SSL Flashcards

1
Q

SSL accomplishes two things

A

Trust and Encryption

Trust - Users have an expectation when using an application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The Reality of Security

A
  • Wireless networks are open to listening
  • Network services can be hijacked, or replaced
  • Man-in-the-middle attacks are easy.
  • SSL vulnerabilites are infamous
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does SSL accomplish?

A
  • Trust
    • SSL proves that server is who they claim to be
  • Encryption
    • SSL scrambles data between a server and its users
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Encryption

A

Encryption - is just converting something that you can see into something that you can’t see and then being able to convert it back again.

  • Encryption converts something to code
  • It can secure important data in transit
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SSL

A

When we are talking about SSL, we’re talking about securing important data acroos a network so that means that that’s doing that in transit.

So we do that in a couple of different ways in SSL.

Symmetric Key Encryption

Public Key Encryption (asymmetric key cryptography)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Symmetric Key Encryption

A

is the creation of ONE complicated key that could be used to scramble something. You only use that one key to encode and decode information. Both the receiver and the sender have that one key for encryption and decryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Public Key Cryptography

(Asymmetric Key Cryptography)

A

Uses TWO different keys. You have a private key that is always kept in a secure location. It’s never let out of the server that it operates on. And we create a public key that is mathematically linked to the private key. The public key is not identical to the private key. They are different. But because they’re mathematically keyed to one another, when someone gets a hold of the public key which is freely available across the network. All that person has to do is take their content, encode it with the public key, send it to the server and then because the private key is mathematically linked to the public key, it is able to decrypt what was encoded with the public key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Symmetric Keys

A
  • Symmetric keys are identical at both ends
  • Symmetric keys need to be secured
  • Symmetric keys can be inconvenient to distribute
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Asymmetric Keys

A
  • Asymmetic keys are different at each end
  • The private key must be secured
  • The public key can be freely distributed
  • Only the private key can decrypt public-key encodings
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Public and Private SSL

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

SSL vs TLS vs OpenSSL

Security Standards to encrypt data going accorss a network

A

SSL is Secured Socket Layer and is a security standard invented in the mid-90’s to secure web traffic for Netscape.

TLS is Transport Layer Security and came after SSL, based upon its success in the late 90’s. Both of them secure network communications with encryption.

OppenSSL was developed as an open source standard that uses SSL and TLS to protect both operating system and programs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Vunerabilities

A

HeartBleed

Timing

Denial of Service

OCSP interception

CSS injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly