Hash Algorithms and Encryption Methods
EAP
Secure authentication protocol that supports a number of authentication methods.
CCMP
Wireless encryption protocol that uses counter mode to make pattern detection difficult.
TLS
A more secure protocol that was designed to replace SSL.
L2TP
A newer VPN protocol that uses IPsec for encryption of traffic.
SSTP
A newer VPN protocol that uses SSL to encrypt VPN traffic.
AES
128-, 192-, or 256-bit symmetric encryption.
MD5
128-bit hash algorithm. Used by applications to verify the integrity of files.
HMAC-MD5
128-bit hash algorithm. Verifies the integrity and authenticity of a message with the use of a shared secret.
SHA-1
160-bit hash algorithm. Verifies file integrity.
HMAC-SHA1
160-bit hash algorithm. Verifies the integrity and authenticity of a message with the use of a shared secret.
3DES
168-bit symmetric encryption algorithm.
Key stretching
A technique used to ensure that a weak key is not a victim to a brute force attack.
Ephemeral Key
A temporary key that is typically used to encrypt a single message within the communication instead of using the same key to encrypt all messages.
One-Time Pad
A very secure method of encrypting information that involves using a key only once.
PBKDF2 and Bcrypt
Algorithms that enable key stretching.
PPTP
An older VPN protocol used to encrypt PPP traffic and is common in Microsoft environments.
Diffie-Hellman
Asymmetric encryption algorithm
Elliptic Curve
Asymmetric encryption algorithm
RSA
Asymmetric encryption algorithm
RSA
Asymmetric encryption algorithm used to encrypt data and digitally sign transmissions. Uses both a public key and a private key in a matched pair.
Twofish
Block cypher that encrypts data in 128-bit blocks, and supports 128, 192, or 256 bit keys.
AES
Block cypher, 128-bit symmetric encryption algorithm used to encrypt data and provide confidentiality. Includes key sizes of 128, 192, or 256 bits.
VPN
For the highest level of security, you should treat wireless clients as remote clients and use a _____ solution to secure the communication.
LEAP
Cisco proprietary EAP solution.
WPA2
Configure wireless encryption using (Choose 1: WEP, WPA, WPA2) because it is the most secure.
Symmetric Encryption Algorithms
DES, 3DES, RC4, and AES
Perfect forward secrecy
Describes a system that generates random public keys (ephemeral keys) for each session so that secret key exchange can occur during the communication.
802.1x
EAP messages are encapsulated inside _____ packets for network access authentication with wired or wireless networks.
Confidentiality and Integrity
Enabling WPA on a WLAN provides what?
Symmetric Encryption
Encrypting and decrypting information with the same key.
HMAC
Hash algorithm that uses a shared secret key to add randomness to the result, and only the sender and receiver know the key. Verifies the integrity and authenticity of a message with the use of a shared secret.
LANMAN, or LM hash
Hashing algorithm created by encrypting a password with DES.
MD5
Hashing algorithm that creates a 128-bit hash.
SHA-1
Hashing algorithm that creates a 160-bit hash value.
SHA-2
Hashing algorithm that includes four versions that range from 224 to 512 bits. Verifies file integrity.
HMAC
Hashing algorithm that involves using a secret key with the hashing algorithm to calculate the MAC (resulting hash value).
NTLMv2
Hashing algorithm that uses HMAC-MD5 to hash the challenge and response between the client and the server.
NTLM
Hashing algorithm that uses MD4.
LANMAN, or LM hash
Hashing algorithm used by older Microsoft operating systems to hash and store passwords.
GPG
Hybrid cryptosystem that uses a combination of public key and private key encryption.
Tunnel
IPsec _______ mode encrypts both the header and the data of the packet.
Transport
IPsec _______ mode encrypts only the payload (data portion) of the packet.
Diffie-Hellman
Key exchange algorithm used to privately share a symmetric key between two parties. Once the two parties know the symmetric key, they use symmetric encryption to encrypt the data.
Hashing algorithms
MD, SHA, LANMAN, NTLM, RIPEMD, and HMAC
PGP
Method used encrypt, decrypt, and digitally sign mail.
MD5
Most common hashing algorithm.
DES
Older block cypher, 64-bit symmetric encryption standard used to provide confidentiality. Uses 56 bits and is considered cracked. Use AES instead, or 3DES if the hardware doesn't support AES.
S/MIME
One of the most popular standards used to digitally sign and encrypt email. Uses RSA for asymmetric encryption and AES for symmetric encryption. Can encrypt email at rest and in transit.
SCP
Protocol that runs on top of an SSH channel in order to encrypt the communication used to transfer a file.
TKIP
Protocol used by WPA to change the encryption keys for every packet that is sent.
S/MIME
Protocol used to encrypt e-mail messages on the network.
Asymmetric Encryption Algorithms
RSA and Diffie-Hellman
Work Factor
Refers to a value indicating the time it would take to break the encryption.
Substitution Cypher
Replaces a character with another character.
PEAP
Requires only a server-side PKI certificate to encrypt user authentication traffic.
Transposition Cypher
Shifts the places of the characters.
Blowfish
Strong 64-bit block cypher that supports key sizes between 32 and 448 bits. Faster than AES.
3DES
Symmetric 64-bit block cypher used to encrypt data and provide confidentiality. Still used in some applications when hardware doesn't support AES.
RC4
Symmetric encryption algorithm used by WEP.
WPA
TKIP is used primarily with which wireless standard?
Key Management
The biggest disadvantage to symmetric encryption is _______.
AES
The symmetric encryption algorithm used along with CCMP by WPA2.
WPA2 Enterprise
The type of security that has been configured when, in addition to encrypting wireless traffic, you configure your wireless router to require connecting users to authenticate against a RADIUS server.
sender's private
To ensure nonrepudiation, a message is signed using the ____________ key.
RIPEMD
Type of hashing algorithm.
L2TP
Use ______ instead of PPTP for VPNs.
PEAP
Used to encapsulate EAP messages over a secure tunnel that uses TLS.
ECDHE
Uses ephemeral keys generated using ECC.
DHE
Uses ephemeral keys, generating different keys for each session.
ECC
Uses mathematical equations to formulate an elliptical curve. It then graphs points on the curve to generate keys.
ECDH
Uses static keys generated using ECC.
static
WEP uses a _____ key.
WPA-PSK
WPA Personal, also known as WPA preshared key.
128
WPA uses a ____ bit encryption key.
IV attack
What type of attack might a wireless network configured with WEP be susceptible to?
recipient's public
When using asymmetric encryption, the data is encrypted with the ________ key.