Network Security 8 Flashcards
the most secure algorithm for storing and encrypting data at rest is the Advanced Encryption Standard (AES), a symmetric key cipher that makes use of different key and block sizes and creates a near-impenetrable encryption. AES modifies the plaintext input by performing a series of transformations on the data to create ciphertext.
AES
Your company may deem some data too sensitive to be stored within a public cloud provider. Therefore, you will need to set aside a location within your private cloud or corporate data center to house such data. In other cases, your data may be subject to data residency requirements that stipulate the physical or geographical location where the data must reside. Data residency requirements are occasionally seen in government organizations where public records may not leave the state or territory where the information was obtained.
info
Data encryption at rest provides a physical safeguard for your data because even if the server is stolen and physically removed from the datacenter, the data remains protected and inaccessible to the attacker.
*** When you encrypt the DEK, you use an asymmetric encryption key called a key encryption key (KEK).
data
allows internet users to authenticate to your application using federated identity servers at Google, Facebook, Twitter, and other sites where they may already have an account.
Federated identity management
Once you have classified your data, you should determine who requires access to the data and to what degree they should have access.
Access Control
is a secured region of your private network where firewalls are configured to carefully inspect traffic entering and leaving the network, and on occasion, intrusion prevention systems (IPS) are implemented within the ________ to mitigate any server-to-server attacks within the ________.
extranet
Cloud providers, both private and public, require a form of authentication to prove your identity and include authorization rules, such as IAM, to control what you may access. when an application needs to access resources within a cloud provider, it typically uses something known as a service account, they do not have passwords, and you cannot use the accounts to log in to the cloud provider’s administrative portal, The service accounts are authenticated using special strings of characters known as application programming interface (API) keys.
cloud info
a symetric encryption and is not as strong as AES and can be cracked uses 56-bit encryption.
*** WPA (Wi-Fi Protected Access) : generates a new 128-bit encryption key for every packet sent on network, stronger than WEP.
3DES
uses 128/192/256-bit key encryption, is symmetric key algorithm, very hard to crack.
*** WEP : not very secure uses either 40/104-bit key encrytion
*** WPA2 : uses CCMP which is part of AES encryption stronger than WPA but has weaknesses.
AES
has minimum key strength of 192-bits for enterprise mode connections used by organizations, now doesnt use passphrase but SAE which ensures intial key exchange in personal mode is more secure by eliminating the need to tell others the key before they connect to network. Also has PFS that ensures if one session key is compromised, that compromised key will only affect data exchanged in that encryption session, not in any past or future sessions. the encryption of management frames, such as de-associating from the network.
WPA3
