Security+ 2 Flashcards
Output Encoding = protects against SQL injection and XSS by replacing dangerous characters of input. HTML uses “&” to replace dangerous values in HTML based web document / URL uses “%” to replace dangerous values in URL. Use trusted library to help encode dangerous characters.
Database Normal Forms = design rules for columns and tables; prevents data inconsistency, prevents update anomalies, reduce need for restructuring existing databases, make database schema more informative. Helps databases become more secure and performance.
info …
DAM = monitor all requests made to a database especially by use of admins, and watch for suspicious activity and flag those for review or direct intervention.
Deidentification : removes obvious data about individuals or things.
Data Obfuscation : transforms personally identifying info into a form thats no longer possible to tie to an individual person. Can use hashing/salting/token/masking.
info …
Stream Ciphers = operate on one character (bit) of a message at a time / Block Ciphers : operate on large segments of message at same time. Substitution Cipher = changes the characters in a message for example shifting letters from A’s then become B’s etc. Transposition Ciphers = rearrange characters in a message but dont change them.
info …
Exclusive Or (XOR) = use this to combine plain text and cipher text w/cryptographic keys. Is true when only 1 of 2 inputs is true. Confusion = every bit of ciphertext must depend on more than 1 bit of encryption key. Diffusion = changing single bit of plaintext should change about 50% of ciphertext bits. Obfuscation = uses cryptography to hide source code from users.
Security through obscurity = security of algorithm depends on secrecy of its approach.
info …
the cryptographic lifecycle = manages the use of encryption materials over time. Phases of Cryptographic Life Cycle === Phase 1 (Initiation) : gathers new requirements for new cryptographic system. Phase 2 (Development and Acquisition) : find appropriate combo of hardware, software, and algorithms that meet objectives. Phase 3 (Implementation and Assessment) : Configure and test the cryptographic system. Phase 4 (Operations and Maintenance) : ensures continued secure operation of the cryptographic system. Phase 5 (Sunset) : phase out the system and destroy/archive keying material.
info …
DES : algorithm takes 64 bits of plaintext and runs it through Feistel encryption function for 16 rounds. Each F-box round performs combo of substitution and transposition operations. No longer considered secure. Symmetric encrypt. algorithm, its a block cipher operating on 64-bit blocks with a key length of 56 bits.
info …
Triple DES : applies DES 3 times with 3 keys, keying option 1 = all keys are different making encryption strength 112 bits, keying option 2 = keys 1 and 3 are same for 80 bit strength encryption. keying option 3 = all keys are the same (not a good option). No longer considered secure. Symmetric encrypt. algorithm, its a block cipher operating on 64-bit blocks with a key length of 112 bits.
AES uses substitution and transposition. Symmetric encryption algorithm, uses 128/192/256 bit key lengths and all are considered secure; is block cipher operating on 128-bit blocks.
info …
Blowfish : public domain algorithm, designed as DES replacement, uses Feistel network and combines substitution and transposition. Symmetric Encryption algorithm, block cipher operating on 64-bit blocks, key length can be chosen anywhere from 32-448 bits, and is not considered secure.
Twofish : designed as DES replacement, put into public domain, uses feistel network which combines substitution and transposition. Symmetric encryption block cipher operating on 128-bit blocks, key length of 128/192/256 bits and is considered secure.
info …
RC4 : symmetric encryption, stream cipher w/variable length key between 40-2048 bits, not considered secure.
Cipher Mode : describes how an algorithm encrypts and decrypts data.
ECB Mode : the algorithm simulates a digital codebook that provides an encrypted version of each possible output. If you encrypt the same block w/the same key multiple times in ECB mode, then you get the same cipher text, this makes cryptoanalytic attacks easier.
info …
CBC Mode : making the encryption of a block dependent upon encryption of all previous blocks. It does this by feeding previous encrypted block into encryption of next block.
CTR (Counter Mode Cipher Mode) = allows block ciphers to act more like stream ciphers (learn more online) …
Galois/Counter Mode (GCM) = adds authentication capability.
info …
