Security considerations

Question 1

What is the difference between symmetric key encryption and public key encryption?

Answer 1

Symmetric key encryption uses the same key to encrypt and decrypt plain text data.

Public/asymmetric key encryption uses different keys.

Question 2

Which is best to use for security on a web server, TLS or SSL? Why?

Answer 2

TLS is best to use as it is currently the industry standard.

SSL contains many vulnerabilities and more continue to be discovered. As of 2015, SSL is
considered a deprecated protocol.

Question 3

What type of authentication involves entering a username and password?

Answer 3

Single-factor authentication.

Question 4

When would it be advisable to use two-factor authentication over single-factor authentication?

Answer 4

When there is a risk that a username and password may be easily compromised.

For example, due to the rise in mobile phone banking applications, most banks have now enabled two-factor authentication.

Question 5

When would it be advisable to use multi-factor authentication over two-factor
authentication?

Answer 5

Multi-factor authentication, like biometric security, is costly and should be reserved for high-security needs, such as national security operations and data centres where utmost data protection is essential.