Security+ 8 Flashcards
SNMP : TCP/IP protocol that aids in monitoring network-attached devices and computers. Managed Devices : PC’s or other network-attached devices monitored through use of agents by a network management system. Agent : software deployed by network management system loaded on managed devices, it redirects info that NMS needs to monitor remote managed devices. NMS : software run on 1 or more servers controlling the monitoring of network-attached devices and computers.
info …
SIEM solution include: data aggregation, which can combine data from network devices, servers and applications; correlation engines, which automatically look for common attributes of events across the various monitored platforms; compliance with government regulatory auditing processes; and forensic analysis. SIEM also includes WORM functionality so that information once written, cannot be modified. When correlating data, it provides for automatic deduplication, or the elimination of redundant data. It may also include scanning for configuration compliance, also known as configuration compliance manager functionality.
info …
A private key is only known to a specific user or users who keep the key a secret. A public key is known to all parties involved in encrypted transactions within a given group.
Symmetric key algorithms include DES, 3DES, RC, and AES. A stream cipher is a type of algorithm that encrypts each binary digit in the data stream, one bit at a time. A block cipher is a type of algorithm that encrypts a group of bits collectively as individual units known as blocks.
Symmetric encryption is the preferred option when encrypting and sending large amounts of data. This is in part because it usually takes far less time to encrypt and decrypt data than asymmetric encryption does.
asymmetric key algorithms include RSA, the Diffie-Hellman system, and elliptic curve cryptography.
info …
Public key cryptography uses asymmetric keys alone or in addition to symmetric keys. It doesn’t need the secure exchange of secret keys mentioned in the symmetric key section. Instead, the asymmetric key algorithm creates a secret private key and a published public key. The public key is well known, and anyone can use it to encrypt messages. However, only the owner(s) of the paired or corresponding private key can decrypt the message. The security of the system is based on the secrecy of the private key. If the private key is compromised, the entire system will lose its effectiveness.
digital signature authenticates a document through math, letting the recipient know that the document was created and sent by the actual sender, and not someone else.
info …
Diffie-Hellman : each user generates a public/private key pair and distributes a public key to everyone else. After two or more users obtain a copy of the others’ public keys, they can be used to create a shared secret used as the key for a symmetric cipher.
certificate is an electronic document that uses a digital signature to bind the key with the identity.
DES : 64-bit cipher with 56-bit key size. 3DES : 64-bit cipher w/as much as 168-bit key size.
AES : based on substitution taking plaintext and key and applies rounds to create ciphertext, AES specifies 10,12, or 14 rounds.
info …
AES is purportedly susceptible to the related-key attack, if the attacker has some information about the mathematical relationship between several different keys. Side-channel attacks can also circumvent the AES cipher using malware to obtain privilege escalation. These are ways of attacking the implementation of the protocol, but not the protocol itself.
When AES encrypts the data, it does so with a data encryption key (DEK). To make an encryption system more secure, you can store that DEK in an encrypted format. This is done with a key encryption key (KEK) and can be stored in a separate location for additional security if need be. A master encrypting key (MEK), or simply master key, is another type of key that describes either a DEK or KEK being used.
info …
RSA : secure protocol if proper key size is used, slower than symmetric key algorithms, use at least 1,024-bit key or longer 2048-bit key. RSA uses integer factorization cryptography by multiplying 2 distinct prime numbers that cant be factored then does some more advanced math to derive 2 sets of numbers which creates a private and public key pair.
Diffie-Hellman : relies on secure key exchange before data can be transferred, establishes shared secret key that can be used for secret communications over public network, used with TLS and this way works in ephemeral mode, which means keys are generated during each portion of the key est. process and are used for shorter times than static keys this achieves PFS which ensures compromise of one message will not lead to compromise of another message.
info …
ECC : has a lot of math involved in this encryption process asymmetric algorithm, has less computational power compared to other asym algorithms, but creates keys that are hard to crack.
One-time pad : (also known as Vernam Cipher) stream cipher that encrypts plaintext with a secret random key that is the same length as the plaintext. It uses a string of bits that is generated at random (known as a keystream). Encryption is accomplished by combining the keystream with the plaintext message using the bitwise XOR operator to produce the ciphertext. Because the keystream is randomized, even an attacker with a plethora of computational resources on hand can only guess the plaintext if the attacker sees the ciphertext.
info …
Pretty Good Privacy (PGP) is an encryption program used primarily for signing, encrypting, and decrypting e-mails in an attempt to increase the security of e-mail communications. Uses sym encryption and asym RSA for digital sig.’s and sending the session key. It is known as a hybrid cryptosystem.
The pseudorandom number generator (PRNG) is used by cryptographic applications that require unpredictable output.
info …
Cryptographic hash functions are hash functions based on block ciphers.
MD5 : uses 128-bit key hashing algorithm, collision occurs when 2 different files end up using the same hash; due to low collision resistance, MD5 is not secure (use Sha-2 or higher).
SHA-1 : use 160-bit hash now not secure. SHA-2 : more secure uses 256-bit/512-bit block sizes.
RIPEMD : 128-bit so use RIPEMD-160/256/or RIPEMD-320.
HMAC : (MAC) is used to authenticate a message and provide integrity and checks cipher and notifies receiver if any modifications occurred to encrypted data. HMAC is calc of MAC through use of cryptographic hash function like MD5/SHA-1.
LANMAN hash, also known as the LAN Manager hash or simply LM hash, was the original hash used to store Windows passwords. Based on DES algorithm and can only be max of 14 characters. And limited uppercase of 7 etc making it weak to brute force.
A pass the hash attack is when an attacker obtains the password hash of one or more user accounts and reapplies the hash to a server or other system in order to fool the system into thinking that the attacker is authentic.
info …
