Network Security Models and Cryptography Flashcards
(96 cards)
1
Q
a cybersecurity approach built on “never trust, always verify”
A
Zero trust
2
Q
The Zero trust approach:
A
- Challenges traditional security perimeters, recognizing both external and internal threats
- Prioritizes continuous user, device, and behavior verification, regardless of location
- Incorporates new tools and practices for robust access control and ongoing monitoring
3
Q
Zero Trust Key Principles:
A
- Verification
- Least Privilege
- Micro-Segmentation
- Continuous Monitoring
- Identity and Access Management (IAM)
- Data Encryption
4
Q
Is the process of confirming the identity and legitimacy of users and devices
A
Verification
5
Q
Emphasizes granting users and devices only the minimum level of access necessary to fulfill their tasks
A
Least Privilege:
6
Q
Is the practice of dividing the network into segments to limit lateral movement by attackers
A
Micro-Segmentation:
7
Q
Is the practice of dividing the network into segments to limit lateral movement by attackers
A
Continuous Monitoring:
8
Q
Is the practice of implementing strong authentication and centralized identity management
A
Identity and Access Management (IAM):
9
Q
Encryption is utilized to secure data
A
Data Encryption:
10
Q
a cybersecurity approach that involves layering security measures for maximum protection
A
Define in depth (DiD)
11
Q
Define in depth (DiD) Approach:
A
- Improves resilience by bolstering the system’s ability to withstand threats
- Prevents attacks proactively by anticipating and thwarting breaches
- Enhances the ability to promptly identify security incidents and respond effectively
12
Q
DiD involves:
A
- Layered Security
- Redundancy
- Isolation
- Monitoring and Response
- Testing and Evaluation
13
Q
Use multiple security layers to cover various protection aspects
A
Layered Security
14
Q
Duplicate critical security measures for backup in case of failure
A
Redundancy
15
Q
Segregate sensitive systems to limit breach impact
A
Isolation
16
Q
Continuously watch for suspicious activity and respond rapidly
A
Monitoring and Response
17
Q
Regularly assess security through penetration tests and evaluations
A
Testing and Evaluation
18
Q
is the science of securing information, allowing only authorized users to access and comprehend it
A
Cryptography
19
Q
Cryptography Types
A
- Encryption
- Decryption
- Data Security Assurance
20
Q
Transforms readable data into unreadable ciphertext
A
Encryption
21
Q
Reverts encrypted data to its original form, called plaintext
A
Decryption
22
Q
Protects information during transmission or storage, ensuring secure transformation and restoration for interpretation
A
Data Security Assurance
23
Q
Cryptographic Methods:
A
- Hiding
- Obfuscation
- Transformation
- Switching
- Symmetric
- Asymmetric
24
Q
Concealing data using unconventional methods, such as steganography
A
Hiding
25
Jumbling text to render it unreadable
Obfuscation
26
Altering the sequence of letters
Transformation
27
Exchanging/replacing characters with other characters
Switching
28
One key for both encryption and decryption
Symmetric
29
One key for encryption, another key for decryption
Asymmetric
30
In modern cryptography, four primary techniques are used:
- Encoding
- Hashing
- Symmetric Encryption
- Asymmetric Encryption
31
the process of converting data from one format to another,
Encoding
32
the process of converting encoded data back to its original format
decoding
33
the process of converting binary signals, which are used by computers to represent information, into human-readable text
Character encoding
34
Encoding Methods
- Base64
- ASCII-Hex
- More Code
35
Converts text into a computer-readable format to represent numbers and letters
Base64
36
Transforms characters into hexadecimal values
ASCII-Hex
37
Represents letters and numbers with short and long signals (dots and dashes)
Morse Code
38
- employs 6-bit groups to represent a set of 64 distinct characters, enduring a uniform encoding scheme
- is not a form of encryption
Base64
39
a mathematical process that converts input data into a fixed-length string, often in hexadecimal or binary format
hash algorithm
40
hash algorithm key aspects:
- Data Integrity
- Alteration detection
- one-way process
41
Hashing creates unique hash values, ensuring data integrity
Data integrity
42
Changes in files are detected through has value changes, indicating potential security breaches
Alteration Detection
43
Hashing is a one-way process, thereby resisting reverse-engineering
One-Way Process
44
Common Algorithms:
- MD5
- SHA1
- SHA256
- SHA384
-SHA512
- NT Hash
45
128-bit key, commonly used but less secure due to vulnerabilities
MD5
46
160-bit key, widely adopted but considered weak from a security perspective
SHA1
47
256-bit key, stronger security than MD5 and SHA1
SHA256
48
384-bit key, higher security than previous algorithms
SHA384
49
512-bit key, even higher security
SHA512
50
128-bit key (NTLM hash), used by Windows OS for user credentials
NT Hash
51
Hashes in Technology:
- LSASS
- Hash Tables
- Digital Forensics
52
In windows, it secures system access by storing and validating user credential as hashes
LSASS
53
These tables, or hash maps, relate characters to their has results
Hash Tables
54
Essential for validating evidence and maintaining the integrity of a chain of custody in court
Digital Forensics
55
_____ & _____ are two security techniques used in hashing to make passwords more secure
Salt & Pepper
56
A random string added to a password before hashing that is stored alongside the password
Salt
57
A static secret added to all passwords before hashing but is kept in a secure external configuration file, not in the database
Pepper
58
a precomputed list of hashed values used for reversing hashed data, typically to expedite brute-force attacks
Rainbow table
59
To prevent these attacks, adding _____ & _____ to passwords is a protective measure against both brute-force and rainbow table-based threats
salt and pepper
60
efficiently cracks password hashes by looking up precomputed hash values in a rainbow table
Rainbow cracking
61
Rainbow Creation Process
- Hash Chain Generation
- Reduction Functions
- Table construction
- Indexing
62
sequences of hashes formed by repeatedly applying a hash function to an initial plaintext
Hash chain generation
63
These functions map hash values to plaintext passwords, shortening hash chain length for efficient storage
Reduction functions
64
Rainbow tables are made by generating multiple hash chains, storing their endpoint values, starting points, and reduction values
table construction
65
indices are crafted for swift lookups. Rainbow tables often include multiple chains with the same endpoint, enhancing coverage
Indexting
66
The process of concealing the original content of a data message by transforming it into an incomprehensible sequence of characters through a mathematical process
Encryption
67
Is required to retrieve the original data, which involves using another mathematical process to reverse the encryption process and access the original information
Decryption
68
Two common approaches to encryption are:
- Symmetric Encryption
- Asymmetric Encryption
69
Uses one key for both encryption and decryption, like a shared secret. It is fast but requires secure key sharing
Symmetric Encryption
70
Uses a pair of keys: a public key for encryption and a private key for decryption. The public key is freely shared, so anyone can encrypt messages, but only the private key holder can decrypt messages. This makes it slower but more secure
Asymmetric Encryption
71
Commonly known symmetric algorithms
- Data Encryption Standard (DES)
- Triple DES (3DES)
- RC4
- Advanced Encryption Standard (AES)
- Blowfish
72
One of the first block ciphers that used a 56-bit key, it has been largely replaced in modern systems due to vulnerabilities to brute-force attacks
Data Encryption Standard (DES)
73
An enhancement over DES, it applies the DES algorithm three times to each data block providing a more secure alternative to the original
Triple DES (3DES)
74
Once popular in protocols like SSL/TLS, it’s a stream cipher known for its simplicity and speed but has known vulnerabilities
RC4
75
Adopted by the U.S. government, it supports key lengths of 128, 192, and 256 bits and is widely considered secure and efficient
Advanced Encryption Standard (AES)
76
Widely adopted for its speed and efficiency in computer applications, this encryption algorithm uses variable-length keys
Blowfish
77
also called codebreaking, explores cryptographic systems to find weaknesses and hidden patterns
- It involves decrypting messages or breaking encryption to reveal plaintext or discover keys
- Techniques like math, stats, and computation expose encryption flaws
- The aim is to boost security by identifying and fixing vulnerabilities
Cryptanalysis
78
Also known as frequency analysis, the relative presence of characters is analyzed and compared to the known frequency of characters in a language in an attempt to decode ciphers
Letter Frequency
79
______ ______are tools used to verify digital authenticity and ensure data transmission
- They are issued by trusted certificate authorities (CAs) and contain cryptographic keys and owner details
- They enable secure protocols for encrypted digital communication
- They ensure data privacy and integrity, which are fundamental for online security
Digital Certificates
80
_______ ______ are a specific use case of digital certificates used specifically for HTTPS traffic
Web certificates
81
- The _____ _______ ______ was an early method for securely exchanging keys over the internet
- It was developed to address the challenge of key distribution, eliminating the need for physical key exchange
- This protocol enables two computers to share a key even when communicating over an insecure channel
Diffie-Hellman Algorithm
82
manages digital keys and certificates for secure communication over untrusted networks:
- Combines asymmetric and symmetric keys for data protection
- A certificate authority (CA) validates digital certificates, fostering trust in transactions
- Trust is established through a trust chain, ensuring secure information exchange
- The certificate revocation list (CRL) identifies untrustworthy CAs, preserving PKI integrity
Public key infrastructure (PKI)
83
A ____ _____ validates digital certificates, fostering trust in transactions
certificate authority (CA)
84
Trust is established through a _____ _____, ensuring secure information exchange
trust chain
85
The _____ _____ _____ identifies untrustworthy CAs, preserving PKI integrity
certificate revocation list (CRL)
86
encompasses the entire lifecycle of digital keys and certificates in a public key infrastructure
PKI infrastructure flow
87
PKI infrastructure flow involves processes such as:
- generation
- signing
- distribution
- verification
- trust chain
- revocation
88
Creating certificates with public keys
generation
89
Certifying authenticity via the CA’s digital signature
signing
90
Securely sharing certificates
distribution
91
Validating identity and data integrity using the sender’s certificate
verification
92
Establishing trust from entity to root CA
trust chain
93
Revoking compromised certificates for security
revocation
94
a protocol that encrypts traffic between a client and server
SSL/TLS
95
____ ____ ___ is the process by which a client and server begin secure communications
SSL/TLS handshake flow
96
