters 10100 going through a box and as they exit the box they are being modified into the characters %&@.
As data is being stored on a local hard disk, which method would secure the data from unauthorized access?
data encryption
Data encryption is the process of converting data into a form where only a trusted, authorized person with a secret key or password can decrypt the data and access the original form.
