Part-3 Flashcards
XOR operation
This is a technique used in obfuscation
Exclusive or
It is the smaller part of the larger block encryption
When are XOR operations commonly used?
They are commonly used to obfuscate malicious code.
XOR are used by knowledgeable malware authors to hide their malware from detection because why?
XOR operations are quick, simple, and require a little processing overhead
Security through obscurity
The practice of attempting to hide the existence of vulnerability is from others.
Cryptographic modules
Any software or hardware solution that implements one or more cryptographic concepts.
CSP
Cryptographic service provider
Windows software library that implements Microsoft crypto API. Developers can design their applications to call a CSP so that it can perform one or more cryptographic services for the application.
PKI
Public key infrastructure
A system that is composed of certificate authorities, certificates, software’s, services, and other cryptographic components, for the purpose of enabling authenticity and validation of data and entities.
PKI components
Digital certificate,
(OID) object identifier, (CA)certificate authority, (RA)registration authority,
(CSR) certificate signing request
Digital certificate
These are the most fundamental components of a PKI. The certificate validates that just a certificate holders identity Through a digital signature and is also a way to distribute the holders public key
OID
Object identifier
The identity Information included in his certificate is provided through OID’s
CA
Certificate Authority
A CA is a server that issues digital certificates and maintains the associated private/public key pair.
RA
Registration Authority
This server is responsible for verifying users and device identities and approving or denying request for digital certificates.
Some larger CA’s might have local registration authorities LRA’s
CSR
Certificate signing request
This is a message sent to ACA in which a resource applies for a certificate.
CA hierarchy or trust model
This is a single CA or group of CPAs that work together to issue digital certificates. Every CA in the hierarchy as a parent child relationship with the CA directly above it.
Chain of trust
When are use your device or other entity is present of a certificate, it validates the certificate through this which is also called certificate training
Certificate pinning
This is a method of trusting certificates and a more direct way that I typical see a hierarchy. This planning effectively bypasses the CA hierarchy and channel trust in order to minimize the man in the middle attack .
Root CA
This is the top most CA in the hierarchy and the most trusted authority
The route CA must be secured because if it is compromised all other certificates become invalid.
Private route CA
This is created by a company for use primarily with in the company itself. It can be set up and configured in house or contracted to a third-party vendor.
Public route CA
This is created by third-party or commercial vendor for general access by the public.
Symantec is a well-known provider a public certificate services
Subordinate CAs
Is there any CAs below the route in the hierarchy. Subordinate CA’s issue certificates and provide day-to-day management of the certificates, including renewal, suspension, and revocation.
Types of certificates
Self-signed, route, user, computer, email, code signing, (SAN) subject alternative name, wild card, (DV) domain validation, (EV)extended validation
Self signed certificate
This requires the client to trust the entity directly
SAN
Subject alternative name
An organization that owns multiple domains may want to combine those domains into a single SSL/TLS certificate.
Wild card
The certificate is similar to SAN certificate, but instead of enabling the use of multiple domains, it enables the certificate to apply to multiple subdomains.
X.509
PKI’s and CA hierarchies it here to a standard for formatting certificates.
If includes information such as: Version Serial number Algorithm used to sign certificate Name of issuing entity Period Of time valid Name of the subject being certified
X.509 certificate file formats
.der .pem .cer .p7b .p12 .pfx
Certificate lifecycle phase
Issuance Enrollment Renewal Revocation expiration Suspension
Certificate lifecycle factors
Length of private key
Strength of the cryptography used
Physical security of the CA and private key
Security of issued certificates and their private keys
Risk of attack
User trust
Administrative involvement
SSL/TLS Connection process
Use certificates
Client send request Server response with certificate Encryption negotiated Client sends encrypted session key Connection is encrypted
Private key protection methods
Back it up to removable media and store the media securely
Delete it from insecure media
Require a password to restore the private key
Never share the key
Never transmit key on the network or across the Internet after it is issued
Consider using key escrow to store a private key with trusted third parties
Key escrow
An alternative to keep back ups this can be used to store private key is securely, while allowing one or more trust a third parties access to the keys under predefined conditions. The third-party is called the key escrow agent.
M of N scheme
There are only a certain number of agents or trustees that have you thought he to recovery key. To prevent a single authorize Asian from a covering a key this scheme is the commonly used. It is a mathematical control that takes into account the total number of key recovery agents( N )Along with the number of agents required to perform a key recovery (M)
EFS
Encrypted file system
It uses Microsoft Windows NTFS based public encryption.
Revoke certificates
You might want a security entity to stop using a certificate for a specified period of time.
Reasons for certificate revocation
The certificate on his private key has been compromised or lost.
It was obtained by fraudulent means.
It had been superseded by another certificate
It’s holder is no longer trusted. This happens when someone leaves the company.
OCSP
Online certificate status protocol
Online certificate status protocol
And HTTP based alternative to CRL for dynamically checking the status of revoked certificates.
OCSP stapling
This transfer is the burden to the Web server that presents the certificate. The Web server queries the OCSP server a specific intervals, and the OCSP server response by providing a time stamped digital signature. The Web server a pens the signed response to the SSL/TLS handshake with the client so that the client can verify the certificates status.
Security framework’s
Regulatory—flow from government regulations that mandate certain behavior in Any legal entity that
Nonregulatory
Security framework examples
NIST 800 Series
COBIT 5
ITIL
ISO/IEC 27001
Compliance
The practice of ensuring that the requirements of legislation, regulations, industry codes and standards, and organizational standards are met.
Defense in depth
A tactic that leverages a layered approach to security, but instead of just focusing on the tools used to protect the system and its data, it is used to plan user training, policy adoption, physical protection, another, more comprehensive security strategies.
AUP
Acceptable use policy
States the limits and guidelines that are set for users and others to make use of an organization’s physical and intellectual resources; in other words, the rules of behavior for personnel.
