Security Architecture and Engineering Flashcards
Which type of public key (Asymmetric) algorithm are “quantum resistant”?
Lattice
3 Categories of Fire Detection
- Smoke Sensing
- Flame Sensing
- Heat Sensing
Types of Ciphers
Stream cipher
Block cipher
Substitution Cipher
API types
- REST
- Web
- SOAP
In REST API, What REST stands for…
Representational State Transfer
About REST API
- REST Architectural Style
Web Services for; Web, mobile and desktop applications - Uses HTTP; GET POST PUT DELETE
- Uses JSON and XML
- Stateless client-server model
- Scalable and Easy to maintain
When to use REST API?
- Non complex simple applications uses CRUD ops
- Building web services that require a stateless, scalable, & easy-to-main architecture.
- Apps with CRUD(creating, reading, updating & deleting data)
- e.g. WhatsApp
What is Web API?
- Stateless or Stateful
- Primary purpose is to provide a platform-independent interface
- it uses HTTP, HTTPS, and TCP/IP to communicate between the clients and servers
- Doesn’t follow a special architecture or structure
- Flexible interface
- Good for complex applications with integration
When to use Web API?
When building complex applications that require integration with different systems and technologies
SOAP (API) stands for
Simple Object Access Protocol
About SOAP API
- Used for exchanging structured data between different applications
- uses XML
- Wide range of data types; text numbers, dates and binary
- Supports; HTTP, SMTP, and FTP
- Set of rules
- WSDL or UDDI protocol
- Digital Signatures
- Enterprise level apps
When to use SOAp?
- Apps require a highly secure and reliable method of exchanging data between applications.
- Complex data structures and logic apps
- Digital Signatures and Encryption
CASB stands for
Cloud Access Security Broker.
It is a security policy enforcement solution
CASB - 2 Primary deployment methods
- On Premise based solution
- Cloud based solution
CASB Roles
- Provide Visibility into cloud use. Shadow IT
- Data Loss Prevention (DLP) Services
- Inject Encryption into the cloud
Which type of encryption algorithms hold up to the power of Quantum Computing
- Symmetric
- Shared key, bulk encryption (fast)
- Holds up fairly well to quantum computing
Code Vs. Cipher
- Code is sometimes secret and dont always provide confidentiality
- Ciphers are always mean to hide the true meaning of a message
Example of Stream Ciphers
Caesar
Vigenere
One-time pad
(Difference is key length)
Fast and Strong Crypto keys
- Symmetric —> Fast
- Asymmetric —> Strong
HASH function Requirements
- They must allow input of any length
- Provide fixed-length output
- Make relatively easy to compute the hash function for any input
- Provide one-way functionality
- Must be Collusion free.
DoS Examples
- SYN Flood attack
- Smurf attack
- Ping-of-death attack
- Teardrop attack
- Fraggle attack
- Land Attack
An Architecture describes
- The designed structure of something.
- A system architecture, then, is a description of how specific components are deliberate put together to perform some actions.
Client-Based Systems are
Embodied in applications that execute entirely on one user device such as workstation or smartphone.
Sever-Based Systems ( client/server systems)
Require that two or more separate applications interact with each other across a network connection in order for users to benefit from them.
A Database Management System (DBMS) is a
Software system that allows you to efficiently create, read, update and delete (CRUD) any given set of data.
DBMS transactions
Which a term describes the sequence of actions required to change the state of the database.
A foundational principle in database transactions is referred to as their ACID Properties, which stands for:
- A - atomicity: Entire transaction succeed or roll backs
- C - consistency: strictly follows all applicable rules
- I - isolation: parallel transactions happen in isolation to avoid corruption
- D - durability: completed transactions stored.
DBMS: database introduces 2 specific issues:
- Aggregation: is an act of combining information from separate sources.
- Inference: is the ability to derive information not explicitly available
DBMS:
- content-dependent access control
- context-dependent access control
- content-dependent access control: is based on the sensitivity of the data
- context-dependent access control: that software understands what actions should be allowed based on the state and sequence of the request