Module 6
Digitized signature
An image of an electronically reproduced signature
Extensible Authentication Protocol (EAP)
an authentication framework that defines the transport of keys and authentication credentials. Commonly used in wireless network authentication
Transposition cipher
an encryption cipher that rearranges characters or bits of data.
key revocation
A situation in which someone is no longer trusted or allowed to use a cryptosystem. In a symmetric key system, where everyone shares the same key, compromising one copy of the key comprises all copies.
Fibre Channel
A storage networking protocol originally used in supercomputers to connect storage devices.
Internet Small Computer System Interface (iSCSI)
A storage networking protocol used to link data storage devices to IP networks.
Caesar cipher
A substitution cipher that shifts characters a certain number of positions in the alphabet
Internet Protocol Security (IPSec)
A suite of protocols designed to connect sites securely using IP networks
Certificate authority (CA)
A trusted entity that stores and distributes verified digital certificates such as Verisign or Computer Associates.
Key directory
A trusted repository of all public keys.
Symmetric key cryptography
A type of cryptography that cannot secure correspondence until after the two parties exchange keys
attribute-based encryption (ABE)
A type of public key encryption in which the secret key of a user and the ciphertext are dependent upon attributes of the sender such as country or state
Telephony denial of service (TDoS)
A variation of denial of service (DoS) attacks, but launched against traditional and packet-based telephone systems. A TDoS attack disrupts an organization's use of its telephone system through a variety of methods.
Open Systems Interconnection (OSI) Reference Model
An internationally accepted framework of standards that govern how separate computer systems communicate using networks.
Digital signature
An object that uses asymmetric encryption to bind a message or data to a specific entity
Network port
a hardware jack on a networking device into which a network cable is plugged or a software construct that identifies a certain type of network messages destined for a specific type of network service
Algorithm
a mathematical process or formula for performing some kind of math function
Hashing function
a one-way function that takes input and produces output that is hard to replicate and extremely difficult to reverse
Subnet
a partition of a network defined by devices that share the same network address portion of the IP address
Firewall
a program or dedicated hardware device that inspects network traffic passing through it and denies or permits that traffic based on a set of rules you determine at configuration
Elliptic curve cryptography (ECC)
a public key cryptographic algorithm based on the structure of elliptic curves
Key
a secret value a cipher uses to encrypt or decrypt information
Secure Hash Algorithm (SHA)
a set of cryptographic hash functions developed by the US National Security Agency
Perfect forward secrecy
an approach in which each communication session setup process is unique. If an attacker compromises a current session's keys, it doesn't put any previous session keys at risk
Elliptic Curve DHE (ECDHE)
an asymmetric cryptographic key exchange algorithm that uses algebraic curve to generate keys
Protected Extensible Authentication Protocol (PEAP)
an authentication framework running in a TLS tunnel. Provides more security than EAP fro authentication exchanges
Public (asymmetric) key
an encryption key that can be shared and does not need to be kept private
Key-encrypting key
an encryption key used to encrypt other keys before transmitting them
Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP)
an encryption protocol that implements the 802.11i standard. Provides enhanced security through he use of the Counter mode of the AES standard
Key escrow
an external key storage method that allows some authorized third party access to a key under certain circumstances
Connection encryption
assurance that communication is secured from end to end, for example between an HTTPS website and secure browser connection with a desktop or mobile device
In-band key exchange
the use of one's own IP data network to exchange keys
Plaintext
unencrypted information
IP address
A 32-bit (IPv4) or 128-bit (IPv6) number that uniquely identifies a device, such as a computer, on a network
Stream cipher
A cryptographic cipher that encrypts a single byte (or bit) at a time
Web security gateway
A device that performs URL-filtering, but does not examine the content of the packet.
Rivest-Shamir-Adelman (RSA)
A digital signature algorithm that relies on the difficulty of factoring large numbers.
Screened subnet
A firewall device that has three NICs. One NIC connects to the internet, the second NIC connects to the internal network, and the third NIC connects to the DMZ
Packet-filtering firewall
A firewall that examines each packet it receives and compares that packet to a list of rules configured by the network administrator
Stateful inspection firewall
A firewall that examines the state of a connection as well as simple address, port, and protocol rules to determine how to process a packet.
Internet Control Message Protocol (ICMP)
A management protocol for IP networks
SSL handshake protocol
A process that creates the first secure communications session between a client and a server
Point-to-Point Tunneling Protocol (PPTP)
A protocol to implement a VPN connection between two computers
Dynamic Host Configuration Protocol (DHCP)
A protocol used on IP networks to provide configuration details automatically to client computers.
Fibre Channel over Ethernet (FCoE)
A protocol used to connect fibre channel capable devices to an Ethernet network.
Wireless access point (WAP)
A radio transceiver device that transits and receives IP communications via wireless LAN technology
ICMP echo request
An Internet Protocol IP communication mechanism that sends a ping request expecting a ping reply.
Application proxy firewall
An advanced firewall that processes all traffic between two systems. Instead of allowing a direct connection between two systems, the proxy connects to each system separately and passes filtered traffic to the destination based on filtering rules.
Diffie-Hellman algorithm
An algorithm in which a sender and receiver use asymmetric encryption to securely exchange symmetric keys
Substitution cipher
An encryption cipher that replaces bits, characters, or blocks of information with other bits, characters, or blocks.
Keyword mixed alphabet cipher
An encryption cipher that uses a cipher alphabet that consists of a keyword, less duplicates, followed by the remaining letters of the alphabet.
Vigenere cipher
An encryption cipher that uses multiple encryption schemes in succession. For example, you could encrypt every fifth letter with its own substitution scheme
Diffe-Hellman in ephemeral mode (DHE)
Asymmetric cryptographic key exchange algorithm that uses modular arithmetic to generate keys
Alice would like to send a message to Bob securely and wishes to encrypt the contents of the message. What key does she use to encrypt this message?
Bob's public key
Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy?
Captive portal
Secure Shell (SSH)
Commonly used protocol to set up secure login sessions to remote servers
Block cipher
Cryptographic cipher that encrypts an entire block of input at a time.
Wi-Fi Protected Access (WPA)
Current encryption for wireless networks. Much stronger than WEP, WPA is the recommended encryption for wireless use.
Unified threat management (UTM)
Devices used to provide filtering, plus many additional security services.
Alice and Bob would like to communicate with each other using a session key but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key?
Diffie-Hellman
What protocol is responsible for assigning IP addresses to hosts on most networks?
Dynamic Host Configuration Protocol (DHCP)
Product cipher
Encryption cipher that is a combination of multiple ciphers. Each could be transposition or substitution.
Private (symmetric) key
Encryption cipher that uses the same key to encrypt and decrypt information
A physical courier delivering an asymmetric key is an example of in-band key exchange.
False
Implicit deny is when firewalls look at message addresses to determine whether a message is being sent around an unending loop.
False
Firewall rules
Filters defined in a firewall's configuration that enable the security professional to implement security requirements.
Implicit deny
Firewall configuration that will deny all messages, except the ones that you explicitly allow.
MAC address filter
Firewall filtering rules that filter wireless network traffic by the MAC address
Loop protection
Firewall rules configured to look at message addresses and denying any messages sent around an unending loop
IPv4 addresses
Four-byte (32 bit) addresses that uniquely identify every device on the network
Wired Equivalent Privace (WEP)
Legacy encryption for wireless networks. Is week and does not provide sufficient protection for most traffic.
Content inspection
Looking within an IP packet to determine if the packet should be allowed to pass through the IP stateful firewall.
Rule-based management
Managing the security of a network by defining network device rules about what is acceptable & what is not.
VNP concentrator
Network device acting as a type of router specializing in VPN connections
Salt value
Random characters that you can combine with an actual input key to create the encryption key
Which set of characteristics describes the Caesar cipher accurately?
Symmetric, stream, substitution
Differential cryptanalysis
The act of looking for patterns in vast amounts of ciphertext.
Decryption
The act of unscrambling ciphertext into plaintext
Security association (SA)
The basic element of ISAKMP key management. SA contains all the information needed to do a variety of network security services
Telephony
The field of technology that includes the development & deployment of voice communication solutions.
Vernam cipher
The only unbreakable cryptographic cipher. Also called a one-time pad.
Checksum
The output of a one-way algorithm. A mathematically derived numerical representation of some input
Cryptanalysis
The process of breaking codes without knowledge of the key.
Key distribution
The process of securely transporting an encryption key from the key generator to the key user, without disclosing the key to any unauthorized user.
Keyspace
The set of all possible encryption keys
Cryptography
The study or practice of hiding information.
A firewall is a basic network security defense tool.
True
In a chosen-ciphertext attack, cryptanalysts submit data coded with the same cipher and key they are trying to break to the decryption device to see either the plaintext output or the effect the decrypted message has on some system
True
The Data Link Layer of the OSI Reference Model is responsible for transmitting information on computers connected to the same local area network (LAN).
True
Identity-based encryption (IBE)
Uses the sender's identity to derive a key
Lightweight Extensible Authentication Protocol (LEAP)
Wireless authentication framework developed by Cisco systems to help manage wireless keys and authetnication.
Secure router configuration
a collection of settings that ensure your router is only allowing valid network traffic to flow to and from valid nodes
Message digest algorithm (MD5)
a cryptographic hash function with a 128-bit hash value
Asymmetric key cryptography
a cryptographic technique that uses two mathematically related keys - one key to encrypt data and another to decrypt data.
Router
a device that connects two or more networks and selectively interexchanges packts of data based on predetermined routes or path determinations
Out-of-band key exchange
a different communication channel through which you can exchange keys from the one you use for data
Border firewall
a firewall that separates the closed or secure network from external or public networks
Key stretching
a function that takes a key, usually weak, as input and generates an enhanced key that can withstand a more determined attack
Protocol
a list of rules and methods for communicating
Cryptogram
a small encrypted message
Malware inspection
a specialized form of content inspection that looks at packet content for signs of malware
Hash
an algorithm that converts a large amount of data to a single (long) number.
One-way algorithm
an encryption algorithm that has no corresponding decryption algorithm
Open cipher
ciphers for which source code is readily available
Public key cryptography
cryptographic algorithm that uses two mathetmaticlly related keys--one key to encrypt data and another to decrypt data.
Quantum cryptography
cryptography that uses quantum mechanics to perform cryptographic tasks like encrypting and decrypting data or providing secure key exchange
Data Encryption standard (DES)
encryption cipher that is a product cipher with a 56-bit key consisting of 16 iterations of substitution and transformation
Network separation
firewall filtering rules that enforce divisions between networks, keeping traffic from moving from one network to another
Port security
firewall filtering rules that filter traffic based on ports
ULR Filter
firewall filtering rules that filter web traffic by the URL, as opposed to the IP address
Flood guard
firewall rules that can limit traffic bandwidth from hosts, reducing the ability for any one host to flood a network.
Network reconnaissance
gathering information about a network or system for use in a future attack
Non repudiation
prevents a part from denying a previous statement or action
Timestamping
providing an exact time when a producer creates or sends information
Load balancer
routing protocols that divide message traffic over two or more links
Revocation
stopping authorization for access to data
Digital signature algorithm (DSA)
the NIST standard for digital signatures
Encryption
the act of transforming cleartext data into undecipherable ciphertext
Cryptosystem
the algorithms or cyphers used to encrypt and decrypt data
Steganography
the art and science of writing hidden messages
Key management
the process of managing and maintaining encryption keys
Log analysis
the process of reviewing firewall and other network device log files to identify reconnaissance activity or even attacks that have already occurred.
Transport encryption
the process of securing communication in transit, generally done by software
Confidentiality
the requirement to keep information private or secret
Network address translation (NAT)
A method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address.
Network access control (NAC)
A method to restrict access to a network based on identity or other rules.
Smurf attack
A network attack in which forged Internet Control Message Protocol (ICMP) echo request packets are sent to IP broadcast addresses from remote locations to generate DoS attacks.
Subnet mask
A network configuration parameter that defines the dividing line between the network and host addresses for IPv4 addresses. The mask is a 32-bit number that is set to all "1"s for the network bits and all "0"s for the host bits.
Temporal Key Integrity Protocol (TKIP)
An encryption method used on WPA to replae WEP
Switch
a network device that connects network segments, creating a direct connection between a sending and receiving port.
Hub
a network device that connects network segments, echoing all received traffic to all other ports
Session key
a unique key for each new communication session