CMIS 495 Test 3 Ch 8

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Management protocols

Organize and manage communications among CAs, RAs, and end users. This includes functions and procedures for setting up new users, issuing keys, recovering keys, updating keys, revoking keys, and enabling the transfer of certificates, in the formalization of legal liabilities and limitations, and in actual business use.

VPN Negotiation

Phase 1 - Have to agree on authentication. Phase 2 - Agreement on what type of traffic can go through the VPN Tunnel. Agreement on how to authenticate and encrypt that traffic.

Encryption Key

Size does matter. Security does not depend on the secrecy of the cryptosystem, but the secrecy of the key.

Pretty Good Privacy (PGP)

uses IDEA Cipher for message encoding. Is a hybrid cryptosystem that combines some of the best available cryptographic algorithms. Used to encrypt and authenticate e-mail and file storage applications. Provides authentication by digital signatures, message encryption, compression, e-mail compatibility, segmentation, and key management.

PKI

Integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services enabling users to communicate securely. Based on public-key cryptosystems.

Cryptography

Making and using codes to secure the transmission of information. Not built into TCP/IP Not built into OS

Hash Function

Mathematical algorithms that generate a message summary or message digest (sometimes called a fingerprint) to confirm message identity and integrity. - Not used to create ciphertext. - Hash value compared after transmission to ensure message is unmodified. - SHA-1 very popular.

vpn

Mobile VPN vs Site to site VPN (Branch Office)

PKI Protection

Need this because this isn't built into TCP/IP or the OS. - Authentication - Integrity - Privacy - Authorization - Nonrepudiation

Steganography

A data hiding method that involves embedding messages and information within other files, such as digital pictures or other images.

A registration authority (RA)

In PKI, a third party that operates under the trusted collaboration of the certificate authority and handles day-to-day certification functions.

Encrypt

(Encipher) - to encrypt, encode, or convert plaintext into the equivalent ciphertext.

Digital Certificates

- Issued by CA - Digital signature attached to certificate's container file certifies file's origin and integrity. -Electronic document/container file containing key value and identifying information about entity that controls key.

Internet Protocol Security (IPSec):

-an open-source protocol framework for security development within the TCP/IP family of protocol standards. -IPSec uses several different cryptosystems. --Diffie-Hellman key exchange for deriving key material between peers on a public network --Public key cryptography for signing the Diffie-Hellman exchanges to guarantee identity --Bulk encryption algorithms for encrypting the data --Digital certificates signed by a certificate authority to act as digital ID cards -Encrypts all traffic!

AES

Advanced Encryption Standard - The current federal standard for the encryption of data, as specified by NIST. AES is based on the Rijndael algorithm, which was developed by Vincent Rijmen and Joan Daemen. Is block cipher. Form of symmetric encryption.

Chemical plants, Tankers, Satellites

All of these devices are being controlled by network computers. The world itself is hackable. Hackers are always where the money is. Critical infrastructure is vulnerable. Worst case scenario is hacking a satellite because everyone uses GPS. Tankers in the sea are completely navigated automatically by the signals from the satellites.

Symmetric

Also known as private-key encryption. 1 Key, shared, simple. Sent "out of band." AES is popular. Out of band means in person, over the phone, sending a letter. Also means using a channel or band other than the one carrying the ciphertext.

Asymmetric

Also known as public-key encryption. An encryption method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message. Popular: RSA (bought by EMC Corp). Pro: 2 keys are better than 1. Con: Have to manage more keys; also not as fast.

Bit Stream Cypher

An encryption method that involves converting plaintext to ciphertext one bit at a time.

Block Cypher

An encryption method that involves dividing the plaintext into blocks or sets of bits and then converting the plaintext into ciphertext one block at a time.

Phishing for "certificate"

Hacker sent a phishing e-mail to Kevin Roose purporting to be Squarespace. E-mail linked to a typo squatting website that asked him to install a certificate that would improve his security. Ended up being a shell Dan used as a backdoor.

Monitoring via Cam

Hackers can install a program on your comp to take snapshots of you using your webcam. You can even take video.

Social Engineering

Hacking without any code. Just use a phone and an internet connection.

A certificate authority (CA)

In PKI, a third party that manages users' digital certificates.

Certificate directories

Central locations for certificate storage that provide a single access point for administration and distribution.

S/MIME

Secure Multipurpose Internet Mail Extensions - builds on Multipurpose Internet Mail Extensions (MIME) encoding format and uses digital signatures based on public-key cryptosystems to secure e-mail.

SSL

Secure Sockets Layer (SSL) protocol: uses public key encryption to secure channel over public Internet. Only secures web traffic! Developed by Netscape to use public-key encryption to secure a channel over the internet.

Secrecy of Key

Security does not depend on the secrecy of the cryptosystem, but the secrecy of the key.

Steve Gibson

Security expert does the Security Now PodCast on the TWIT Network every Wednesday. Coined the term spyware and wrote the first anti-spyware program.

Ciphertext

The encoded message resulting from encryption.

Paintext/Cleartext

The original unencrypted message, or a message that has been successfully decrypted.

Algorithm

The steps used to convert an unencrypted message into an encrypted sequence of bits that represent the message; sometimes refers to the programs that enable the cryptographic processes.

Encryption

The translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text ; encrypted data is referred to as cipher text. There are two main types of encryption: asymmetric encryption (also called public-key encryption) and symmetric encryption.

Vishing

Voice elicitation. Vishing is the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft. The scammer usually pretends to be a legitimate business, and fools the victim into thinking he or she will profit.

Policies and procedures

Which assist an organization in the application and management of certificates, in the formalization of legal abilities and limitations, and in actual business use.

WPA2

Wi-fi protected access. Uses AES based encryption. Is backwards compatible with WPA.

Incompetant Hacker

Worst case scenario is someone who gets in and doesn't know what he/she is breaking into and will do something with a large or extensive collateral damage.

DEFCON

is one of the world's largest annual hacker conventions, held annually in Las Vegas, Nevada, with the first DEF CON taking place in June 1993. Many of the attendees at DEF CON include computer security professionals, journalists, lawyers, federal government employees, security researchers, students, and hackers with a general interest in software, computer architecture, phone phreaking, hardware modification, and anything else that can be "cracked." The event consists of several tracks of speakers about computer- and cracking-related subjects, as well as social events Wargames and contests in everything from creating the longest Wi-Fi connection and cracking computer systems to who can most effectively cool a beer in the Nevada heat. Other contests, past and present, include lockpicking, robotics-related contests, art, slogan, coffee wars, scavenger hunt and Capture the Flag. Capture the Flag (CTF) is perhaps the best known of these contests. It is a hacking competition where teams of crackers attempt to attack and defend computers and networks using certain software and network structures. CTF has been emulated at other cracking conferences as well as in academic and military contexts. Federal law enforcement agents from the FBI, DoD, United States Postal Inspection Service, and other agencies regularly attend DEF CON.[1][2]


Ensembles d'études connexes

Decolonization - India and Pakistan

View Set

Government and Economics Unit 3 Quiz 1: The American Party System

View Set

Financial literacy- Taxes quiz review

View Set

CE017.1 Safety Testing for Code Compliance: Exam

View Set

Scout Law, Scout Oath, Scout Motto, Scout Slogan, Scout Handshake, Scout Sign, Scout Salute

View Set

Chapter 1-15 questions Mental health

View Set

CompTIA CySA+ (CS0-002) Practice Exam 2

View Set