Lesson 22: Protecting Data Moving through the Internet

Question 1

Glossary: 3DES

Answer 1

A block cipher encryption algorithm that employs symmetric keys. It applies the DES algorithm three times to each block.

Question 2

Glossary: AAA Protocol

Answer 2

A protocol for authentication, authorization, and accounting that uses different link layer protocols such as PPP and authenticates using PAP or CHAP.

Question 3

Glossary: Algorithm

Answer 3

a code used to alter a message so that unauthorized people cannot read it

Question 4

Glossary: Assymetric Key

Answer 4

A key that used the encryption algorithm. It is defined by two keys: One used for encryption and one for decryption

Question 5

Glossary: Asymmetrical (out-of-band) virtualization

Answer 5

A type of virtualization where the virtualization device is installed outside the actual data path between the network and the storage system.

Question 6

Glossary: Authentication Server (AS)

Answer 6

A server whose function is to provide network users with authentication

Question 7

Glossary: block cipher

Answer 7

a cipher that applies an algorithm to a block of data, rather than a single bit at a time

Question 8

Glossary: blowfish

Answer 8

A block-level encryption algorithm that uses symmetric-key encryption

Question 9

Glossary: brute-force attack

Answer 9

An attack where the attacker systematically guesses the key based on a known list or a predictive mathematical scheme. Can involve 100s-1000s of attempts.

Question 10

Glossary: caching web proxy

Answer 10

a local server that cacher (store) web resources for quicker access.

Question 11

Glossary: Certificate Chain

Answer 11

the list of certificates starting with the root certificate, followed bu each subsequent certificate, where the issuer or signer of one certificate is the subject of the next

Question 12

Glossary: Cipher

Answer 12

An algorithm used to encrypt data

Question 13

Glossary: Cipher Lock

Answer 13

A lock that operates by unlocking magnetic door locks when the correct programmed code is entered by the user on the cipher lock keypad

Question 14

Glossary: Ciphertext

Answer 14

the text of any data after it has been encoded by a cryptographic key

Question 15

Glossary: Cleartext

Answer 15

the stored or transmitted data, which has not been encrypted

Question 16

Glossary: Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA)

Answer 16

A form of input request for a word, phrase, random characters and numbers, or a simple request to perform a simple test that cannot easily be automated.

Question 17

Glossary: CRAM-MD5

Answer 17

An email authentication system that transfers passwords in a hased form

Question 18

Glossary: cryptography

Answer 18

the procedures, processes, and techniques used to convert data into secret code

Question 19

Glossary: cryptology

Answer 19

the study of cryptography

Question 20

Glossary: data in motion

Answer 20

the process, in which data is being transmitted through a wired or wireless network

Question 21

Glossary: decrypt

Answer 21

an act of using the relevant key to unlock the scrambled ciphertext into plaintext so that it might be understood

Question 22

Glossary: decryption

Answer 22

the process of converting previously encrypted data back to its original form

Question 23

Glossary: decryption key

Answer 23

the key used to decrypt a secret code

Question 24

Glossary: digital certificate

Answer 24

a certificate that digitally verifies that the sender of an encrypted message is who they claim to be

Question 25

Glossary: entropy

Answer 25

any lack of predictability and order, leading to a degree of uncertainty.

Question 26

Glossary: EV certificate

Answer 26

a cert that requires verification of an individual by a Cert Authority. Typically used on sites that are using SLL/TLS.

Question 27

Glossary: hash table

Answer 27

A lookup table that maps keys to values using a hash function that converts the keys to hash values

Question 28

Glossary: honeypot

Answer 28

A decoy server, network device, or network segment designed to attract attackers away from the real network. accomplished by providing attackers with relatively easy access to decoy systems on the network and hiding truly critical systems

Question 29

Glossary: identity proofing

Answer 29

the process in which a particular individual is associated and verified with an existing identity

Question 30

Glossary: key

Answer 30

a variable value applied using an algo to a string or block of unencrypted text to produce encrypted text, or to decrypt encrypted text. Having ownership of a key signifies that the entity either possesses or knows the information required to gain access to a specific asset.

Question 31

Glossary: keys

Answer 31

In cryptography: data strings used to encrypt or decrypt information; encryption keys can be based on a secret string that is known only to the software that encrypts and decrypts data or may be randomly generated, or any combination of known or random factors.

Question 32

Glossary: OAuth

Answer 32

An authentication protocol that allows apps to act on the behalf of a user without sharing passwords

Question 33

Glossary: password attack

Answer 33

any password attempt that successfully authenticates through a password prompt without originally knowing the correct password

Question 34

Glossary: Password-Authenticated Key Agreement (PAKE)

Answer 34

an interactive method for two or more entities to establish cryptographic keys based on one entity's knowledge of a password

Question 35

Glossary: Password Authentication Protocol

Answer 35

An auth protocol that utilizes passwords

Question 36

Glossary: Password Management Policy

Answer 36

A policy put into place to manage the passwords of users in a networked environment

Question 37

Glossary: Password Management Policy

Answer 37

A policy put into place to manage the passwords of users in a networked environment

Question 38

Glossary: Password Manager

Answer 38

A software application that stores and manages the user's passwords

Question 39

Glossary: Public Key

Answer 39

a cryptographic key that can be obtained and used by anyone to encrypt messages intended for a particular user

Question 39

Glossary: Public Key

Answer 39

a cryptographic key that can be obtained and used by anyone to encrypt messages intended for a particular user

Question 39

Glossary: Public Key

Answer 39

a cryptographic key that can be obtained and used by anyone to encrypt messages intended for a particular user