Prowse REST OF IT pt 2 (chs. 14, 16, and 17,)

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

RAID 6 description

"Striping with Double Parity." Data is striped across multiple disks as it is in RAID 5, but there are two stripes of parity informa- tion. This usually requires another disk in the array. This system can operate even with two failed drives and is more adequate for time-crit- ical systems.

The clustering of servers can be broken down into two types: (2) (describe)

-Failover clusters: Otherwise known as high-availability clusters, these are designed so that a secondary server can take over in the case that the pri- mary one fails, with limited or no downtime. A failover cluster can reduce the chance of a single point of failure on a server, regardless of what failed on that server—hard disk, CPU, memory, and so on. An example of a failover cluster would be the usage of two Microsoft domain controllers. When the first domain controller fails, the secondary domain controller should be ready to go at a moment's notice. There can be tertiary and quaternary servers and beyond as well. It all depends on how many servers you think might fail concurrently. Another example would be the DNS server we talked about in the beginning of the chapter. If we wanted the DNS server to fail- closed, then we should set up a secondary DNS server as a failover, one that will be ready to go at a moment's notice. -Load-balancing clusters: Load-balancing clusters are multiple com-puters connected together for the purpose of sharing resources such as CPU,RAM, and hard disks. In this way, the cluster can share CPU power, alongwith other resources, and balance the CPU load among all the servers. Mi-crosoft's Cluster Server is an example of this (although it can also act infailover mode), enabling for parallel, high-performance computing. Several third-party vendors offer clustering software for operating systems andvir-tual operating systems as well. It is a common technique in web and FTPserver farms, as well as in IRC servers, DNS servers, and NNTP servers.

You can classify RAID in three different ways; these classifications can help when you plan which type of RAID system to implement. (3) (describe with example)

-Failure-resistant disk systems: Protect against data loss due to disk failure. An example of this would be RAID 1 mirroring. -Failure-tolerant disk systems: Protect against data loss due to any single component failure. An example of this would be RAID 1 mirroring with duplexing. -Disaster-tolerant disk systems: Protect data by the creation of two independent zones, each of which provides access to stored data. An exam- ple of this would be RAID 0+1.

Backup generators can be broken into three types: (describe)

-Portable gas-engine generator: The least expensive and run on gaso- line or possibly solar power. They are noisy, high maintenance, must be started manually, and usually require extension cords. They are a carbon monoxide risk and are only adequate for small operations and in mobile sce- narios. Gas-powered inverters are quieter but often come with a higher price tag per watt generated. -Permanently installed generator: Much more expensive, with a complex installation. These almost always run on either natural gas or propane. They are quieter and can be connected directly to the organiza- tion's electrical panel. Usually, these are standby generators and, as such, re- quire little user interaction. -Battery-inverter generator: These are based on lead-acid batteries, are quiet, and require little user interaction aside from an uncommon restart and change of batteries. They are well matched to environments that require a low amount of wattage or are the victims of short power outages only. Bat- tery-inverter systems can be stored indoors, but because the batteries can release fumes, the area they are stored in should be well ventilated, such as an air-conditioned server room with external exhaust. Uninterruptible pow- er supplies fall into the battery-inverter generator category.

Some of the considerations you should take into account when selecting a backup generator include the following: (5) (describe)

-Price: As with any organizational purchase, this will have to be budgeted. -How unit is started: Does it start automatically? Most organizations require this. -Uptime: How many hours will the generator stay on before needing to be refueled? This goes hand-in-hand with the next bullet. -Power output: How many watts does the system offer? Before purchas- ing a backup generator, you should measure the total maximum load your organization might use by running all computers, servers, lights, and other devices simultaneously, and measure this at the main electrical panel. Alter- natively, you could measure the total on paper by adding the estimated pow- er requirements of all devices together. -Fuel source: Does it run on natural gas, gasoline, and so on? If it is an automatically starting system, the options will probably be limited to natural gas and propane.

Network connections can fail as well. And we all know how users need to have the network up and running—or there will be heck to pay. The security of an organization can be compromised if networking connections fail. Some types of connections you should consider include the following: (3)

-Server network adapter connections -Main connections to switches and routers -The Internet connection

The UPS normally has a lead-acid battery that, when discharged, requires __(how long) to recharge. This battery is usually shipped in a discon- nected state. Before charging the device for use, you must first make sure that the leads connect. If the battery ever needs to be replaced, a red light usually appears accompanied by a beeping sound. Beeping can also occur if power is no longer supplied to the UPS by the AC outlet.

10 hours to 20 hours

One way is to use key stretching. A key stretching technique will take a weak key, process it, and output an enhanced and more powerful key. Often, this process will increase the size of the key to __(#) bits, making attacks such as brute-force attacks much more difficult, if not impossible.

128

The Message-Digest algorithm 5 (MD5) is the newest of a series of algo- rithms designed by Ron Rivest. It uses a __(#)-bit key.

128

The original RIPEMD (__(#)-bit) had a collision reported

128

The LANMAN hash, also known as the LAN Manager hash or simply LM hash, was the original hash used to store Windows passwords. It was used in Windows operating systems before Windows NT but is supported by some versions of Windows in an attempt to be backward compatible. This back- ward compatibility can be a security risk because the LM hash has several weaknesses and can be cracked easily. Its function is based on the deprecated DES algorithm and can only be a maximum of

14 characters.

Because it works with RSA, the security of PGP is based on the key size. It is considered secure and uncrackable as long as a sufficient key size is used. As an example, it has been suggested that a __(#)-bit key should be safe against the strongest of well-funded adversaries with knowledgeable people and the latest in supercomputers until at least the year 2020;

2048; (1024-bit keys are con- sidered strong enough for all but the most sensitive data environments.)

Any websites or other applications using SHA-1 are required to be updated to a higher level of SHA or other hashing algorithm. SHA-2 is more secure; it has __(#)-bit and __(#)-bit block sizes, plus truncated derivatives of each.

256; 512

RAID 6 min # of disks

4

Battery backup is great, but the battery can't last indefinitely! It is consid- ered emergency power and typically keeps your computer system running for __(how long?) depending on the model you purchase.

5 to 30 minutes

DES key size

56 bits

Which of the following combines the keystream with the plaintext mes- sage using the bitwise XOR operator to produce the ciphertext?A. One-time padB. ObfuscationC. PBKDF2 D. ECDH

A

Although not an exhaustive set, the following written disaster recovery policies, procedures, and information should be part of your disaster recovery plan: Business continuity plan:

A BCP defines how the business will con- tinue to operate if a disaster occurs; this plan is often carried out by a team of individuals. A BCP is also referred to as a continuity of operations plan (COOP). Over the years, BCPs have become much more important, and de- pending on the organization, the BCP might actually encompass the entire DRP. It also comprises business impact analysis—the examination of critical versus noncritical functions. These functions are assigned two differ- ent values or metrics: recovery time objective (RTO), the acceptable amount of time to restore a function (for example, the time required for a service to be restored after a disaster), and recovery point objective (RPO), the acceptable latency of data, or the maximum tolerable time that data can remain inaccessible after a disaster. It's impossible to foresee exact- ly how long it will take to restore service after a disaster, but with the use of proper archival, hot/warm/cold sites, and redundant systems, a general timeframe can be laid out, and an organization will be able to decide on a maximum timeframe to get data back online. This in effect is IT contingency planning (ITCP). Some organizations will have a continuity of operation planning group or crisis management group that meets every so often to discuss the BCP. In- stead of running full-scale drills, they might run through tabletop exercises, where a talk-through of simulated disasters (in real time) is performed—a sort of role-playing, if you will. This can save time and be less disruptive to employees, but it is more than just a read-through of the BCP. It can help to identify critical systems and mission-essential functions of the organization's network as well as failover functionality, and alternate processing sites. It can also aid in assessing the impact of a potential disaster on privacy, prop- erty, finance, the reputation of the company, and most importantly, life itself.

Which of the following factors should you consider when evaluating assets to a company? (Select the two best answers.)A. Their value to the companyB. Their replacement costC. Where they were purchased from D. Their salvage value

A and B. When evaluating assets to a company, it is important to know the replacement cost of those assets and the value of the assets to the compa- ny. If the assets were lost or stolen, the salvage value is not important, and although you may want to know where the assets were purchased from, it is not one of the best answers.

What devices will not be able to communicate in a Faraday cage? (Select the two best answers.)A. SmartphonesB. ServersC. Tablets D. Switches

A and C. Signals cannot emanate outside a Faraday cage. Therefore, smartphones and tablets (by default) will not work inside the Faraday cage. Generally, a Faraday cage is "constructed" for a server room, data center, or other similar location. Servers and switches are common in these places and are normally wired to the network, so they should be able to communicate with the outside world.

In addition to bribery and forgery, which of the following are the most common techniques that attackers use to socially engineer people? (Select the two best answers.) A. FlatteryB. Assuming a position of authorityC. Dumpster divingD. WHOIS search

A and C. The most common techniques that attackers use to socially en- gineer people include flattery, dumpster diving, bribery, and forgery. Al- though assuming a position of authority is an example of social engineering, it is not one of the most common. A WHOIS search is not necessarily mali- cious; it can be accomplished by anyone and can be done for legitimate rea- sons. This type of search can tell a person who runs a particular website or who owns a domain name.

Last week, one of the users in your organization encrypted a file with a private key. This week the user left the organization, and unfortunately the systems administrator deleted the user's account. What are the most proba- ble outcomes of this situation? (Select the two best answers.) A. The data is not recoverable.B. The former user's account can be re-created to access the file.C. The file can be decrypted with a PKI.D. The data can be decrypted using the recovery agent.E. The data can be decrypted using the root user account.

A and D. Many systems have a recovery agent that is designed just for this purpose. If the account that encrypted the file is deleted, it cannot be recreated (without different IDs and therefore no access to the file), and the recovery agent will have to be used. If there is no recovery agent (which in some cases needs to be configured manually), then the file will be unrecover- able. This file was encrypted with a private key and needs to be decrypted with a private key—PKI is a system that uses asymmetric key pairs (private and public). The root user account does not have the ability to recover files that were encrypted by other users.

Give two examples of hardware devices that can store keys. (Select the two best answers.)A. Smart cardB. Network adapterC. PCI Express cardD. USB flash drive

A and D. Smart cards and USB flash drives can be used as devices that carry a token and store keys; this means that they can be used for authenti- cation to systems, often in a multifactor authentication scenario. Network adapters and PCI Express cards are internal to a PC and would not make for good key storage devices.

Although not an exhaustive set, the following written disaster recovery policies, procedures, and information should be part of your disaster recovery plan: Impact determination:

A procedure to determine a disaster's full im- pact on the organization. This includes an evaluation of assets lost and the cost to replace those assets.

Your boss wants you to set up an authentication scheme in which employ- ees will use smart cards to log in to the company network. What kind of key should be used to accomplish this? A. Private keyB. Public keyC. Cipher keyD. Shared key

A. A private key should be used by users when logging in to the network with their smart card. The key should certainly not be public. A key actually determines the function of a cipher. Shared key is another term for symmet- ric key encryption but does not imply privacy.

When encrypting credit card data, which would be the most secure algo- rithm with the least CPU utilization?A. AESB. 3DESC. SHA-512 D. MD5

A. AES (Advanced Encryption Standard) is fast and secure, more so than 3DES. SHA-512 (a type of SHA-2) and MD5 are hashing algorithms. Not list- ed is RSA, which is commonly implemented to secure credit card transactions.

Which type of encryption technology is used with the BitLocker application?A. SymmetricB. AsymmetricC. HashingD. WPA2

A. BitLocker uses symmetric encryption technology based on AES. Hash- ing is the process of summarizing a file for integrity purposes. WPA2 is a wireless encryption protocol.

Which of the following is the weakest encryption type? A. DESB. RSAC. AESD. SHA

A. DES (Data Encryption Standard) was developed in the 1970s; its 56- bit key has been superseded by 3DES (max 168-bit key) and AES (max 256- bit key). DES is now considered to be insecure for many applications. RSA is definitely stronger than DES even when you compare its asymmetric strength to a relative symmetric strength. SHA is a hashing algorithm.

Of the following definitions, which would be an example of eavesdropping? A. Overhearing parts of a conversationB. Monitoring network trafficC. Another person looking through your filesD. A computer capturing information from a sender

A. Eavesdropping is when people listen to a conversation that they are not part of. A security administrator should keep in mind that someone could always be listening, and thus should always try to protect against this.

You need to protect your data center from unauthorized entry at all times. Which is the best type of physical security to implement?A. MantrapB. Video surveillanceC. Nightly security guards D. 802.1X

A. Mantraps are the best solution listed—they are the closest to foolproof of the listed answers. Mantraps (if installed properly) are strong enough to keep a human inside until he completes the authentication process or is es- corted off the premises. This is a type of preventive security control meant to stop tailgating and piggybacking. Video surveillance will not prevent an unauthorized person from entering your data center; rather, it is a detective security control. Security guards are a good idea, but if they work only at night, then they can't prevent unauthorized access at all times. 802.1X is an excellent authentication method, but it is logically implemented as software and devices; it is not a physical security control.

Which of the following might a public key be used to accomplish? A. To decrypt the hash of a digital signatureB. To encrypt web browser trafficC. To digitally sign a messageD. To decrypt wireless messages

A. Public keys can be used to decrypt the hash of a digital signature. Ses- sion keys are used to encrypt web browser traffic. Private keys are used to digitally sign a message and decrypt wireless messages.

What does steganography replace in graphic files? A. The least significant bit of each byteB. The most significant bit of each byteC. The least significant byte of each bitD. The most significant byte of each bit

A. Steganography replaces the least significant bit of each byte. It would be impossible to replace a byte of each bit, because a byte is larger than a bit; a byte is eight bits.

You need to encrypt and send a large amount of data. Which of the follow- ing would be the best option?A. Symmetric encryptionB. Hashing algorithmC. Asymmetric encryptionD. PKI

A. Symmetric encryption is the best option for sending large amounts of data. It is superior to asymmetric encryption. PKI is considered an asymmet- ric encryption type, and hashing algorithms don't play into sending large amounts of data.

Imagine that you are an attacker. Which would be most desirable when attempting to compromise encrypted data?A. A weak keyB. The algorithm used by the encryption protocolC. Captured trafficD. A block cipher

A. The easiest way for an attacker to get at encrypted data is if that en- crypted data has a weak encryption key. The algorithm isn't of much use to an attacker unless it has been broken, which is a far more difficult process than trying to crack an individual key. Captured traffic, if encrypted, still needs to be decrypted, and a weak key will aid in this process. The block ci- pher is a type of algorithm.

I've mentioned several times that your server room contains the livelihood of your organization—its data. If you don't protect the data, you'll be out of a job. One way to protect the server room is by installing a clean agent fire suppression system. Special clean agent fire extinguishers, such as Halotron and FE-36, are recommended for server rooms because they leave no residue after the fire is extinguished, reducing the likelihood of damage to computer systems and networking equipment. Also, they are rated as

ABC, so they can put out not only electrical fires, but also the ash fire that will most likely en- sue. All the other systems mentioned up to this point can easily cause com- puter failure if they are discharged.

In general, the most common type of fire extinguisher used in a building is the multipurpose dry-chemical ABC extinguisher. However, this is extremely messy—it gets into everything! Plus, it can cause corrosion to computer com- ponents over time. For server rooms, BC extinguishers are sometimes em- ployed; the most common is the carbon dioxide (CO2) extinguisher. The CO2extinguisher displaces oxygen, which is needed for a fire to burn, in addition to heat and fuel, which collectively make up the fire triangle. CO2 extinguish- ers are relatively safe for computer components, especially compared to ABC extinguishers. However, the CO2 extinguisher can possibly cause damage to computer components from electrostatic discharge (ESD), although this is rare. Also, if carbon dioxide is released in an enclosed space where people are present, there is a risk of suffocation. If the organization has the money, it is far more preferable to use a(n)__ extinguisher in the server room—or better yet, a special hazard protection system.

ABC-rated Halotron

In which two environments would social engineering attacks be most ef- fective? (Select the two best answers.)A. Public building with shared office spaceB. Company with a dedicated IT staffC. Locked buildingD. Military facilityE. An organization whose IT personnel have little training

AE

Comment on AES speed and resource usage

AES is fast, uses minimal resources, and can be used on a variety of plat- forms.

Describe Genetic Algorithms (from box)

Algorithms are also used in the world of artificial intelligence, often by searching for particular information within a vast array of data. One exam- ple of this is the genetic algorithm, a type of evolutionary algorithm, which is inspired by natural, biological evolution. Algorithms such as this are pro- grammed with languages like Python and C++. A genetic algorithm can be used to identify a person from a very broad set of information. This could be based on a set of data gathered via data aggrega- tion, or—and this is related to the book you are reading—it could involve sty- lometry. Stylometry is the study of linguistic style, music, and other forms of communication. It could be used to identify the author of this book without knowing any reference to the author, or to identify a songwriter. You know, name that tune in three notes!—except a computer does the naming. It's based on style and specific words (and their usage frequency) employed by the writer. A genetic algorithm used in stylometric analysis applies a set of rules (IF-THEN statements). It helps to know a key word that the writer uses somewhat frequently. For example, the word "known": In a chapter such as this, with 10,000 words, I might use that word 30 times. The rule could be "If the word known appears 3 or more times per every 1000 words, then the author is X." In this case, X would equal David L. Prowse, me, and possibly several other technical authors. Stylometry has its uses in identifi- cation, but can also be used to provide statistical analysis; for example, per- haps I should cut back on the word known! It might help to know overused words when a book such as this can commonly reach 2 million keystrokes. But more often than not it is used for identification of anonymous works. Stylometry is just one of many examples of applications that use genetic algorithms.

Of the following, what is the worst place to store a backup tape? A. Near a bundle of fiber-optic cablesB. Near a power lineC. Near a serverD. Near an LCD screen

B. Backup tapes should be kept away from power sources, including pow- er lines, CRT monitors, speakers, and so on. And the admin should keep backup tapes away from sources that might emit EMI. LCD screens, servers, and fiber-optic cables have low EMI emissions.

Which of the following is not a symmetric key algorithm? A. RC4B. ECCC. 3DESD. Rijndael

B. ECC (elliptic curve cryptography) is an example of public key cryptog- raphy that uses an asymmetric key algorithm. All the other answers are sym- metric key algorithms.

Which of the following RAID versions offers the least amount of perfor- mance degradation when a disk in the array fails?A. RAID 0B. RAID 1C. RAID 4 D. RAID 5

B. RAID 1 is known as mirroring. If one drive fails, the other will still function and there will be no downtime and no degraded performance. All the rest of the answers are striping-based and therefore have either down- time or degraded performance associated with them. RAID 5 is the second best option because in many scenarios it will have zero downtime and little degraded performance. RAID 0 will not recover from a failure; it is not fault tolerant.

Which of the following encryption algorithms is used to encrypt and de- crypt data?A. SHA-256B. RC5C. MD5 D. NTLM

B. RC5 (Rivest Cipher version 5) can encrypt and decrypt data. SHA-256 is a type of SHA-2. It and MD5 are used as hashing algorithms, and NTLM (NT LAN Manager) is used by Microsoft as an authentication protocol and a password hash.

You are tasked with selecting an asymmetric encryption method that al- lows for the same level of encryption strength, but with a lesser key length than is typically necessary. Which encryption method fulfills your requirement? A. RSAB. ECCC. DHED. Twofish

B. The ECC (elliptic curve cryptography) method allows for lesser key lengths but at the same level of strength as other asymmetric methods. This reduces the computational power needed. RSA and Diffie-Hellman require more computational power due to the increased key length. DHE especially uses more CPU power because of the ephemeral aspect. (ECDHE would be the solution in that respect.) Twofish is a symmetric algorithm.

Jeff wants to employ a Faraday cage. What will this accomplish? A. It will increase the level of wireless encryption.B. It will reduce data emanations.C. It will increase EMI.D. It will decrease the level of wireless emanations.

B. The Faraday cage will reduce data emanations. The cage is essentially an enclosure (of which there are various types) of conducting material that can block external electric fields and stop internal electric fields from leaving the cage, thus reducing or eliminating data emanations from such devices as cell phones.

Which of the following encryption methods deals with two distinct, large prime numbers and the inability to factor those prime numbers?A. SHA-1B. RSAC. WPA D. Symmetric

B. The RSA encryption algorithm uses two prime numbers. If used prop- erly they will be large prime numbers that are difficult or impossible to fac- tor. SHA-1 is an example of a Secure Hash Algorithm—albeit a deprecated one. WPA is the Wi-Fi Protected Access protocol, and RSA is an example of an asymmetric method of encryption.

Michael's company has a single web server that is connected to three other distribution servers. What is the greatest risk involved in this scenario?A. Fraggle attackB. Single point of failureC. Denial-of-service attack D. Man-in-the-middle attack

B. The greatest risk involved in this scenario is that the single web server is a single point of failure regardless that it is connected to three other distri- bution servers. If the web server goes down or is compromised, no one can access the company's website. A Fraggle is a type of denial-of-service attack. Although denial-of-service attacks are a risk to web servers, they are not the greatest risk in this particular scenario. A company should implement as much redundancy as possible.

10. Critical equipment should always be able to get power. What is the cor- rect order of devices that your critical equipment should draw power from?A. Generator, line conditioner, UPS batteryB. Line conditioner, UPS battery, generatorC. Generator, UPS battery, line conditioner D. Line conditioner, generator, UPS battery

B. The line conditioner is constantly serving critical equipment with clean power. It should be first and should always be on. The UPS battery should kick in only if there is a power outage. Finally, the generator should kick in only when the UPS battery is about to run out of power. Often, the line conditioner and UPS battery will be the same device. However, the line conditioner function will always be used, but the battery comes into play only when there is a power outage, or brownout.

If a fire occurs in a server room, and you don't have a special hazard system (not wise), the multipurpose __ is the best handheld extinguisher to use. Electrical fires are the most likely type of fire in a server room.

BC extinguisher (CO2)

For server rooms, __ extinguishers are sometimes em- ployed; the most common is the__ extinguisher.

BC; carbon dioxide (CO2)

Backup generators can be broken into three types: (Uninterruptible pow- er supplies fall into this category)

Battery-inverter generator:

Fire extinguishers: Fire Class C: Denoted by (shape)

Blue circle

Blowfish and Twofish are two ciphers designed by

Bruce Schneier.

Describe HVAC shielding:

By installing a shield around air conditioners and oth- er similar equipment, you end up shielding them, and thereby keep EMI generated by that equipment inside the shield.

13. Your company has a fiber-optic connection to the Internet. Which of the following can enable your network to remain operational even if the fiber- optic line fails? A. Redundant network adaptersB. RAID 5C. Redundant ISPD. UPS

C

Turnstiles, double entry doors, and security guards are all preventative measures for what kind of social engineering?A. Dumpster divingB. ImpersonationC. Piggybacking D. Eavesdropping

C

You are attempting to move data to a USB flash drive. Which of the fol- lowing enables a rapid and secure connection?A. SHA-2B. 3DESC. AES-256 D. MD5

C. AES-256 enables a quick and secure encrypted connection for use with a USB flash drive. It might even be used with a whole disk encryption technology, such as BitLocker. SHA-2 and MD5 are examples of hashes. 3DES is an example of an encryption algorithm but would not be effective for sending encrypted information in a highly secure manner and quickly to a USB flash drive.

You are tasked with ensuring that messages being sent and received be- tween two systems are both encrypted and authenticated. Which of the fol- lowing protocols accomplishes this?A. Diffie-HellmanB. BitLockerC. RSA D. SHA-384

C. RSA can both encrypt and authenticate messages. Diffie-Hellman en- crypts only. BitLocker is a type of whole disk encryption (WDE), which deals with encrypting entire hard drives but is not used to send and receive mes- sages. SHA-384 is a cryptographic hash function used to preserve the in- tegrity of files.

Which of the following tape backup methods enables daily backups, week- ly full backups, and monthly full backups?A. Towers of HanoiB. IncrementalC. Grandfather-father-son D. DifferentialE. Snapshot

C. The grandfather-father-son (GFS) backup scheme generally uses daily backups (the son), weekly backups (the father), and monthly backups (the grandfather). The Towers of Hanoi is a more complex strategy based on a puzzle. Incremental backups are simply one-time backups that back up all data that has changed since the last incremental backup. These might be used as the son in a GFS scheme. Differential backups back up everything since the last full backup. A snapshot is a backup type, not a method; it is primarily designed to image systems.

If a fire occurs in the server room, which device is the best method to put it out?A. Class A extinguisherB. Class B extinguisherC. Class C extinguisherD. Class D extinguisher

C. When you think Class C, think copper. Extinguishers rated as Class C can suppress electrical fires, which are the most likely kind in a server room.

The clustering of servers can be broken down into two types: -Load-balancing clusters: Load-balancing clusters are multiple com-puters connected together for the purpose of sharing resources such as CPU,RAM, and hard disks. In this way, the cluster can share CPU power, alongwith other resources, and balance the CPU load among all the servers. Microsoft's __ is an example of this (although it can also act infailover mode), enabling for parallel, high-performance computing.

Cluster Server

A hash algorithm has the capability to avoid the same output from two guessed inputs. What is this known as?

Collision resistance

To start, many vehicles are equipped with Apple CarPlay, Android Auto, or a similar mobile device projection standard, allowing for seamless integration with the operator's smartphone or tablet. Depending on the policies of an or- ganization embracing BYOD, CYOD, or COPE, the organization might con- sider disabling this technology as it can pose a separate security risk. In some cases, malware stored on a mobile device can be transferred to the au- tomotive computer(s), when connected via USB. With any group of connect- ed systems, it is possible to subvert one technology to gain access to another. For example, an automobile will use the __ to allow communications between the dozens of control units, including the engine control unit and possibly the onscreen display. There are potential vulnerabilities all over the place if the system isn't designed well. And with so many auto manufacturers and models, the risk level only increases.

Controller Area Network (CAN) bus

Although not an exhaustive set, the following written disaster recovery policies, procedures, and information should be part of your disaster recovery plan: Copies of agreements:

Copies of any agreements with vendors of re- dundant sites, ISPs, building management, and so on should be stored with the DR plan.

WEP improperly uses an encryption protocol and therefore is consid- ered to be insecure. What encryption protocol does it use?A. AESB. RSAC. RC6 D. RC4

D

What is the best way to test the integrity of a company's backed up data? A. Conduct another backupB. Use software to recover deleted filesC. Review written proceduresD. Restore part of the backup

D

To prevent electrical damage to a computer and its peripherals, the com- puter should be connected to what?A. Power stripB. Power inverterC. AC to DC converter D. UPS

D. A UPS (uninterruptible power supply) protects computer equipment against surges, spikes, sags, brownouts, and blackouts. Power strips, unlike surge protectors, do not protect against surges.

Of the following, which statement correctly describes the difference be- tween a secure cipher and a secure hash?A. A hash produces a variable output for any input size; a cipher does not. B. A cipher produces the same size output for any input size; a hash does not. C. A hash can be reversed; a cipher cannot.D. A cipher can be reversed; a hash cannot.

D. Ciphers can be reverse engineered but hashes cannot when attempt- ing to re-create a data file. Hashing is not the same as encryption; hashing is the digital fingerprint, so to speak, of a group of data. Hashes are not reversible.

The IT director wants you to use a cryptographic algorithm that cannot be decoded by being reversed. Which of the following would be the best option?A. AsymmetricB. SymmetricC. PKI D. One-way function

D. In cryptography, the one-way function is one option of an algorithm that cannot be reversed, or is difficult to reverse, in an attempt to decode data. An example of this would be a hash such as SHA-2, which creates only a small hashing number from a portion of the file or message. There are ways to crack asymmetric and symmetric encryptions, which enable com- plete decryption (decoding) of the file.

Which of the following provides for the best application availability and can be easily expanded as an organization's demand grows?A. RAID 6B. Server virtualizationC. Multi-CPU motherboards D. Load balancing

D. Load balancing is the best option for application availability and ex- pansion. You can cluster multiple servers together to make a more powerful supercomputer of sorts—one that can handle more and more simultaneous access requests. RAID 6 is meant more for data files, not applications. It may or may not be expandable depending on the system used. Multi-CPU moth- erboards are used in servers and power workstations, but are internal to one Settings / Support / Sign Out system. The CPUs are indeed used together, but will not help with expand- ability, unless used in a load-balancing scenario.

Which of the following is used by PGP to encrypt the session key before it is sent?A. Asymmetric key distribution systemB. Asymmetric schemeC. Symmetric key distribution systemD. Symmetric scheme

D. Pretty Good Privacy (PGP) encryption uses a symmetric key scheme for the session key data, and asymmetric RSA for the sending of the session key, plus a combination of hashing and data compression. Key distribution systems are part of an entire encryption scheme, which typically includes a technology such as Kerberos (key distribution center) or quantum cryptography.

Which of the following concepts does the Diffie-Hellman algorithm rely on?A. Usernames and passwordsB. VPN tunnelingC. BiometricsD. Key exchange

D. The Diffie-Hellman algorithm relies on key exchange before data can be sent. Usernames and passwords are considered a type of authentication. VPN tunneling is done to connect a remote client to a network. Biometrics is the science of identifying people by one of their physical attributes.

Which of the following methods will best verify that a download from the Internet has not been modified since the manufacturer released it? A. Compare the final LANMAN hash with the original.B. Download the patch file over an AES encrypted VPN connection.C. Download the patch file through an SSL connection.D. Compare the final MD5 hash with the original.

D. The purpose of the MD5 hash is to verify the integrity of a download. SHA is another example of a hash that will verify the integrity of downloads. LANMAN hashes are older, deprecated hashes used by Microsoft LAN Man- ager for passwords. Encrypted AES and SSL connections are great for en- crypting the data transfer but do not verify integrity.

The LANMAN hash, also known as the LAN Manager hash or simply LM hash, was the original hash used to store Windows passwords. It was used in Windows operating systems before Windows NT but is supported by some versions of Windows in an attempt to be backward compatible. This back- ward compatibility can be a security risk because the LM hash has several weaknesses and can be cracked easily. Its function is based on the deprecated __ algorithm

DES

Fire: Fire is probably the number one planned-for disaster. This is par- tially because most municipalities require some sort of fire suppression sys- tem, as well as the fact that most organizations' policies define the usage of a proper fire suppression system. We discuss fire protection in more depth inChapter 17, "Social Engineering, User Education, and Facilities Security," but for now, the three main types of fire extinguishers include A (for ash fires), B (for gas and other flammable liquid fires), and C (for electrical fires). Unfortunately, these and the standard sprinkler system in the rest of the building are not adequate for a server room. If there were a fire, the ma- terial from the fire extinguisher or the water from the sprinkler system would damage the equipment, making the disaster even worse! Instead, a server room should be equipped with a proper system of its own such as

DuPont FM-200. This uses a large tank that stores a clean agent fire extin- guishant that is sprayed from one or more nozzles in the ceiling of the server room. It can put out fires of all types in seconds. A product such as this can be used safely when people are present; however, most systems also employ a very loud alarm that tells all personnel to leave the server room. It is wise to run through several fire suppression alarm tests and fire drills, ensuring that the alarm will sound when necessary and that personnel know what do to when the alarm sounds. For example, escape plans should be posted, and battery-backup exit signs should be installed in various locations throughout the building so that employees know the quickest escape route in the case of a fire. Fire drills (and other safety drills) should be performed periodically so that the organization can analyze the security posture of their safety plan.

Although not an exhaustive set, the following written disaster recovery policies, procedures, and information should be part of your disaster recovery plan: Disaster recovery drills and exercises:

Employees should be drilled on what to do if a disaster occurs. These exercises should be written out step- by-step and should conform to safety standards.

I've mentioned several times that your server room contains the livelihood of your organization—its data. If you don't protect the data, you'll be out of a job. One way to protect the server room is by installing a clean agent fire suppression system. Special clean agent fire extinguishers, such as Halotron and FE-36, are recommended for server rooms because they leave no residue after the fire is extinguished, reducing the likelihood of damage to computer systems and networking equipment. Also, they are rated as ABC, so they can put out not only electrical fires, but also the ash fire that will most likely en- sue. All the other systems mentioned up to this point can easily cause com- puter failure if they are discharged. The ultimate solution would be to equip the server room with a special hazard protection system, a clean agent system, such as

FM-200.

Phishing is the attempt at fraudulently obtaining private information. A phisher usually masquerades as someone else, perhaps another entity. There are two main differences between phishing and pretexting.

First, phishing is usually done by electronic communication, not in person. Second, little in- formation about the target is necessary. A phisher may target thousands of individuals without much concern as to their background. An example of phishing would be an e-mail that requests verification of private informa- tion. The e-mail probably leads to a malicious website designed to lure peo- ple into a false sense of security to fraudulently obtain information. The web- site often looks like a legitimate website. A common phishing technique is to pose as a vendor (such as an online retailer or domain registrar) and send the target e-mail confirmations of orders that they supposedly placed.

When considering power, think about it from the inside out. :

For example, start with individual computers, servers, and networking components. How much power does each of these things require? Make a list and tally your re- sults. Later, this plays into the total power needed by the server room. Re- member that networking devices such as IP phones, cameras, and some wireless access points are powered over Ethernet cabling, which can require additional power requirements at the Ethernet switch (or switches) in the server room. Think about installing redundant power supplies in some of your servers and switches. Next, ponder using UPS devices as a way of de- feating short-term power loss failures. Then, move on to how many circuits you need, total power, electrical panel requirements, and also the cleanliness of power coming in from your municipality. Finally, consider backup genera- tors for longer-term power failures.

There are varying levels of UPS devices, which incorporate different tech- nologies. (describe 2)

For example, the cheaper standby UPS (known as an SPS) might have a slight delay when switching from AC to battery power, possibly caus- ing errors in the computer operating system. If a UPS is rack mounted, it will usually be a full-blown UPS (perhaps not the best choice of words!); this would be known as an "online" or "continuous" UPS—these cost hundreds or even thousands of dollars. If it is a smaller device that plugs into the AC out- let and lies freely about, it is probably an SPS—these cost between $25 and $100. You should realize that some care should be taken when planning the type of UPS to be used. When data is crucial, you had better plan for a quali- ty UPS!

Around the turn of the millennium, the creator of PGP, and many other se- curity-minded people that used PGP, sensed that an open source alternative would be beneficial to the cryptographic community. This was presented to, and accepted by, the IETF, and a new standard called OpenPGP was devel- oped. With this open source code, others could write software that could eas- ily integrate with PGP (or replace it). One example of this is the

GNU Privacy Guard (GPG, or GNuPG), which is compliant with the OpenPGP stan- dard. Over time this has been developed for several platforms including vari- ous Linux GUIs, macOS/OS X, and Windows. GPG is a combination of sym- metric key encryption and public key encryption.

Well, we talked a lot about why the LM hash is insufficient. Let's get into the replacements. The first is the NTLM hash, also known as the NT LAN Man- ager hash. The NTLM algorithm was first supplied with Windows NT 3.1; it provides Unicode support and, more important to this conversation, the RC4 cipher. Although the RC4 cipher enables a more powerful hash known as NTLM for storing passwords, the systems it ran on were still configured to be backward compatible with the LM hash. So, as long as the LM hash was not disabled, those systems were still at the same risk as older systems that ran the LM hash only. Windows Vista and Windows Server 2008 operating systems (and higher) disable the older LM hash by default. While NTLM uses cyclic redundancy checks (CRCs) and message digest algo- rithms for integrity, the main issue with NTLM is that it is based on the RC4 cipher, and not any recent cryptographic methods such as AES or SHA-256. RC4 has been compromised, and therefore the NTLM hash is compromised. Due to the weakness of NTLM, we need a stronger hashing algorithm: NTLMv2. The NTLMv2 hash uses an __ hash, making it difficult to crack; it is a 128-bit system. NTLMv2 has been available since Windows NT 4.0 SP4 and is used by default on newer Windows operating systems. Even though NTLMv2 responds to the security issues of the LM hash and NTLM, most Microsoft domains use Kerberos as the logon authentication scheme because of its level of security when dealing with one computer logging in to another or in to an entire network/domain. NTLMv2 is used either when Kerberos isn't available, users log in with local accounts, or a connecting OS doesn't support Kerberos.

HMAC-MD5

HMAC stands for Hash-based Message Authentication Code. Let's step back for a moment: Message Authentication Code (MAC) is a short piece of infor- mation—a small algorithm—used to authenticate a message and to provide integrity and authenticity assurances on the message. It checks the integrity of the cipher used and notifies the receiver if there were any modifications to the encrypted data. This way, the data cannot be denied (repudiated) when received. Building on this concept, HMAC is a calculation of a MAC through the use of a cryptographic hash function such as MD5 or SHA-1. If for example SHA-1 is used, the corresponding MAC would be known as

HMAC-SHA1, or better yet, if using SHA-2 (due to SHA-1 deprecation) then you would probably use HMAC-SHA256 (or higher). Warning: Be very careful selecting the type and version of hash function that you use!

Older extinguishants, such as halon, are not used anymore because they are harmful to the environment. Less-developed countries might still use them, but most governments have banned the use of halon. If you see one of these, it should be replaced with a newer extinguisher that uses environment-safe halocarbon agents such as __ or __.

Halotron; FE-36

Is hardware or software the better way when it comes to RAID?

Hardware is always the better way to go when it comes to RAID. Having a separate interface that controls the RAID configuration and handling is far superior to trying to control it with software within an operating system. The hardware could be an adapter card installed inside the computer, or an ex- ternal box that connects to the computer or even to the network. When it comes to RAID in a network storage scenario, you are now dealing with net- work attached storage (NAS). These NAS points can be combined to form a storage area network (SAN), but any type of network attached storage will cost more money to an organization.

Although not an exhaustive set, the following written disaster recovery policies, procedures, and information should be part of your disaster recovery plan: Business continuity plan: A BCP defines how the business will con- tinue to operate if a disaster occurs; this plan is often carried out by a team of individuals. A BCP is also referred to as a continuity of operations plan (COOP). Over the years, BCPs have become much more important, and de- pending on the organization, the BCP might actually encompass the entire DRP. It also comprises business impact analysis—the examination of critical versus noncritical functions. These functions are assigned two differ- ent values or metrics: recovery time objective (RTO), the acceptable amount of time to restore a function (for example, the time required for a service to be restored after a disaster), and recovery point objective (RPO), the acceptable latency of data, or the maximum tolerable time that data can remain inaccessible after a disaster. It's impossible to foresee exact- ly how long it will take to restore service after a disaster, but with the use of proper archival, hot/warm/cold sites, and redundant systems, a general timeframe can be laid out, and an organization will be able to decide on a maximum timeframe to get data back online. This in effect is

IT contingency planning (ITCP).

__ was selected from a group of algorithms in 2012 as the SHA-3 winner, but is not meant as a replacement for SHA-2, because no compromise of SHA-2 has yet been demonstrated (as of the writing of this book).

Keccak

The NTLMv2 hash uses an HMAC-MD5 hash, making it difficult to crack; it is a 128-bit system. NTLMv2 has been available since Windows NT 4.0 SP4 and is used by default on newer Windows operating systems. Even though NTLMv2 responds to the security issues of the LM hash and NTLM, most Microsoft domains use

Kerberos as the logon authentication scheme because of its level of security when dealing with one computer logging in to another or in to an entire network/domain. NTLMv2 is used either when Kerberos isn't available, users log in with local accounts, or a connecting OS doesn't support Kerberos.

The NTLMv2 hash uses an HMAC-MD5 hash, making it difficult to crack; it is a 128-bit system. NTLMv2 has been available since Windows NT 4.0 SP4 and is used by default on newer Windows operating systems. Even though NTLMv2 responds to the security issues of the LM hash and NTLM, most Microsoft domains use Kerberos as the logon authentication scheme because of its level of security when dealing with one computer logging in to another or in to an entire network/domain. NTLMv2 is used either when

Kerberos isn't available, users log in with local accounts, or a connecting OS doesn't support Kerberos.

Because __ and __ have vulnerabilities, some government agencies started using SHA-2 as early as 2011 (and most likely will use SHA-3 at some point).

MD5; SHA-1

Social Engineering Type: (When a person works at an organization with the se- cret purpose of obtaining secret information, finan- cial information, design work, and PII.)

Malicious insider threat

Well, we talked a lot about why the LM hash is insufficient. Let's get into the replacements. The first is the NTLM hash, also known as the NT LAN Man- ager hash. The NTLM algorithm was first supplied with Windows (version)

NT 3.1; it provides Unicode support and, more important to this conversation, the RC4 cipher. Although the RC4 cipher enables a more powerful hash known as NTLM for storing passwords, the systems it ran on were still configured to be backward compatible with the LM hash. So, as long as the LM hash was not disabled, those systems were still at the same risk as older systems that ran the LM hash only. Windows Vista and Windows Server 2008 operating systems (and higher) disable the older LM hash by default.

RC4 has been compromised, and therefore the NTLM hash is compromised. Due to the weakness of NTLM, we need a stronger hashing algorithm: NTLMv2. The NTLMv2 hash uses an HMAC-MD5 hash, making it difficult to crack; it is a 128-bit system. NTLMv2 has been available since Windows __(version) and is used by default on newer Windows operating systems. Even though NTLMv2 responds to the security issues of the LM hash and NTLM, most Microsoft domains use Kerberos as the logon authentication scheme because of its level of security when dealing with one computer logging in to another or in to an entire network/domain. NTLMv2 is used either when Kerberos isn't available, users log in with local accounts, or a connecting OS doesn't support Kerberos.

NT 4.0 SP4

Using proper power devices is part of a good preventative maintenance/se- curity plan and helps to protect a computer. You need to protect against sev- eral things:Power supply failure: Power supplies are like hard drives in two ways:

One, they will fail. It's not a matter of if; it's a matter of when. Two, they can cause intermittent issues when they begin to fail, issues that are hard to troubleshoot. If you suspect a power supply failure, then you should replace the supply. Also consider using a redundant power supply.

Pass the Hash: Prevention includes the following: (5)

Only allowing clients that are trusted op- erating systems to connect to a server; configuring Windows domain trusts securely; using multifactor authentication; using tokens; and implementing the principle of least privilege for user accounts. When employing least privi- lege, be sure to include domain accounts and local admin accounts. Finally, standard network security discussed in Chapter 6 through 9 should also be implemented, including IDS/IPS solutions, firewall restrictions, and so on.

Around the turn of the millennium, the creator of PGP, and many other se- curity-minded people that used PGP, sensed that an open source alternative would be beneficial to the cryptographic community. This was presented to, and accepted by, the IETF, and a new standard called __ was devel- oped.

OpenPGP

When encrypting data, PGP uses key sizes of at least 128 bits. Newer ver- sions allow for RSA or DSA key sizes ranging from 512 bits to 2048 bits. The larger the key, the more secure the encryption is, but the longer it takes to generate the keys; although, this is done only once when establishing a con- nection with another user. The program uses a combination of hashing, data compression, symmetric key cryptography, and public key cryptography. New versions of the program are not fully compatible with older versions be- cause the older versions cannot decrypt the data that was generated by a newer version. This is one of the issues when using PGP; users must be sure to work with the same version. Newer versions of PGP support __ and __, which allows for secure communications with just about everyone.

OpenPGP; S/MIME

take a weak key, process it, and output an enhanced and more powerful key. Often, this process will increase the size of the key to 128 bits, making attacks such as brute-force attacks much more difficult, if not impossible. Examples of key stretching software include __ and __.

PBKDF2; bcrypt

Another myth is that password checkers ensure strong passwords:

Password checkers can help you get an idea of whether a password is secure, but may interpret some weak pass- words as strong.

Compare Piggybacking/Tailgating

Piggybacking is when an unauthorized person tags along with an autho- rized person to gain entry to a restricted area—usually with the person's con- sent. Tailgating is essentially the same with one difference: it is usually without the authorized person's consent. Both of these can be defeated through the use of mantraps. A mantrap is a small space that can usually only fit one person. It has two sets of interlocking doors; the first set must be closed before the other will open, creating a sort of waiting room where peo- ple are identified (and cannot escape!). This technique is often used in server rooms and data centers. Multifactor authentication is often used in conjunc- tion with a mantrap; for example, using a proximity card and PIN at the first door, and biometric scan at the second. A mantrap is an example of a pre- ventive security control. Turnstiles, double entry doors, and employing secu- rity guards are other less expensive (and less effective) solutions to the prob- lem of piggybacking and tailgating and help address confidentiality in general.

Backup generators can be broken into three types: (are a carbon monoxide risk)

Portable gas-engine generator

Backup generators can be broken into three types: (must be started manually )

Portable gas-engine generator

Backup generators can be broken into three types: (run on gasoline or possibly solar power)

Portable gas-engine generator

Backup generators can be broken into three types: (these are noisy)

Portable gas-engine generator

This RAID version allows for the least amount of downtime because there is a complete copy of the data ready at a moment's notice.

RAID 1

RIPEMD stands for the RACE Integrity Primitives Evaluation Message Di- gest. The original RIPEMD (128-bit) had a collision reported, and therefore it is recommended to use

RIPEMD-160 (160-bit), RIPEMD-256, or RIPEMD-320. The commonly used RIPEMD-160 is a 160-bit message digest algorithm used in cryptographic hashing. It is used less commonly than SHA and was designed as an open source hashing algorithm.

The Message-Digest algorithm 5 (MD5) is the newest of a series of algo- rithms designed by

Ron Rivest.

The best way to protect file servers' data is to use some type of redundant ar- ray of disks. This is referred to as RAID (an acronym for redundant array of independent disks, or inexpensive disks). RAID technologies are designed to either increase the speed of reading and writing data or to create one of sev- eral types of fault-tolerant volumes, or to do both. From a security viewpoint, we are most interested in the availability of data, the fault tolerance (the ca- pability to withstand failure) of our disks. A RAID array can be internal or external to a computer. Historically, RAID arrays were configured as SCSI chains, but nowadays you also find (3)

SATA, eSATA, and Fibre Channel. Either way, the idea is that data is being stored on multiple disks that work with each other. The number of disks and the way they work together is depen- dent on the level of RAID. For the exam, you need to know several levels of RAID including RAID 0, RAID 1, RAID 5, RAID 6, and RAID 10 (also known as RAID 1+0). Table 16-1 describes each of these. Note that RAID 0 is the only one listed that is not fault tolerant, so from a security perspective it is not a viable option. Nevertheless, you should know it for the exam.

To start, many vehicles are equipped with Apple CarPlay, Android Auto, or a similar mobile device projection standard, allowing for seamless integration with the operator's smartphone or tablet. Depending on the policies of an or- ganization embracing BYOD, CYOD, or COPE, the organization might con- sider disabling this technology as it can pose a separate security risk. In some cases, malware stored on a mobile device can be transferred to the au- tomotive computer(s), when connected via USB. With any group of connect- ed systems, it is possible to subvert one technology to gain access to another. For example, an automobile will use the Controller Area Network (CAN) bus to allow communications between the dozens of control units, including the engine control unit and possibly the onscreen display. There are potential vulnerabilities all over the place if the system isn't designed well. And with so many auto manufacturers and models, the risk level only increases. Because of this, many organizations will opt for fleet vehicles that do not in- clude an in-dash computer/mobile device projection system to reduce risk and to save money. Vehicles might also have an

SD card slot, used to update GPS/maps or other automotive software. Infected SD cards could possibly be used (by a person with physical access) to corrupt the GPS system of the vehicle with the potential for location information being sent via the opera- tor's mobile device or from the vehicle itself. SD card slots can be disabled on some vehicles and the settings for the on-board computer can be blocked with a passcode or password.

RC4 is a somewhat widely used stream cipher in protocols such as (3)

SSL, WEP, and RDP.

The following step-by-step procedure shows how to disable the storage of LM hashes in Windows: (4 steps)

Step 1. Open the Run prompt and type secpol.msc to display the Local Security Policy window. Step 2. Navigate to Local Policies > Security Options. Step 3. In the right pane, double-click the policy named Network Security: Do Not Store LAN Manager Hash Value on Next Password Change. Step 4. Click Enabled (if it isn't already), as shown in Figure 14-3, and click OK. (Remember that in a situation such as this you are enabling a negative.) (Note: For Windows Server domain controllers, you need to access the Group Policy Editor, not Local Group Policy. Generally, this would be done at the default domain policy, but it could also be accomplished at a single OU's policy, if necessary.)

RAID 6 AKA

Striping with Double Parity

RAID 5 AKA

Striping with Parity

PGP and its derivatives are used by many businesses and individuals world- wide so that files can be easily encrypted before transit. The original PGP (developed by Philip Zimmerman) has changed hands several times and, as of this writing, is owned by

Symantec, which offers it as part of its products (for a fee). There are also several versions of PGP, as well as GNuPG, avail- able for download for free. A good starting point is the following link:http://openpgp.org/ (http://openpgp.org/).

Fire extinguishers: Fire Class K: Denoted by (shape)

Symbolized as a black hexagon, this type is for cooking oil fires. This is one type of extinguisher that should be in any kitchen. This is important if your organization has a cafeteria with cooking equipment. Think K for "kitchen" when remembering this type.

__, was the original hash used to store Windows passwords.

The LANMAN hash, also known as the LAN Manager hash or simply LM hash

There are several roadblocks when it comes to user training. (3 describe)

The first is or- ganizational acceptance. Are the executives of a company on board with the idea? As time moves on, we see that more and more executives include user education as a matter of course. However, if you come across an individual who is against the idea because of a "lack" of budgeting or time, then your counter is to simply show that person a news article about one of the many successful attacks that have occurred recently. Then show a case study of the amount of time and money that the affected company lost due to the attack, and—in most cases—how easily it could have been prevented. Then, there are the employees to be trained themselves. Some will put up a fight when it comes to education. Again, the secret ingredient here is to pique the interest of the users. Get them involved, make it fun, create a reward system, and use your imagination. ........... Finally, there is the time factor. People have projects and tasks to complete, and usually aren't even given enough time for that!

There are two methods to combating single points of failure.

The first is to use redundancy. If employed properly, redundancy keeps a system running with no downtime. However, this can be pricey, and we all know there is only so much IT budget to go around. So, the alternative is to make sure you have plenty of spare parts lying around. This is a good method if your net- work and systems are not time-critical. Installing spare parts often requires you to shut down the server or a portion of a network. If this risk is not ac- ceptable to an organization, you'll have to find the cheapest redundant solu- tions available. Research is key, and don't be fooled by the hype—sometimes the simplest sounding solutions are the best.

Redundant network adapters are commonly used to decrease or eliminate server downtime in the case that one network adapter fails. However, you must consider how they will be set up. Optimally, the second network adapter will take over immediately when the first one fails, but how will this be determined?

There are applications that can control multiple network adapters, or the switch that they connect to can control where data is direct- ed in the case of a failure. Also, multiple network adapters can be part of an individual collective interface. What you decide will be dictated by company policy, budgeting, and previously installed equipment. As a rule of thumb, you should use like network adapters when implementing redundancy; check the model and the version of the particular model to be exact. When installing multiple network adapters to a server, that computer then be- comes known as a multihomed machine. It is important to consider how multiple adapters (and their operating systems) will behave normally and during a failure. Microsoft has some notes about this; I left a link in the "View Recommended Resources" online document that accompanies this book. In some cases, you will install multiple physical network adapters, and in others you might opt for a single card that has multiple ports, such as a multi-Ethernet port Intel network adapter. This is often a cheaper solution than installing multiple cards but provides a single point of failure in the form of one adapter card and one adapter card slot. In our original scenario we had domain controllers, database servers, web servers, and file servers; these would all do well with the addition of redundant network adapters.

Fire extinguishers: Fire Class D: These fire extinguishers are usually what color?

These fire extinguishers are usually yellow; it is one of only a cou- ple that deviate from the standard red color.

Now, the schedules we just showed in Tables 16-2 and 16-3 are basic backup methods, also known as backup rotation schemes. Organizations might also do something similar over a two-week period. However, you should also be aware of a couple of other backup schemes used in the field. These might use one or more of the backup types mentioned previously. Towers of Hanoi:

This backup rotation scheme is based on the mathe- matics of the Towers of Hanoi puzzle. This also uses three backup sets, but they are rotated differently. Without getting into the mathematics behind it, the basic idea is that the first tape is used every second day, the second tape is used every fourth day, and the third tape is used every eighth day. Table 16-4 shows an example of this. Keep in mind that this can go further; a fourth tape can be used every 16th day, and a fifth tape every 32nd day, and so on, although it gets much more complex to remember what tapes to use to back up and which order to go by when restoring. The table shows an exam- ple with three tape sets represented as sets A, B, and C. To avoid the rewriting of data, start on the fourth day of the cycle with tape C. This rotation scheme should be written out and perhaps calculated during the planning stage before it is implemented. Also, due to the complexity of the scheme, a restore sequence should be tested as well.

Now, the schedules we just showed in Tables 16-2 and 16-3 are basic backup methods, also known as backup rotation schemes. Organizations might also do something similar over a two-week period. However, you should also be aware of a couple of other backup schemes used in the field. These might use one or more of the backup types mentioned previously. Grandfather-father-son:

This backup rotation scheme is probably the most common backup method used. When attempting to use this scheme, three sets of backup tapes must be defined—usually they are daily, weekly, and monthly, which correspond to son, father, and grandfather. Backups are rotated on a daily basis; normally the last one of the week will be graduated to father status. Weekly (father) backups are rotated on a weekly basis, with the last one of the month being graduated to grandfather status. Often, monthly (grandfather) backups, or a copy of them, are archived offsite.

Although not an exhaustive set, the following written disaster recovery policies, procedures, and information should be part of your disaster recovery plan: Hierarchical list of critical systems and critical data:

This is a list of all the mission-essential data and systems necessary for business opera- tions: domain controllers, firewalls, switches, DNS servers, file servers, web servers, and so on. They should be listed by priority. Systems such as client computers, test computers, and training systems would be last on the list or not listed at all. You should also include (somewhere in the DRP) some geo- graphic considerations. For example: Are there offsite backups or virtualiza- tion in place? What is the physical distance to those backups and virtual ma- chines? And, are there legal implications? For instance, are there data sover- eignty implications—meaning, will it be difficult to gain access to data and VMs stored in a different country based on the laws of that country? Generally, the chief security officer (CSO) or other high-level executive will be in charge of DR planning, often with the help of the information systems security officer (ISSO). However, it all depends on the size of the organiza- tion and the types of management involved. That said, any size organization can benefit from proper DR planning. This information should be accessible at the company site, and a copy should be stored offsite as well. It might be that your organization conforms to special compliance rules; these should be consulted when designing a DR plan. Depending on the type of organization, there might be other items that go into your DR plan. We cover some of these in more depth in Chapter 18.

Now, the schedules we just showed in Tables 16-2 and 16-3 are basic backup methods, also known as backup rotation schemes. Organizations might also do something similar over a two-week period. However, you should also be aware of a couple of other backup schemes used in the field. These might use one or more of the backup types mentioned previously. 10 tape rotation:

This method is simple and provides easy access to data that has been backed up. It can be accomplished during a two-week backup period; each tape is used once per day for two weeks. Then the entire set is recycled. Generally, this is similar to the one-week schedule shown pre- viously; however, the second Monday might be a differential backup instead of a full backup. And the second Friday might be a full backup, which is archived. There are several options; you would need to run some backups and see which is best for you given the amount of tapes required and time spent running the backups.

Although not an exhaustive set, the following written disaster recovery policies, procedures, and information should be part of your disaster recovery plan: Recovery plan:

This will be based on the determination of disaster im- pact. This will have many permutations depending on the type of disaster. Although it is impossible to foresee every possible event, the previous list gives a good starting point. The recovery plan includes an estimated time to complete recovery and a set of steps defining the order of what will be recov- ered and when. It might also include an after action report (AAR), which is a formal document designed to determine the effectiveness of a recovery plan in the case that it was implemented.

It should go without saying, but surge protectors are not good enough to protect power issues that might occur in your server room. A __ is the proper device to use.

UPS

Well, we talked a lot about why the LM hash is insufficient. Let's get into the replacements. The first is the NTLM hash, also known as the NT LAN Man- ager hash. The NTLM algorithm was first supplied with Windows NT 3.1; it provides Unicode support and, more important to this conversation, the RC4 cipher. Although the RC4 cipher enables a more powerful hash known as NTLM for storing passwords, the systems it ran on were still configured to be backward compatible with the LM hash. So, as long as the LM hash was not disabled, those systems were still at the same risk as older systems that ran the LM hash only. Windows __(version) and Windows Server __(version) operating systems (and higher) disable the older LM hash by default.

Vista; 2008

__-based extinguishers are suitable for Class A fires only

Water

Now that we have power taken care of, we can move on to the heart of the matter—data. Data can fail due to file corruption and malicious intent, among other things. Power failures, hard drive failures, and user error can all lead to data failure. As always, it's the data that we are most interested in securing, so it stands to reason that the data should be redundant as well. But which data? There is so much of it!

Well, generally file servers should have redundant data sets of some sort. If an organization has the budgeting, next on the list would be databases and then web and file servers. However, in some instances these additional servers might be better off with failover systems as opposed to redundant data arrays. And certainly, the majority of client computers' data does not constitute a reason for RAID. So we concen- trate on the file servers in our original scenario in the beginning of the chapter.

Description of Social Engineering Type: Pretexting:

When a person invents a scenario, or pretext, in the hope of persuading a victim to divulge information.

Although not an exhaustive set, the following written disaster recovery policies, procedures, and information should be part of your disaster recovery plan: Contact information:

Who you should contact if a disaster occurs and how employees will contact the organization.

The LANMAN hash, also known as the LAN Manager hash or simply LM hash, was the original hash used to store Windows passwords. It was used in Windows operating systems before

Windows NT but is supported by some versions of Windows in an attempt to be backward compatible. This back- ward compatibility can be a security risk because the LM hash has several weaknesses and can be cracked easily.

A pass the hash attack is when an attacker obtains the password hash of one or more user accounts and reapplies the hash to a server or other system in order to fool the system into thinking that the attacker is authentic. The goal is for the attacker to gain access to the system, often a Windows Server, and gain another user's credentials with the potential to escalate privileges. The attack starts with the attacker obtaining the hashes from a target sys- tem. That's the hard part. Access to the system is required in one way or an- other, then the attacker can use a hash dumping utility to collect the hashes for user passwords. Next, the attacker utilizes a "pass the hash" program to place the hashes within the server. For example, within the Local Security Authority Subsystem Service (LSASS) in Windows Server. This can be done using a side-channel attack so that the attacker can impersonate one of the users. If done properly, the attacker does not need to know the password of an account, does need to brute-force the password, and does not need to re- verse engineer the hash. While the attack can be carried out on an individual client system also, it is more often something that is focused on

Windows Servers (namely domain controllers) because they house many user account credentials. Prevention includes the following: Only allowing clients that are trusted op- erating systems to connect to a server; configuring Windows domain trusts securely; using multifactor authentication; using tokens; and implementing the principle of least privilege for user accounts. When employing least privi- lege, be sure to include domain accounts and local admin accounts. Finally, standard network security discussed in Chapter 6 through 9 should also be implemented, including IDS/IPS solutions, firewall restrictions, and so on.

HMAC stands for Hash-based Message Authentication Code. Let's step back for a moment: Message Authentication Code (MAC) is a short piece of infor- mation—a small algorithm—used to authenticate a message and to provide integrity and authenticity assurances on the message. It checks the integrity of the cipher used and notifies the receiver if there were any modifications to the encrypted data. This way, the data cannot be denied (repudiated) when received. Building on this concept, HMAC is

a calculation of a MAC through the use of a cryptographic hash function such as MD5 or SHA-1. If for example SHA-1 is used, the corresponding MAC would be known as HMAC-SHA1, or better yet, if using SHA-2 (due to SHA-1 deprecation) then you would probably use HMAC-SHA256 (or higher). Warning: Be very careful selecting the type and version of hash function that you use!

Many different types of social engineering are often lumped into what is re- ferred to as phishing, but actual phishing for private information is normally limited to e-mail and websites. To defend against this, a phishing filter or add-on should be installed and enabled on the web browser. Also, a person should be trained to realize that institutions will not call or e-mail requesting private information. If people are not sure, they should hang up the phone or simply delete the e-mail. A quick way to find out whether an e-mail is phish- ing for information is to hover over a link. You will see a URL domain name that is far different from that of the institution that the phisher is claiming to be, probably a URL located in a distant country. Many of these phishers are also probably engaging in spy-phishing:

a combination of spyware and phishing that effectively makes use of spyware applications. A spyware appli- cation of this sort is downloaded to the target, which then enables additional phishing attempts that go beyond the initial phishing website.

The malicious insider is one of the most insidious threats. Instead of imper- sonating personnel as is done in pretexting, the person actually becomes per- sonnel! This attack is often used as part of

a corporate espionage plan. Think that all IT techs are 100% honorable? In high-tech, you will find an assort- ment of atrocities, including the malicious insider threat. The insider might have been sent by a competing organization to obtain a job/consulting posi- tion with a certain company, or perhaps is approached by the competing or- ganization while already working for the company that is the target. It is of- ten initiated by organizations from another country. Once the insider is situ- ated, that person can easily get access to secure data, PII, financials, engi- neering plans, and so on, and pass them on to the infiltrating organization. Of course, the penalties for this are high, but the potential rewards can be quite enticing to the properly "motivated" individual. Companies will there- fore often run thorough background checks and credit checks and have hu- man resources go through an entire set of psychological questions. Then, when a person is hired, there is a sort of trial period where the person is al- lowed very little access to secure data and secure environments.

The pseudorandom number generator (PRNG) is used by crypto- graphic applications that require unpredictable output. They are primarily coded in C or Java and are developed within

a cryptography application such as a key generator program. Within that program there is a specific utility, for example SHA2PRNG, that is used to create the PRNG. (Remember to use SHA-256—as of the writing of this book—or higher.) For additional "ran- domness" a programmer will increase entropy, often by collecting system noise. One of the threats to PRNGs is the random number generator attack, which exploits weaknesses in the code. This can be prevented by implement- ing randomness, using AES, using newer versions of SHA, and maintaining physical control of the system where the PRNG is developed and stored.

Now, a malicious insider doesn't necessarily have to be a person. It could be

a device or bug that was inserted into the organization by a person using so- cial engineering skills; for example, rogue PIN pad devices, audio and video sensors (bugs), keyloggers, and so on. This requires physical access to the building in one way or another, so identification and authentication become of paramount importance.

Another vehicle that has become much more common is the unmanned aeri- al vehicle (UAV), commonly known as

a drone.

Fire extinguishers: Fire Class A: Denoted by (shape)

a green triangle

Because MD5 and SHA-1 have vulnerabilities, some government agencies started using SHA-2 as early as 2011 (and most likely will use SHA-3 at some point). For added security, a software key (computed with either SHA or MD-5) might be compared to

a hardware key. Some software activations re- quire this in fact—if the hardware and software hash values don't match, then the software won't activate.

Fire extinguishers: Fire Class D: Designated with a yellow decagon, this type defines use for combustible metal fires such as magnesium, titanium, and lithium. A Class D extinguisher is effective in case (example)

a laptop's batteries spontaneously ignite. Chemical laboratories and PC repair labs should definitely have one of these available. Metal fires can easily and quickly spread to become ordi- nary fires. These fire extinguishers are usually yellow; it is one of only a cou- ple that deviate from the standard red color. Also, this is the only other ex- ception when it comes to the use of extinguishers in a critical area of your or- ganization. Because of those two reasons, I like to remember it by associat- ing D with "deviate."

Backup generators can be broken into three types: Battery-inverter generator: These are based on lead-acid batteries, are quiet, and require little user interaction aside from an uncommon restart and change of batteries. They are well matched to environments that require

a low amount of wattage or are the victims of short power outages only. Bat- tery-inverter systems can be stored indoors, but because the batteries can release fumes, the area they are stored in should be well ventilated, such as an air-conditioned server room with external exhaust. Uninterruptible pow- er supplies fall into the battery-inverter generator category.

Eavesdropping is when

a person uses direct observation to "listen" in to a conversation. This could be a person hiding around the corner or a person tapping into a phone conversation. Soundproof rooms are often employed to stop eavesdropping, and encrypted phone sessions can also be implemented.

Many different types of social engineering are often lumped into what is re- ferred to as phishing, but actual phishing for private information is normally limited to e-mail and websites. To defend against this,

a phishing filter or add-on should be installed and enabled on the web browser. Also, a person should be trained to realize that institutions will not call or e-mail requesting private information. If people are not sure, they should hang up the phone or simply delete the e-mail. A quick way to find out whether an e-mail is phish- ing for information is to hover over a link. You will see a URL domain name that is far different from that of the institution that the phisher is claiming to be, probably a URL located in a distant country. Many of these phishers are also probably engaging in spy-phishing: a combination of spyware and phishing that effectively makes use of spyware applications. A spyware appli- cation of this sort is downloaded to the target, which then enables additional phishing attempts that go beyond the initial phishing website.

Most local municipalities require that organizations possess a sprinkler sys- tem that covers all the building's floor space. However, the standard wet pipe or dry pipe systems are not acceptable in server rooms because if set off, they will most likely damage the equipment within. If a person were working in the server room and somehow damaged a pipe, it could discharge; possibly sending a few servers to the scrap heap. Instead, another option for a server room would be (describe)

a pre-action sprinkler system (and possibly a special hazard protection system in addition to that). A pre-action sprinkler system is similar to a dry pipe system, but there are requirements for it to be set off such as heat or smoke. So, even if a person were to damage one of the pipes in the sprinkler system, the pre-action system would not be set off.

The UPS normally has a lead-acid battery that, when discharged, requires 10 hours to 20 hours to recharge. This battery is usually shipped in a discon- nected state. Before charging the device for use, you must first make sure that the leads connect. If the battery ever needs to be replaced,

a red light usually appears accompanied by a beeping sound. Beeping can also occur if power is no longer supplied to the UPS by the AC outlet.

Using proper power devices is part of a good preventative maintenance/se- curity plan and helps to protect a computer. You need to protect against sev- eral things: A spike is a short transient in voltage that can be due to (4)

a short circuit, tripped circuit breaker, power outage, or lightning strike.

HMAC stands for Hash-based Message Authentication Code. Let's step back for a moment: Message Authentication Code (MAC) is

a short piece of infor- mation—a small algorithm—used to authenticate a message and to provide integrity and authenticity assurances on the message. It checks the integrity of the cipher used and notifies the receiver if there were any modifications to the encrypted data. This way, the data cannot be denied (repudiated) when received. Building on this concept, HMAC is a calculation of a MAC through the use of a cryptographic hash function such as MD5 or SHA-1. If for example SHA-1 is used, the corresponding MAC would be known as HMAC-SHA1, or better yet, if using SHA-2 (due to SHA-1 deprecation) then you would probably use HMAC-SHA256 (or higher). Warning: Be very careful selecting the type and version of hash function that you use!

Using proper power devices is part of a good preventative maintenance/se- curity plan and helps to protect a computer. You need to protect against sev- eral things: Surges: A surge in electrical power means that there is an unexpected increase in the amount of voltage provided. This can be a small increase, or a larger increase known as

a spike.

Cold site: Has tables, chairs, bathrooms, and possibly some technical setup—for example, basic phone, data, and electric lines. Otherwise, a lot of configuration of computers and data restoration is necessary before the site can be properly utilized. This type of site is used only if a company can han- dle the stress of being nonproductive for __(how long) or more.

a week

Fire extinguishers: Fire Class D: Denoted by (shape)

a yellow decagon

Disasters can be divided into two categories: natural and manmade. Some of the disasters that could render your server room inoperable include the following: Flood: The best way to avoid server room damage in the case of a flood is to locate the server room on the first floor or higher, not in a basement. There's not much you can do about the location of a building, but if it is in a flood zone, it makes the use of a warm or hot site that much more impera- tive. And a server room could also be flooded by other things such as boilers. The room should not be

adjacent to, or on the same floor as, a boiler room. It should also be located away from other water sources such as bathrooms and any sprinkler systems. The server room should be thought of three-dimen- sionally; the floors, walls, and ceiling should be analyzed and protected. Some server rooms are designed to be a room within a room and might have drainage installed as well.

Hardware is always the better way to go when it comes to RAID. Having a separate interface that controls the RAID configuration and handling is far superior to trying to control it with software within an operating system. The hardware could be (2)

an adapter card installed inside the computer, or an ex- ternal box that connects to the computer or even to the network. When it comes to RAID in a network storage scenario, you are now dealing with net- work attached storage (NAS). These NAS points can be combined to form a storage area network (SAN), but any type of network attached storage will cost more money to an organization.

A birthday attack is

an attack on a hashing system that attempts to send two different messages with the same hash function, causing a collision. It is based on the birthday problem in probability theory (also known as the birthday paradox). This can be summed up simply as the following: A randomly chosen group of people will have a pair of persons with the same calendar date birthday. Given a stan- dard calendar year of 365 days, the probability of this occurring with 366 people is 100% (367 people on a leap year). So far, this makes sense and sounds logical. The paradox (thoughtfully and mathematically) comes into play when fewer people are involved. With only 57 people, there is a 99% probability of a match (a much higher percentage than one would think), and with only 23 people, there is a 50% probability. Imagine that and blow out your candles! And by this, I mean use hashing functions with strong collision resistance. Because if attackers can find any two messages that digest the same way (use the same hash value), they can deceive a user into receiving the wrong mes- sage. To protect against a birthday attack, use a secure transmission medi- um, such as SSH, or encrypt the entire message that has been hashed.

A proper redundant power supply is

an enclosure that contains two (or more) complete power supplies. You make one main power connection from the AC outlet to the power supply, and there is one set of wires that connects to the motherboard and devices. However, if one of the power supplies in the These are common on servers, especially RAID boxes. They are not practical for client computers, but you might see them installed in some powerful workstations. In our scenario, we should install redundant power supplies to as many servers as possible, starting with the file servers and domain con- trollers. If possible, we should implement redundant power supplies for any of our switches or routers that will accept them, or consider new routers and switches that are scalable for redundant power supplies.

RIPEMD stands for the RACE Integrity Primitives Evaluation Message Di- gest. The original RIPEMD (128-bit) had a collision reported, and therefore it is recommended to use RIPEMD-160 (160-bit), RIPEMD-256, or RIPEMD-320. The commonly used RIPEMD-160 is a 160-bit message digest algorithm used in cryptographic hashing. It is used less commonly than SHA and was designed as

an open source hashing algorithm.

Using proper power devices is part of a good preventative maintenance/se- curity plan and helps to protect a computer. You need to protect against sev- eral things: Sags: A sag is

an unexpected decrease in the amount of voltage provid- ed. Typically, sags are limited in time and in the decrease in voltage. Howev- er, when voltage reduces further, a brownout could ensue.

So basically, when I speak of redundant networking, I'm referring to

any net- work connection of great importance that could fail. Generally, these con- nections will be located in the server room.

So far, we have been discussing how to back up groups of files. However, you can also back up entire systems or architectural instances. For instance, asnapshot backup backs up an entire (3)

application, drive, or system. It is also known as an image backup, especially when referring to backing up an entire operating system. Most of the time, this is done when a new system is in- stalled and configured, but it can also be done when major changes are made to a system. Some organizations even back up images of all systems every month, even every week. This requires a lot of resources and a decent IT budget and so it must be planned accordingly.

the three main types of fire extinguishers include A (for __ fires), B (for __ fires), and C (for __ fires).

ash; gas and other flammable liquid; electrical

Pretexting is when a person invents a scenario, or pretext, in the hope of persuading a victim to divulge information. Preparation and some prior in- formation are often needed before attempting a pretext; impersonation is of- ten a key element. By impersonating the appropriate personnel or third-par- ty entities, a person performing a pretext hopes to obtain records about an organization, its data, and its personnel. IT people and employees should al- ways be on the lookout for impersonators and always

ask for identification. If there is any doubt, the issue should be escalated to your supervisor and/or a call should be made to the authorities.

Another vehicle that has become much more common is the unmanned aeri- al vehicle (UAV), commonly known as a drone. The applications of a UAV are seemingly endless, including security and defense applications. From a larger perspective, the risk associated with UAV technology is a double- edged sword—because you have organization-operated UAVs and attacker- operated UAVs. First, if an organization owns and uses UAV technology, it can be exploited like any other technology. For example, a UAV can be a tar- get for command and control (C2) attacks, data link jamming, sensor jam- ming, and spoofing. An attacker might be trying to capture information, or compromise the UAV to take over navigation. The organization that owns the UAV can prevent this by using (4)

best coding practices (SDLC), encryption, mutual authentication, and UAV-specific security standards. Secondly, a well-funded attacker might own UAV technology and use it for reconnais- sance, potentially spying on an organization, or gaining access to a wireless network—if properly equipped. On the prevention side, an organization should once again consider their geofencing policy, and have strong Wi-Fi encryption protocols in place. Plus, physical security methods (as discussed in Chapter 10, "Physical Security and Authentication Models") should be in place as well as no-fly-zone policies.

Using proper power devices is part of a good preventative maintenance/se- curity plan and helps to protect a computer. You need to protect against sev- eral things: Sags: A sag is an unexpected decrease in the amount of voltage provid- ed. Typically, sags are limited in time and in the decrease in voltage. Howev- er, when voltage reduces further, a __ could ensue.

brownout

. A key stretching technique will take a weak key, process it, and output an enhanced and more powerful key. Often, this process will increase the size of the key to 128 bits, making attacks such as brute-force attacks much more difficult, if not impossible. Examples of key stretching software include PBKDF2 and bcrypt. These utilities also incorporate salting to protect against dictionary attacks, brute-forcing, and rainbow table attacks. Salting is additional random data that is added to a one-way cryptographic hash. It is one character or more, but defined in bits. The person with the weaker web server password key, or perhaps the admin with the NTLM hash, would do well to consider key stretching or salting. Another technique used is the nonce (number used once). It

can be added to password-based authentication schemes where a secure hash function (such as SHA) is used. It is a unique number (that is difficult for attackers to find) that can only be used once. As such, it helps to protect users from replay attacks.

Windows servers support RAID 0, 1, and 5 (and possibly 6 depending on the version) within the operating system. But most client operating systems

can- not support RAID 1, 5, and 6. However, they can support hardware con- trollers that can create these arrays. Some motherboards have built-in RAID functionality as well.

I've mentioned several times that your server room contains the livelihood of your organization—its data. If you don't protect the data, you'll be out of a job. One way to protect the server room is by installing a (describe)

clean agent fire suppression system. Special clean agent fire extinguishers, such as Halotron and FE-36, are recommended for server rooms because they leave no residue after the fire is extinguished, reducing the likelihood of damage to computer systems and networking equipment. Also, they are rated as ABC, so they can put out not only electrical fires, but also the ash fire that will most likely en- sue. All the other systems mentioned up to this point can easily cause com- puter failure if they are discharged.

The Message-Digest algorithm 5 (MD5) is the newest of a series of algo- rithms designed by Ron Rivest. It uses a 128-bit key. This is a widely used hashing algorithm; at some point you have probably seen MD5 hashes when downloading files. This is an example of the attempt at providing integrity. By checking the hash produced by the downloaded file against the original hash, you can verify the file's integrity with a level of certainty. However, MD5 hashes are susceptible to

collisions. A collision occurs when two dif- ferent files end up using the same hash. Due to this low collision resistance, MD5 is considered to be harmful today. MD5 is also vulnerable to threats such as rainbow tables and pre-image attacks. The best solution to protect against these attacks is to use a stronger type of hashing function such as SHA-2 or higher.

Fire Class D: this class defines use for (what kind of fires?)

combustible metal fires such as magnesium, titanium, and lithium. A Class D extinguisher is effective in case a laptop's batteries spontaneously ignite. Chemical laboratories and PC repair labs should definitely have one of these available. Metal fires can easily and quickly spread to become ordi- nary fires. These fire extinguishers are usually yellow; it is one of only a cou- ple that deviate from the standard red color. Also, this is the only other ex- ception when it comes to the use of extinguishers in a critical area of your or- ganization. Because of those two reasons, I like to remember it by associat- ing D with "deviate."

Backup generator fuel types include gasoline, diesel, natural gas, propane, and solar. Smaller backup generators often use gasoline, but these are not adequate for most companies. Instead, many organizations use larger natur- al gas generators. Some of these generators need to be started manually, but the majority of them are known as standby generators. These are systems that turn on automatically within seconds of a power outage. Transfer switches sense any power loss and instruct the generator to start. Standby generators may be required by code for certain types of buildings with stand- by lighting, or buildings with elevators, fire-suppression systems, and life- support equipment. You should always check

company policy and your mu- nicipal guidelines before planning and implementing a backup generator system.

Warm site: Has

computers, phones, and servers, but they might require some configuration before users can start working on them. The warm site will have backups of data that might need to be restored; they will probably be several days old. This is chosen the most often by organizations because it has a good amount of configuration yet remains less expensive than a hot site.

A BCP is also referred to as a

continuity of operations plan (COOP).

A cryptographic hash is difficult to reverse engineer, but not impossible. A powerful computer can decrypt some hashes...it just takes time. But time is of the essence, and so attackers will attempt other methods, such as (3)

creating collisions, using side-channel attacks, or utilizing privilege escalation.

Although not an exhaustive set, the following written disaster recovery policies, procedures, and information should be part of your disaster recovery plan: Business continuity plan: A BCP defines how the business will con- tinue to operate if a disaster occurs; this plan is often carried out by a team of individuals. A BCP is also referred to as a continuity of operations plan (COOP). Over the years, BCPs have become much more important, and de- pending on the organization, the BCP might actually encompass the entire DRP. It also comprises business impact analysis—the examination of

critical versus noncritical functions. These functions are assigned two differ- ent values or metrics: recovery time objective (RTO), the acceptable amount of time to restore a function (for example, the time required for a service to be restored after a disaster), and recovery point objective (RPO), the acceptable latency of data, or the maximum tolerable time that data can remain inaccessible after a disaster. It's impossible to foresee exact- ly how long it will take to restore service after a disaster, but with the use of proper archival, hot/warm/cold sites, and redundant systems, a general timeframe can be laid out, and an organization will be able to decide on a maximum timeframe to get data back online. This in effect is IT contingency planning (ITCP).

Well, we talked a lot about why the LM hash is insufficient. Let's get into the replacements. The first is the NTLM hash, also known as the NT LAN Man- ager hash. The NTLM algorithm was first supplied with Windows NT 3.1; it provides Unicode support and, more important to this conversation, the RC4 cipher. Although the RC4 cipher enables a more powerful hash known as NTLM for storing passwords, the systems it ran on were still configured to be backward compatible with the LM hash. So, as long as the LM hash was not disabled, those systems were still at the same risk as older systems that ran the LM hash only. Windows Vista and Windows Server 2008 operating systems (and higher) disable the older LM hash by default. While NTLM uses __ and __ for integrity, the main issue with NTLM is that it is based on the RC4 cipher, and not any recent cryptographic methods such as AES or SHA-256.

cyclic redundancy checks (CRCs); message digest algo- rithms

Data can also be replicated back and forth between servers as it often is with __ servers and __ servers. This is actually a mixture of redundant data (data replication) and server clustering.

database; web

HVAC, or heating, ventilating, and air conditioning, is important for server rooms, data centers, and other technology-oriented areas of your building. Servers run hot—their CPUs can make the temperature inside the case sky- rocket. This heat needs to be dissipated and exhausted outside the case. All the heat from servers and other networking equipment is enough to make your server room fry! To alleviate the situation, organizations install a heavy-duty air-conditioning system used solely for the server room. This can provide an appropriate am- bient temperature for the servers. Often, the system also includes a humidity control. As we know, static electricity is our enemy. By increasing humidity, we decrease the buildup of static electricity and the chance of ESD. Also, this can enable us to keep our equipment from getting too humid, which can also cause failure. It is important to have this system on its own

dedicated circuit that is rated properly.

Before we can plan for disasters, we need to

define exactly what disasters are possible and list them in order starting with the most probable.

To start, many vehicles are equipped with Apple CarPlay, Android Auto, or a similar mobile device projection standard, allowing for seamless integration with the operator's smartphone or tablet. Depending on the policies of an or- ganization embracing BYOD, CYOD, or COPE, the organization might con- sider

disabling this technology as it can pose a separate security risk. In some cases, malware stored on a mobile device can be transferred to the au- tomotive computer(s), when connected via USB. With any group of connect- ed systems, it is possible to subvert one technology to gain access to another. For example, an automobile will use the Controller Area Network (CAN) bus to allow communications between the dozens of control units, including the engine control unit and possibly the onscreen display. There are potential vulnerabilities all over the place if the system isn't designed well. And with so many auto manufacturers and models, the risk level only increases.

As mentioned, whatever you implement, the data must be accessible, and in many cases highly available. The properly planned RAID system will have high availability (HA) and will be scalable; for example, a RAID 6 system that allows you to

dynamically add hot-swappable disks—and the space to add them! You want the system to be elastic as well. Some RAID systems have better elasticity than others, meaning the ability to adapt to workload changes. You might even consider moving certain data away from internal RAID and on to the cloud for additional elasticity.

Backup generators can be broken into three types: Permanently installed generator: Much more expensive, with a complex installation. These almost always run on

either natural gas or propane. They are quieter and can be connected directly to the organiza- tion's electrical panel. Usually, these are standby generators and, as such, re- quire little user interaction.

Fire Class C: this class defines use for (what kind of fires?)

elec- trical fires—for example, when an outlet is overloaded. Think C for "copper" as in copper electrical wiring to aid in memorizing this type. If a fire occurs in a server room, and you don't have a special hazard system (not wise), the multipurpose BC extinguisher (CO2) is the best handheld extinguisher to use. Electrical fires are the most likely type of fire in a server room.

Backup generator fuel types include gasoline, diesel, natural gas, propane, and solar. Smaller backup generators often use gasoline, but these are not adequate for most companies. Instead, many organizations use larger natur- al gas generators. Some of these generators need to be started manually, but the majority of them are known as standby generators. These are systems that turn on automatically within seconds of a power outage. Transfer switches sense any power loss and instruct the generator to start. Standby generators may be required by code for certain types of buildings with stand- by lighting, or buildings with (3)

elevators, fire-suppression systems, and life- support equipment. You should always check company policy and your mu- nicipal guidelines before planning and implementing a backup generator system.

A backup generator is a part of an __ used when there is an outage of regular electric grid power.

emergency power system

Environmental controls are security controls that are put in place to protect (3)

employees, servers, and the organization's data. They include fire extin- guishers, sprinkler systems, special hazard systems (such as FM-200), hot and cold aisles, SCADA-based systems, and shielding. The security of these depends on physical keys, proximity and smart card systems, video sur- veillance, security guards, alarms, and so forth. When it comes to building facilities, environmental controls might be a large piece of what you will be called on to secure, in addition to vehicles, equipment, electrical systems, and anything else that falls under that category. We've only scratched the surface when it comes to what is within the realm of "facilities." You will not be expected to know everything on the subject. However, be ready to work with your organization's facilities department and human resources depart- ment to accomplish what we have discussed in this chapter.

It appears that there is already some redundancy in place in your server room. For example, there are two domain controllers. One of them has a copy of the Active Directory and acts as a secondary DC in the case that the first one fails. There are also two web servers, one ready to take over for the other if the primary one fails. This type of redundancy is known as

failover redundancy. The secondary system is inactive until the first one fails.

Fire Class B: this class defines use for (what kind of fires?)

flammable liquid and gas fires.

The most common techniques that attackers use to socially en- gineer people include (4)

flattery, dumpster diving, bribery, and forgery.

To start, many vehicles are equipped with Apple CarPlay, Android Auto, or a similar mobile device projection standard, allowing for seamless integration with the operator's smartphone or tablet. Depending on the policies of an or- ganization embracing BYOD, CYOD, or COPE, the organization might con- sider disabling this technology as it can pose a separate security risk. In some cases, malware stored on a mobile device can be transferred to the au- tomotive computer(s), when connected via USB. With any group of connect- ed systems, it is possible to subvert one technology to gain access to another. For example, an automobile will use the Controller Area Network (CAN) bus to allow communications between the dozens of control units, including the engine control unit and possibly the onscreen display. There are potential vulnerabilities all over the place if the system isn't designed well. And with so many auto manufacturers and models, the risk level only increases. Because of this, many organizations will opt for

fleet vehicles that do not in- clude an in-dash computer/mobile device projection system to reduce risk and to save money. Vehicles might also have an SD card slot, used to update GPS/maps or other automotive software. Infected SD cards could possibly be used (by a person with physical access) to corrupt the GPS system of the vehicle with the potential for location information being sent via the opera- tor's mobile device or from the vehicle itself. SD card slots can be disabled on some vehicles and the settings for the on-board computer can be blocked with a passcode or password.

A pass the hash attack is when an attacker obtains the password hash of one or more user accounts and reapplies the hash to a server or other system in order to fool the system into thinking that the attacker is authentic. The goal is

for the attacker to gain access to the system, often a Windows Server, and gain another user's credentials with the potential to escalate privileges. The attack starts with the attacker obtaining the hashes from a target sys- tem. That's the hard part. Access to the system is required in one way or an- other, then the attacker can use a hash dumping utility to collect the hashes for user passwords. Next, the attacker utilizes a "pass the hash" program to place the hashes within the server. For example, within the Local Security Authority Subsystem Service (LSASS) in Windows Server. This can be done using a side-channel attack so that the attacker can impersonate one of the users. If done properly, the attacker does not need to know the password of an account, does need to brute-force the password, and does not need to re- verse engineer the hash. While the attack can be carried out on an individual client system also, it is more often something that is focused on Windows Servers (namely domain controllers) because they house many user account credentials. Prevention includes the following: Only allowing clients that are trusted op- erating systems to connect to a server; configuring Windows domain trusts securely; using multifactor authentication; using tokens; and implementing the principle of least privilege for user accounts. When employing least privi- lege, be sure to include domain accounts and local admin accounts. Finally, standard network security discussed in Chapter 6 through 9 should also be implemented, including IDS/IPS solutions, firewall restrictions, and so on.

Older extinguishants, such as halon, are not used anymore because they are harmful to the environment. Less-developed countries might still use them, but most governments have banned the use of halon. If you see one of these, it should be replaced with a newer extinguisher that uses environment-safe halocarbon agents such as Halotron or FE-36. These are known as

gaseous clean agents that are not only safe on humans and safe for IT equipment, but are better for the environment as well. Gaseous fire suppression systems are the best for server rooms.

Backup generator fuel types include (5)

gasoline, diesel, natural gas, propane, and solar. Smaller backup generators often use gasoline, but these are not adequate for most companies. Instead, many organizations use larger natur- al gas generators. Some of these generators need to be started manually, but the majority of them are known as standby generators. These are systems that turn on automatically within seconds of a power outage. Transfer switches sense any power loss and instruct the generator to start. Standby generators may be required by code for certain types of buildings with stand- by lighting, or buildings with elevators, fire-suppression systems, and life- support equipment. You should always check company policy and your mu- nicipal guidelines before planning and implementing a backup generator system.

Backup generator fuel types include gasoline, diesel, natural gas, propane, and solar. Smaller backup generators often use __, but these are not adequate for most companies. Instead, many organizations use larger __ generators. Some of these generators need to be started manually, but the majority of them are known as standby generators.

gasoline; natural gas

The most common type of fire sprinkler system consists of a pressurized wa- ter supply system that can deliver a high quantity of water to an entire build- ing via a piping distribution system. This is known as a wet pipe sprinkler system. Typical to these systems are sprinkler heads with

glass bulbs (often red) or two-part metal links. When a certain amount of predetermined heat reaches the bulb or link, it causes it to shatter or break, applying pressure to the sprinkler cap and initiating the flow of water from that sprinkler and per- haps others in the same zone. The entire system is usually controlled by a valve assembly, often located in the building's basement. Some organizations might have a need for a dry pipe system, which is necessary in spaces where the temperature of that area of the building can be cold enough to freeze the water in a wet pipe system. In this type of system, the pipes are pressurized with air, and water is sent through the system only if necessary; for example, during a fire.

There are basically three types of fire suppression you should know:

hand- held fire extinguisher solutions, sprinkler systems, and special hazard pro- tection systems such as those used in server rooms.

Cryptographic hash functions are

hash functions based on block ci- phers. The methods used resemble that of cipher modes used in encryption. Examples of cryptographic hash functions include MD5 and SHA.

EMPEST shielding (and other types of shielding) can also help to prevent damage caused by a

high-energy electromagnetic pulse (EMP). Also known as a spike or a pinch, a high-energy EMP can be generated in a nuclear or non-nuclear fashion. The chances of a high-energy EMP occurring near your facility is very rare, but some organizations and many government facilities require protection from it.

Well—not really redundant people (which I suppose would be clones), but rather the redundancy of a person's role in the organization. A person doesn't work for a company forever; in fact, the average length of employ- ment for IT management persons is less than five years. This level of attri- tion is in part made up of persons who move to other departments, leave for another job, take leaves of absence, or retire. This leads to the important concept of succession planning:

identifying internal people who understand the IT infrastructure and can take over in the event an important decision- maker departs; for example, IT directors, CIOs, CTOs, and other IT manage- ment persons. The concept trickles down to any IT person who works for the organization. That is where the concepts of job rotation and separation of duties become very important. A high attrition rate requires cross-training of employees. In smaller companies, the loss of one smart IT person could be tantamount to a disaster if no one else understands (or has access to) the critical systems. That could truly be a disaster from a personnel standpoint, but much more lethal is a disaster concerning actual data.

The pseudorandom number generator (PRNG) is used by crypto- graphic applications that require unpredictable output. They are primarily coded in C or Java and are developed within a cryptography application such as a key generator program. Within that program there is a specific utility, for example SHA2PRNG, that is used to create the PRNG. (Remember to use SHA-256—as of the writing of this book—or higher.) For additional "ran- domness" a programmer will increase entropy, often by collecting system noise. One of the threats to PRNGs is the random number generator attack, which exploits weaknesses in the code. This can be prevented by (4)

implement- ing randomness, using AES, using newer versions of SHA, and maintaining physical control of the system where the PRNG is developed and stored.

If there is a power failure that cannot be alleviated by use of a UPS and/or backup generator, you might opt to shut down all but the most necessary of systems temporarily. Some organizations enforce this by way of a written policy. To help monitor HVAC systems and their power consumption,

indus- trial control systems (ICSs) such as the supervisory control and data ac- quisition (SCADA) computer-controlled system will be used. A system such as SCADA combines hardware monitoring devices (pressure gauges, electrodes, remote terminal units that connect to sensors) with software that is run on an admin's (or building management employee's) workstation, al- lowing the admin to monitor the HVAC system in real time. There could also be a human-machine interface (HMI) that displays SCADA animations on a separate screen in a strategic place in the building. SCADA systems are vul- nerable to viruses (such as Stuxnet) that can be used to access design files. To protect against this, the workstation that runs the software portion of SCADA should have its AV software updated, and any separate physical in- terfaces, displays, and sensors should be secured and perhaps be placed within view of a CCTV system.

Disaster recovery plans (DRPs) should include information regarding redundancy, such as sites and backup, but should not include

information that deals with the day-to-day operations of an organization, such as updat- ing computers, patch management, monitoring and audits, and so on. It is important to include only what is necessary in a disaster recovery plan. Too much information can make it difficult to use when a disaster does strike.

Shielded twisted-pair (STP) cable: By using STP cable, you employ a shield around the wires inside the cable, reducing the levels of interference on the cable segment. This can help with computers suffering from

intermittent data loss.

Well, we talked a lot about why the LM hash is insufficient. Let's get into the replacements. The first is the NTLM hash, also known as the NT LAN Man- ager hash. The NTLM algorithm was first supplied with Windows NT 3.1; it provides Unicode support and, more important to this conversation, the RC4 cipher. Although the RC4 cipher enables a more powerful hash known as NTLM for storing passwords, the systems it ran on were still configured to be backward compatible with the LM hash. So, as long as the LM hash was not disabled, those systems were still at the same risk as older systems that ran the LM hash only. Windows Vista and Windows Server 2008 operating systems (and higher) disable the older LM hash by default. While NTLM uses cyclic redundancy checks (CRCs) and message digest algo- rithms for integrity, the main issue with NTLM is that

it is based on the RC4 cipher, and not any recent cryptographic methods such as AES or SHA-256. RC4 has been compromised, and therefore the NTLM hash is compromised. Due to the weakness of NTLM, we need a stronger hashing algorithm: NTLMv2. The NTLMv2 hash uses an HMAC-MD5 hash, making it difficult to crack; it is a 128-bit system. NTLMv2 has been available since Windows NT 4.0 SP4 and is used by default on newer Windows operating systems. Even though NTLMv2 responds to the security issues of the LM hash and NTLM, most Microsoft domains use Kerberos as the logon authentication scheme because of its level of security when dealing with one computer logging in to another or in to an entire network/domain. NTLMv2 is used either when Kerberos isn't available, users log in with local accounts, or a connecting OS doesn't support Kerberos.

If you happen to be using a separate line-conditioning device IN ADDITION to a UPS,

it should be tested regularly. Line-conditioning devices are always sup- plying power to your devices. A UPS backup battery will kick in only if a power loss occurs.

Disasters can be divided into two categories: natural and manmade. Some of the disasters that could render your server room inoperable include the following: Theft and malicious attack: Theft and malicious attack can also cause a disaster, if the right data is stolen. Physical security such as door locks/ac- cess systems and video cameras should be implemented to avoid this. Servers should be cable-locked to their server racks, and removable hard dri- ves (if any are used) should have

key access. Not only does a security admin- istrator have the task of writing policies and procedures that govern the se- curity of server rooms and data centers, but that person will often have the task of enforcing those policies—meaning muscle in the form of security guards, and dual-class technician/guards—or by otherwise having the right to terminate employees as needed, contact and work with the authorities, and so on. Physical security is covered in more depth in Chapter 10, "Physi- cal Security and Authentication Models." Malicious network attacks also need to be warded off; these are covered in depth in Chapter 7, "Networking Protocols and Threats."

The more devices that connect to the UPS, the less time the battery can last if a power outage occurs; if too many devices are connected, there may be in- consistencies when the battery needs to take over. Thus many UPS manufac- turers limit the amount of battery backup-protected receptacles. Connecting a __ to the UPS is not recommended due to the high current draw of it; and never connect a __ or __ to one of the receptacles in the UPS, to protect the UPS from being overloaded.

laser printer; surge protector; power strip

Backup generators can be broken into three types: Battery-inverter generator: These are based on

lead-acid batteries, are quiet, and require little user interaction aside from an uncommon restart and change of batteries. They are well matched to environments that require a low amount of wattage or are the victims of short power outages only. Bat- tery-inverter systems can be stored indoors, but because the batteries can release fumes, the area they are stored in should be well ventilated, such as an air-conditioned server room with external exhaust. Uninterruptible pow- er supplies fall into the battery-inverter generator category.

Redundant network adapters are commonly used to decrease or eliminate server downtime in the case that one network adapter fails. However, you must consider how they will be set up. Optimally, the second network adapter will take over immediately when the first one fails, but how will this be determined? There are applications that can control multiple network adapters, or the switch that they connect to can control where data is direct- ed in the case of a failure. Also, multiple network adapters can be part of an individual collective interface. What you decide will be dictated by company policy, budgeting, and previously installed equipment. As a rule of thumb, you should use

like network adapters when implementing redundancy; check the model and the version of the particular model to be exact. When installing multiple network adapters to a server, that computer then be- comes known as a multihomed machine. It is important to consider how multiple adapters (and their operating systems) will behave normally and during a failure. Microsoft has some notes about this; I left a link in the "View Recommended Resources" online document that accompanies this book. In some cases, you will install multiple physical network adapters, and in others you might opt for a single card that has multiple ports, such as a multi-Ethernet port Intel network adapter. This is often a cheaper solution than installing multiple cards but provides a single point of failure in the form of one adapter card and one adapter card slot. In our original scenario we had domain controllers, database servers, web servers, and file servers; these would all do well with the addition of redundant network adapters.

Remember that your mission-critical devices, such as servers, should con- stantly be drawing power from a

line-conditioning device. Then, if there is a power outage to the server, a UPS should kick in. (In some cases, the UPS also acts as the line- conditioning device.) Finally, if necessary, a backup generator will come on- line and feed all your critical devices with power.

HVAC: Because most AC systems use refrigerant, it is important to

locate the device and any pipes away from where servers and other equipment will be situat- ed, or use a pipeless system. The controls for this system should be within the server room, perhaps protected by a key code. This way, only authorized IT personnel (who have access to the server room) can change the tempera- ture or humidity. This control can also be hooked up to the door access sys- tem or other monitoring systems to log who made changes and when.

The UPS normally has a lead-acid battery that, when discharged, requires 10 hours to 20 hours to recharge. This battery is usually shipped in a discon- nected state. Before charging the device for use, you must first

make sure that the leads connect. If the battery ever needs to be replaced, a red light usually appears accompanied by a beeping sound. Beeping can also occur if power is no longer supplied to the UPS by the AC outlet.

Redundant network adapters are commonly used to decrease or eliminate server downtime in the case that one network adapter fails. However, you must consider how they will be set up. Optimally, the second network adapter will take over immediately when the first one fails, but how will this be determined? There are applications that can control multiple network adapters, or the switch that they connect to can control where data is direct- ed in the case of a failure. Also, multiple network adapters can be part of an individual collective interface. What you decide will be dictated by company policy, budgeting, and previously installed equipment. As a rule of thumb, you should use like network adapters when implementing redundancy; check the model and the version of the particular model to be exact. When installing multiple network adapters to a server, that computer then be- comes known as a

multihomed machine. It is important to consider how multiple adapters (and their operating systems) will behave normally and during a failure. Microsoft has some notes about this; I left a link in the "View Recommended Resources" online document that accompanies this book. In some cases, you will install multiple physical network adapters, and in others you might opt for a single card that has multiple ports, such as a multi-Ethernet port Intel network adapter. This is often a cheaper solution than installing multiple cards but provides a single point of failure in the form of one adapter card and one adapter card slot. In our original scenario we had domain controllers, database servers, web servers, and file servers; these would all do well with the addition of redundant network adapters.

Some of the considerations you should take into account when selecting a backup generator include the following: Fuel source: Does it run on natural gas, gasoline, and so on? If it is an automatically starting system, the options will probably be limited to __ and __.

natural gas; propane

Another vehicle that has become much more common is the unmanned aeri- al vehicle (UAV), commonly known as a drone. The applications of a UAV are seemingly endless, including security and defense applications. From a larger perspective, the risk associated with UAV technology is a double- edged sword—because you have organization-operated UAVs and attacker- operated UAVs. First, if an organization owns and uses UAV technology, it can be exploited like any other technology. For example, a UAV can be a tar- get for command and control (C2) attacks, data link jamming, sensor jam- ming, and spoofing. An attacker might be trying to capture information, or compromise the UAV to take over navigation. The organization that owns the UAV can prevent this by using best coding practices (SDLC), encryption, mutual authentication, and UAV-specific security standards. Secondly, a well-funded attacker might own UAV technology and use it for reconnais- sance, potentially spying on an organization, or gaining access to a wireless network—if properly equipped. On the prevention side, an organization should once again consider their geofencing policy, and have strong Wi-Fi encryption protocols in place. Plus, physical security methods (as discussed in Chapter 10, "Physical Security and Authentication Models") should be in place as well as

no-fly-zone policies.

Shoulder surfing, along with eavesdropping, and dumpster diving are examples of

no-tech hacking.

Many organizations back up to tape. But some organizations are far too large for tape backup, and/or don't have the personnel or equipment necessary to archive properly. In these "big data" scenarios, data might be stored

on the cloud, or archived with a third-party such as Iron Mountain. Whatever your data backup method, make sure that there is some kind of archival offsite in the case of a true disaster. Optimally, this will be in a sister site in another city but regardless should be geographically distant from the main site. It is an integral part of disaster recovery planning.

OSINT stands for

open source intelli- gence (OSINT)

Shoulder surfing is when a person uses direct observation to find out a target's password, PIN, or other such authentication information. The sim- ple resolution for this is for the user to shield the screen, keypad, or other authentication-requesting devices. A more aggressive approach is to courte- ously ask the suspected shoulder surfer to move along. Also, private infor- mation should never be left on a desk or out in the open. Computers should be locked or logged off when the user is not in the immediate area. From a more technical perspective,__ can be implemented (if not already), where typed passwords only show as asterisks or dots on the screen. Some lesser devices (such as SOHO routers) may not implement password masking by default, and that might go against company policy due to the inherent lack of security.

password masking

The previous lists of social engineering methods and defenses are in no way finite. There are so many ways to con a person and so many ways to defend against the con. However, some of the best weapons against social engineer- ing, aside from user education and awareness, are

policies and procedures, and their constant analysis.

Redundant network adapters are commonly used to decrease or eliminate server downtime in the case that one network adapter fails. However, you must consider how they will be set up. Optimally, the second network adapter will take over immediately when the first one fails, but how will this be determined? There are applications that can control multiple network adapters, or the switch that they connect to can control where data is direct- ed in the case of a failure. Also, multiple network adapters can be part of an individual collective interface. What you decide will be dictated by company policy, budgeting, and previously installed equipment. As a rule of thumb, you should use like network adapters when implementing redundancy; check the model and the version of the particular model to be exact. When installing multiple network adapters to a server, that computer then be- comes known as a multihomed machine. It is important to consider how multiple adapters (and their operating systems) will behave normally and during a failure. Microsoft has some notes about this; I left a link in the "View Recommended Resources" online document that accompanies this book. In some cases, you will install multiple physical network adapters, and in others you might opt for a single card that has multiple ports, such as a multi-Ethernet port Intel network adapter. This is often a cheaper solution than installing multiple cards but

provides a single point of failure in the form of one adapter card and one adapter card slot. In our original scenario we had domain controllers, database servers, web servers, and file servers; these would all do well with the addition of redundant network adapters.

The Message-Digest algorithm 5 (MD5) is the newest of a series of algo- rithms designed by Ron Rivest. It uses a 128-bit key. This is a widely used hashing algorithm; at some point you have probably seen MD5 hashes when downloading files. This is an example of the attempt at providing integrity. By checking the hash produced by the downloaded file against the original hash, you can verify the file's integrity with a level of certainty. However, MD5 hashes are susceptible to collisions. A collision occurs when two dif- ferent files end up using the same hash. Due to this low collision resistance, MD5 is considered to be harmful today. MD5 is also vulnerable to threats such as __ and __. The best solution to protect against these attacks is to use a stronger type of hashing function such as SHA-2 or higher.

rainbow tables; pre-image attacks

Although not an exhaustive set, the following written disaster recovery policies, procedures, and information should be part of your disaster recovery plan: Business continuity plan: A BCP defines how the business will con- tinue to operate if a disaster occurs; this plan is often carried out by a team of individuals. A BCP is also referred to as a continuity of operations plan (COOP). Over the years, BCPs have become much more important, and de- pending on the organization, the BCP might actually encompass the entire DRP. It also comprises business impact analysis—the examination of critical versus noncritical functions. These functions are assigned two differ- ent values or metrics:

recovery time objective (RTO), the acceptable amount of time to restore a function (for example, the time required for a service to be restored after a disaster), and recovery point objective (RPO), the acceptable latency of data, or the maximum tolerable time that data can remain inaccessible after a disaster. It's impossible to foresee exact- ly how long it will take to restore service after a disaster, but with the use of proper archival, hot/warm/cold sites, and redundant systems, a general timeframe can be laid out, and an organization will be able to decide on a maximum timeframe to get data back online. This in effect is IT contingency planning (ITCP).

Fire extinguishers: Fire Class B: Denoted by (shape)

red square, this type defines use for flammable liquid and gas fires. I like to remember this by associating B with "butane" because butane is a highly flammable gas.

Finally, your ISP is susceptible to failure as well—as I'm sure you are well aware. Most organizations rely on just one Internet connection for their en- tire network. This is another example of a single point of failure. Consider secondary connections to your ISP, such as redundant fiber-optics, forming what is known as a

redundant ISP. Or, if you have a T-1 line, perhaps a BRI connection will do. Or if you have a T-3, perhaps a PRI connection would be best. At the very least, a set of dial-up connections can be used for redundancy. Some companies install completely fault-tolerant, dual Internet connections, the second of which comes online immediately following a fail- ure. If you use a web host for your website and/or e-mail, consider a mirror site or more than one. Basically, in a nutshell, it's all about not being caught with your pants down. If an organization is without its Internet connection for more than a day (or hours in some cases), you know it will be the network admin and the security admin who will be the first on the chopping block, most likely followed by the ISP.

One way is to use key stretching. A key stretching technique will take a weak key, process it, and output an enhanced and more powerful key. Often, this process will increase the size of the key to 128 bits, making attacks such as brute-force attacks much more difficult, if not impossible. Examples of key stretching software include PBKDF2 and bcrypt. These utilities also incorporate __ to protect against dictionary attacks, brute-forcing, and rainbow table attacks. __(Describe)

salting; Salting is additional random data that is added to a one-way cryptographic hash. It is one character or more, but defined in bits. The person with the weaker web server password key, or perhaps the admin with the NTLM hash, would do well to consider key stretching or salting. Another technique used is the nonce (number used once). It can be added to password-based authentication schemes where a secure hash function (such as SHA) is used. It is a unique number (that is difficult for attackers to find) that can only be used once. As such, it helps to protect users from replay attacks.

Finally, your ISP is susceptible to failure as well—as I'm sure you are well aware. Most organizations rely on just one Internet connection for their en- tire network. This is another example of a single point of failure. Consider

secondary connections to your ISP, such as redundant fiber-optics, forming what is known as a redundant ISP. Or, if you have a T-1 line, perhaps a BRI connection will do. Or if you have a T-3, perhaps a PRI connection would be best. At the very least, a set of dial-up connections can be used for redundancy. Some companies install completely fault-tolerant, dual Internet connections, the second of which comes online immediately following a fail- ure. If you use a web host for your website and/or e-mail, consider a mirror site or more than one. Basically, in a nutshell, it's all about not being caught with your pants down. If an organization is without its Internet connection for more than a day (or hours in some cases), you know it will be the network admin and the security admin who will be the first on the chopping block, most likely followed by the ISP.

A proper redundant power supply is an enclosure that contains two (or more) complete power supplies. You make one main power connection from the AC outlet to the power supply, and there is one set of wires that connects to the motherboard and devices. However, if one of the power supplies in the enclosure fails, the other takes over immediately without computer failure. These are common on

servers, especially RAID boxes. They are not practical for client computers, but you might see them installed in some powerful workstations. In our scenario, we should install redundant power supplies to as many servers as possible, starting with the file servers and domain con- trollers. If possible, we should implement redundant power supplies for any of our switches or routers that will accept them, or consider new routers and switches that are scalable for redundant power supplies. In some cases (pun intended), it is possible to install two completely sepa- rate power supplies so that each has a connection to an AC outlet. This de- pends on your server configuration but is less common due to the amount of redundancy it requires of the devices inside the server. Either look at the specifications for your server's case or open it up during off-hours to see if redundant power supplies are an option. Vendors such as HP and manufacturers such as Thermaltake and Enlight of- fer redundant power supply systems for servers, and vendors such as Cisco offer redundant AC power systems for their networking devices. This technology is great in the case that a power supply failure occurs, but it does not protect from scenarios in which power to the computer is disrupted.

Just about everything in the server room should be connected to a UPS (you will most likely need several) to protect from power outages. This includes (8) ___. really, everything in the server room!

servers, monitors, switches, routers, CSU/DSUs, PBX equipment, security cameras, workstations, and monitors—

The watering hole attack is a strategy that targets users based on the common websites that they frequent. The attacker loads malware before- hand on one or more websites in the hopes that the user(s) will access those sites and activate the malware, ultimately infecting the user's system and possibly spreading through the network. To figure out the browsing habits of users, the attacker might guess or use direct observation. So, this attack may also build upon other social engineering methods such as eavesdropping, pretexting, and phishing. Popular websites such as Google, Microsoft, and so on will be difficult to in- fect with malware. It's the

smaller websites that the attacker will go after. For example, let's take a company that manufactures widgets. Chances are that the company will need to purchase plastic and other resources to build the widgets. It follows that users will connect to suppliers' websites often via the Internet or possibly an intranet. Typically, suppliers' websites are known for a lack of security and make excellent targets. If many users in the compa- ny go to these same websites, and often, it's just a matter of time before one clicks on the wrong website element, or gets tricked in another manner. Then, malware gets installed to the client computer and possibly spreads throughout the company. An attacker might also redirect users to other web- sites where other scams or more hardcore malware (such as ransomware) are located.

Fire Class A: this class defines use for (what kind of fires?)

solid combustibles such as wood.ordi- nary fires consuming

I've mentioned several times that your server room contains the livelihood of your organization—its data. If you don't protect the data, you'll be out of a job. One way to protect the server room is by installing a clean agent fire suppression system. Special clean agent fire extinguishers, such as Halotron and FE-36, are recommended for server rooms because they leave no residue after the fire is extinguished, reducing the likelihood of damage to computer systems and networking equipment. Also, they are rated as ABC, so they can put out not only electrical fires, but also the ash fire that will most likely en- sue. All the other systems mentioned up to this point can easily cause com- puter failure if they are discharged. The ultimate solution would be to equip the server room with a (describe)

special hazard protection system, a clean agent system, such as FM-200. This gaseous system would be installed in addition to the pre-action system (or other dry pipe system) if the organization can afford it. This system uses a large tank that stores a clean agent fire extinguishant in the form of a liquid. It is sprayed from one or more nozzles in the ceiling of the server room in gas form. A system such as this can put out most classes of fires in seconds. This type of product does not do damage to equipment and can be used safe- ly when people are present. However, most of these systems also employ avery loud alarm that tells all personnel to leave the server room; it's usually so loud and abrasive that you are compelled to leave! It is wise to run through fire suppression alarm tests and fire drills, ensuring that the alarm will sound when necessary and that IT personnel know what to do when the alarm sounds, namely, leave. In some cases, these systems will shut the door automatically after a certain timeout. In these cases, procedures should be written out specifying what to do if a fire occurs. Drilling is of utmost impor- tance in these environments to make certain that everyone knows to leave the server room quickly if a fire occurs. Again, after drills have been complet- ed, the appropriate IT personnel should simulate disaster recovery proce- dures, if necessary. If the system was installed properly and does its job, this simulation should be minimal.

Companies should always have at least one backup switch sitting on the shelf. If the company has only one switch, it is a desperate single point of failure. If a company has multiple switches stacked in a star-bus fashion, the whole stack can be a single point of failure unless

special backup ports are used (only available on certain switches). These special ports are often fiber- optic-based and are designed either for high-speed connections between switches or for redundancy. This concept should be employed at the master switch in a hierarchical star as well to avoid a complete network collapse. However, the hierarchical star is more secure than a star-bus configuration when it comes to network failure. In a hierarchical star, certain areas of the network still function even if one switch fails. This is a form of redundant topology.

Using proper power devices is part of a good preventative maintenance/se- curity plan and helps to protect a computer. You need to protect against sev- eral things: A __ is a short transient in voltage that can be due to a short circuit, tripped circuit breaker, power outage, or lightning strike.

spike

Backup generator fuel types include gasoline, diesel, natural gas, propane, and solar. Smaller backup generators often use gasoline, but these are not adequate for most companies. Instead, many organizations use larger natur- al gas generators. Some of these generators need to be started manually, but the majority of them are known as (describe)

standby generators. These are systems that turn on automatically within seconds of a power outage. Transfer switches sense any power loss and instruct the generator to start. Standby generators may be required by code for certain types of buildings with stand- by lighting, or buildings with elevators, fire-suppression systems, and life- support equipment. You should always check company policy and your mu- nicipal guidelines before planning and implementing a backup generator system.

Full backup: Backs up all the contents of a folder. The full backup can be stored on one or more tapes. If more than one is used, the restore process would require

starting with the oldest tape and moving through the tapes chronologically one by one. Full backups can use a lot of space, causing a backup operator to use a lot of backup tapes, which can be expensive. Full backups can also be time-consuming if there is a lot of data. So, often, incre- mental and differential backups are used with full backups as part of a back- up plan.

Around the turn of the millennium, the creator of PGP, and many other se- curity-minded people that used PGP, sensed that an open source alternative would be beneficial to the cryptographic community. This was presented to, and accepted by, the IETF, and a new standard called OpenPGP was devel- oped. With this open source code, others could write software that could eas- ily integrate with PGP (or replace it). One example of this is the GNU Priva- cy Guard (GPG, or GNuPG), which is compliant with the OpenPGP stan- dard. Over time this has been developed for several platforms including vari- ous Linux GUIs, macOS/OS X, and Windows. GPG is a combination of

sym- metric key encryption and public key encryption.

A key stretching technique will

take a weak key, process it, and output an enhanced and more powerful key. Often, this process will increase the size of the key to 128 bits, making attacks such as brute-force attacks much more difficult, if not impossible. Examples of key stretching software include PBKDF2 and bcrypt.

It should go without saying, but surge protectors are not good enough to protect power issues that might occur in your server room. A UPS is the proper device to use. An uninterruptible power supply (UPS)...

takes the functionality of a surge suppressor and combines that with a battery backup. So now, our server is protected not only from surges and spikes, but also from sags, brownouts, and blackouts. Most UPS devices also act as line con- ditioners that serve to clean up dirty power. Noise and increases/decreases in power make up dirty power. Dirty power can also be caused by too many devices using the same circuit, or because power coming from the electrical panel or from the municipal grid fluctuates, maybe because the panel or the entire grid is under- or overloaded. If a line-conditioning device such as a UPS doesn't fix the problem, a quick call to your company's electrician should result in an answer and possibly a long-term fix.

The LANMAN hash, also known as the LAN Manager hash or simply LM hash, was the original hash used to store Windows passwords. It was used in Windows operating systems before Windows NT but is supported by some versions of Windows in an attempt to be backward compatible. This back- ward compatibility can be a security risk because the LM hash has several weaknesses and can be cracked easily. Its function is based on the deprecated DES algorithm and can only be a maximum of 14 characters. These weaknesses are compounded by the fact that

the ASCII password is broken into two pieces, one of which is converted to uppercase, essentially removing a large portion of the character set. Plus, it can store a maximum of only seven uppercase characters. Due to this, brute-force attacks can crack alphanumeric LM hashes in a matter of hours.

The LANMAN hash, also known as __or simply __,

the LAN Manager hash ; LM hash

The LANMAN hash, also known as the LAN Manager hash or simply LM hash, was the original hash used to store Windows passwords. It was used in Windows operating systems before Windows NT but is supported by some versions of Windows in an attempt to be backward compatible. This back- ward compatibility can be a security risk because the LM hash has several weaknesses and can be cracked easily. Its function is based on the deprecated DES algorithm and can only be a maximum of 14 characters. These weaknesses are compounded by the fact that the ASCII password is broken into two pieces, one of which is converted to uppercase, essentially removing a large portion of the character set. Plus, it can store a maximum of only seven uppercase characters. Due to this, brute-force attacks can crack alphanumeric LM hashes in a matter of hours. Due to all these weaknesses, it is highly recommended that

the LANMAN hash be disabled on operating systems that run it by default. It should also be checked on operating systems such as Windows Vista/Server 2008 and higher that are supposed to have it disabled by default, just in case the set- ting was modified.

Well, we talked a lot about why the LM hash is insufficient. Let's get into the replacements. The first is the NTLM hash, also known as the NT LAN Man- ager hash. The NTLM algorithm was first supplied with Windows NT 3.1; it provides Unicode support and, more important to this conversation,

the RC4 cipher. Although the RC4 cipher enables a more powerful hash known as NTLM for storing passwords, the systems it ran on were still configured to be backward compatible with the LM hash. So, as long as the LM hash was not disabled, those systems were still at the same risk as older systems that ran the LM hash only. Windows Vista and Windows Server 2008 operating systems (and higher) disable the older LM hash by default.

The Secure Hash Algorithm (SHA) is one of a number of hash functions designed by __ and published by the __.

the U.S. National Security Agency (NSA); NIST

Generally, no information about the target is necessary for a phishing attack. However, some "phishermen" actually target specific groups of people or even specific individuals. This is known as spear phishing. And when an attacker targets senior executives (CEOs, CFOs, and so on) it is known aswhaling. Whaling attacks are much more detailed and require that

the at- tacker know a good deal of information about the target (much of which is freely available on the Internet).

Backup generators can be broken into three types: Battery-inverter generator: These are based on lead-acid batteries, are quiet, and require little user interaction aside from an uncommon restart and change of batteries. They are well matched to environments that require a low amount of wattage or are the victims of short power outages only. Bat- tery-inverter systems can be stored indoors, but because

the batteries can release fumes, the area they are stored in should be well ventilated, such as an air-conditioned server room with external exhaust. Uninterruptible pow- er supplies fall into the battery-inverter generator category.

Manufacturers and organizations will also implement a network security measure known as an air gap. An air gap is a method of isolating an entity, effectively separating it from everything else—the entity could be a CPU, a system, or an entire network. The concept could be applied to just about any- thing. As we know, one of the best ways to secure a thing is to isolate it. In the case of the CAN bus,

the engine control unit is usually air gapped. Indus- trial control systems such as SCADA are often air gapped. So are mission- critical and life-critical controls used in nuclear power plants or aviation ve- hicles. It could also be an entire network that needs to be separated—this is common in military and government scenarios, and might also require the implementation of a Faraday cage or TEMPEST solution. If two entities are involved in an air gap, for example, two networks, they are often categorized as classified (secure or high side) and unclassified (insecure or low side), but it's the classified entity that is considered to be the real air-gapped system. Data can easily be transferred from the low side to the high side, but for high side to low side data transfer, the procedures are much more strict, and quite possibly require physical moving of the data. For example, in Chapter 15, "PKI and Encryption Protocols," we discussed the concept of the offline cer- tificate authority (CA), where certificates and keys are physically moved from that system to subsidiary CAs, and in fact are also done vice versa, making the air gap more secure.

Because it works with RSA, the security of PGP is based on

the key size. It is considered secure and uncrackable as long as a sufficient key size is used. As an example, it has been suggested that a 2048-bit key should be safe against the strongest of well-funded adversaries with knowledgeable people and the latest in supercomputers until at least the year 2020; 1024-bit keys are con- sidered strong enough for all but the most sensitive data environments.

Battery backup is great, but the battery can't last indefinitely! It is consid- ered emergency power and typically keeps your computer system running for 5 to 30 minutes depending on the model you purchase. UPS devices to- day have a USB connection so that your computer can communicate with the UPS. When there is a power outage, the UPS sends a signal to the computer telling it to shut down, suspend, or stand-by before the battery discharges completely. Most UPSs come with software that you can install that enables you to configure the computer with these options. The more devices that connect to the UPS,

the less time the battery can last if a power outage occurs; if too many devices are connected, there may be in- consistencies when the battery needs to take over. Thus many UPS manufac- turers limit the amount of battery backup-protected receptacles. Connecting a laser printer to the UPS is not recommended due to the high current draw of the laser printer; and never connect a surge protector or power strip to one of the receptacles in the UPS, to protect the UPS from being overloaded.

In general, the most common type of fire extinguisher used in a building is

the multipurpose dry-chemical ABC extinguisher. However, this is extremely messy—it gets into everything! Plus, it can cause corrosion to computer com- ponents over time. For server rooms, BC extinguishers are sometimes em- ployed; the most common is the carbon dioxide (CO2) extinguisher. The CO2extinguisher displaces oxygen, which is needed for a fire to burn, in addition to heat and fuel, which collectively make up the fire triangle. CO2 extinguish- ers are relatively safe for computer components, especially compared to ABC extinguishers. However, the CO2 extinguisher can possibly cause damage to computer components from electrostatic discharge (ESD), although this is rare. Also, if carbon dioxide is released in an enclosed space where people are present, there is a risk of suffocation. If the organization has the money, it is far more preferable to use an ABC-rated Halotron extinguisher in the server room—or better yet, a special hazard protection system.

The pseudorandom number generator (PRNG) is used by crypto- graphic applications that require unpredictable output. They are primarily coded in C or Java and are developed within a cryptography application such as a key generator program. Within that program there is a specific utility, for example SHA2PRNG, that is used to create the PRNG. (Remember to use SHA-256—as of the writing of this book—or higher.) For additional "ran- domness" a programmer will increase entropy, often by collecting system noise. One of the threats to PRNGs is

the random number generator attack, which exploits weaknesses in the code. This can be prevented by implement- ing randomness, using AES, using newer versions of SHA, and maintaining physical control of the system where the PRNG is developed and stored.

Using proper power devices is part of a good preventative maintenance/se- curity plan and helps to protect a computer. You need to protect against sev- eral things: Blackouts: A blackout is when total loss of power for a prolonged peri- od occurs. Another problem associated with blackouts is

the spike that can occur when power is restored.

The most common type of fire sprinkler system consists of a pressurized wa- ter supply system that can deliver a high quantity of water to an entire build- ing via a piping distribution system. This is known as a wet pipe sprinkler system. Typical to these systems are sprinkler heads with glass bulbs (often red) or two-part metal links. When a certain amount of predetermined heat reaches the bulb or link, it causes it to shatter or break, applying pressure to the sprinkler cap and initiating the flow of water from that sprinkler and per- haps others in the same zone. The entire system is usually controlled by a valve assembly, often located in the building's basement. Some organizations might have a need for a dry pipe system, which is necessary in spaces where

the temperature of that area of the building can be cold enough to freeze the water in a wet pipe system. In this type of system, the pipes are pressurized with air, and water is sent through the system only if necessary; for example, during a fire.

Using proper power devices is part of a good preventative maintenance/se- curity plan and helps to protect a computer. You need to protect against sev- eral things: Brownouts: A brownout is when

the voltage drops to such an extent that it typically causes the lights to dim and causes computers to shut off.

If there is a power failure that cannot be alleviated by use of a UPS and/or backup generator, you might opt to shut down all but the most necessary of systems temporarily. Some organizations enforce this by way of a written policy. To help monitor HVAC systems and their power consumption, indus- trial control systems (ICSs) such as the supervisory control and data ac- quisition (SCADA) computer-controlled system will be used. A system such as SCADA combines hardware monitoring devices (pressure gauges, electrodes, remote terminal units that connect to sensors) with software that is run on an admin's (or building management employee's) workstation, al- lowing the admin to monitor the HVAC system in real time. There could also be a human-machine interface (HMI) that displays SCADA animations on a separate screen in a strategic place in the building. SCADA systems are vul- nerable to viruses (such as Stuxnet) that can be used to access design files. To protect against this,

the workstation that runs the software portion of SCADA should have its AV software updated, and any separate physical in- terfaces, displays, and sensors should be secured and perhaps be placed within view of a CCTV system.

Using proper power devices is part of a good preventative maintenance/se- curity plan and helps to protect a computer. You need to protect against sev- eral things: Surges: A surge in electrical power means that

there is an unexpected increase in the amount of voltage provided. This can be a small increase, or a larger increase known as a spike.

SHA-1 is no longer con- sidered to be secure because

there is the potential for successful collision- based attacks. It employs a 160-bit hash, and as of 2017 has been deprecated.

Older extinguishants, such as halon, are not used anymore because

they are harmful to the environment. Less-developed countries might still use them, but most governments have banned the use of halon. If you see one of these, it should be replaced with a newer extinguisher that uses environment-safe halocarbon agents such as Halotron or FE-36. These are known as gaseous clean agents that are not only safe on humans and safe for IT equipment, but are better for the environment as well. Gaseous fire suppression systems are the best for server rooms.

Fire Class K: this class defines use for (what kind of fires?)

this type is for cooking oil fires. This is one type of extinguisher that should be in any kitchen. This is important if your organization has a cafeteria with cooking equipment.

The best way to prevent social engineering attacks is

to increase your users' knowledge.

Disasters can be divided into two categories: natural and manmade. Some of the disasters that could render your server room inoperable include the following: Flood: The best way to avoid server room damage in the case of a flood is

to locate the server room on the first floor or higher, not in a basement. There's not much you can do about the location of a building, but if it is in a flood zone, it makes the use of a warm or hot site that much more impera- tive. And a server room could also be flooded by other things such as boilers. The room should not be adjacent to, or on the same floor as, a boiler room. It should also be located away from other water sources such as bathrooms and any sprinkler systems. The server room should be thought of three-dimen- sionally; the floors, walls, and ceiling should be analyzed and protected. Some server rooms are designed to be a room within a room and might have drainage installed as well.

The best way to protect file servers' data is

to use some type of redundant ar- ray of disks. This is referred to as RAID (an acronym for redundant array of independent disks, or inexpensive disks). RAID technologies are designed to either increase the speed of reading and writing data or to create one of sev- eral types of fault-tolerant volumes, or to do both. From a security viewpoint, we are most interested in the availability of data, the fault tolerance (the ca- pability to withstand failure) of our disks. A RAID array can be internal or external to a computer. Historically, RAID arrays were configured as SCSI chains, but nowadays you also find SATA, eSATA, and Fibre Channel. Either way, the idea is that data is being stored on multiple disks that work with each other. The number of disks and the way they work together is depen- dent on the level of RAID. For the exam, you need to know several levels of RAID including RAID 0, RAID 1, RAID 5, RAID 6, and RAID 10 (also known as RAID 1+0). Table 16-1 describes each of these. Note that RAID 0 is the only one listed that is not fault tolerant, so from a security perspective it is not a viable option. Nevertheless, you should know it for the exam.

It should go without saying, but surge protectors are not good enough to protect power issues that might occur in your server room. A UPS is the proper device to use. An uninterruptible power supply (UPS) takes the functionality of a surge suppressor and combines that with a battery backup. So now, our server is protected not only from surges and spikes, but also from sags, brownouts, and blackouts. Most UPS devices also act as line con- ditioners that serve to clean up dirty power. Noise and increases/decreases in power make up dirty power. Dirty power can also be caused by

too many devices using the same circuit, or because power coming from the electrical panel or from the municipal grid fluctuates, maybe because the panel or the entire grid is under- or overloaded. If a line-conditioning device such as a UPS doesn't fix the problem, a quick call to your company's electrician should result in an answer and possibly a long-term fix.

To protect against a birthday attack,

use a secure transmission medi- um, such as SSH, or encrypt the entire message that has been hashed.

Of course, an admin needs to remember that the primary line of defense when it comes to passwords is to use complexity and length; not just one or the other. There are a couple of myths connected with passwords in general. The first is that complexity is better than length. This isn't always true; it will depend on the type of attack (dictionary or brute-force), the level of com- plexity, and the length of the password. So again, if at all possible, define policies that specify complexity plus length. And if length cannot be incorpo- rated into your password scheme,

use key stretching, or salting, or strongly consider using a different hash altogether. Another myth is that password checkers ensure strong passwords. Password checkers can help you get an idea of whether a password is secure, but may interpret some weak pass- words as strong.

Watering Hole Attack: The problem is that you as a security administrator can't actively prevent the malware on the targeted websites. You can suggest prevention methods to those companies—such as software patches and secure coding—but can't force them into action. So, you should focus on localized prevention methods including (4)

user training, reducing web browser functionality, blacklisting of websites, and monitoring in the form of anti-malware software, IDS/IPS, and more—essentially, all of the methods we have discussed earlier in this book.

If, for whatever reason, the storing of LM hashes for passwords cannot be turned off, Microsoft recommends

using a 15-character-minimum password. When this is done, an LM hash and an NTLM hash value are stored. In this situation, the LM hash cannot be used solely to authenticate the user; there- fore, it cannot be solely cracked. The NTLM hash would have to be cracked as well. Because 15 characters might be beyond some organizations' policies —or some users' ability, for that matter—it is highly recommended that the LM hash policy be disabled.

Multifactor authentication is often used in conjunc- tion with a mantrap; for example,

using a proximity card and PIN at the first door, and biometric scan at the second. A mantrap is an example of a pre- ventive security control. Turnstiles, double entry doors, and employing secu- rity guards are other less expensive (and less effective) solutions to the prob- lem of piggybacking and tailgating and help address confidentiality in general.

Anyway, for the Security+ certification, how the training gets accomplished isn't as important as what is covered in training. The following is a basic list of rules you can convey when training employees: -Always screen your e-mail and phone calls carefully and keep a log of events. This is also known as communications __

vetting

Well, we talked a lot about why the LM hash is insufficient. Let's get into the replacements. The first is the NTLM hash, also known as the NT LAN Man- ager hash. The NTLM algorithm was first supplied with Windows NT 3.1; it provides Unicode support and, more important to this conversation, the RC4 cipher. Although the RC4 cipher enables a more powerful hash known as NTLM for storing passwords, the systems it ran on

were still configured to be backward compatible with the LM hash. So, as long as the LM hash was not disabled, those systems were still at the same risk as older systems that ran the LM hash only. Windows Vista and Windows Server 2008 operating systems (and higher) disable the older LM hash by default.

The most common type of fire sprinkler system consists of a pressurized wa- ter supply system that can deliver a high quantity of water to an entire build- ing via a piping distribution system. This is known as a

wet pipe sprinkler system.

Note: A similar technique using automated systems is known as war- dialing. This is

when a device (modem or other system) is used to scan a list of telephone numbers and dial them in search of computer systems and fax machines. The technique sifts out the phone numbers associated with voice lines, and the numbers associated with computers. It results in a list that can later be used by other attackers for various purposes.

Pretexting is

when a person invents a scenario, or pretext, in the hope of persuading a victim to divulge information. Preparation and some prior in- formation are often needed before attempting a pretext; impersonation is of- ten a key element. By impersonating the appropriate personnel or third-par- ty entities, a person performing a pretext hopes to obtain records about an organization, its data, and its personnel. IT people and employees should al- ways be on the lookout for impersonators and always ask for identification. If there is any doubt, the issue should be escalated to your supervisor and/or a call should be made to the authorities.

Diversion theft is

when a thief attempts to take responsibility for a ship- ment by diverting the delivery to a nearby location. This happens more often than you would think, and millions of dollars' worth of IT equipment is stolen in this manner every day. It is important that couriers and other ship- pers know exactly where they are supposed to be delivering items, and that they are given an organization contact name, number, and possibly security code in case there is any confusion.

A pass the hash attack is

when an attacker obtains the password hash of one or more user accounts and reapplies the hash to a server or other system in order to fool the system into thinking that the attacker is authentic. The goal is for the attacker to gain access to the system, often a Windows Server, and gain another user's credentials with the potential to escalate privileges. The attack starts with the attacker obtaining the hashes from a target sys- tem. That's the hard part. Access to the system is required in one way or an- other, then the attacker can use a hash dumping utility to collect the hashes for user passwords. Next, the attacker utilizes a "pass the hash" program to place the hashes within the server. For example, within the Local Security Authority Subsystem Service (LSASS) in Windows Server. This can be done using a side-channel attack so that the attacker can impersonate one of the users. If done properly, the attacker does not need to know the password of an account, does need to brute-force the password, and does not need to re- verse engineer the hash. While the attack can be carried out on an individual client system also, it is more often something that is focused on Windows Servers (namely domain controllers) because they house many user account credentials. Prevention includes the following: Only allowing clients that are trusted op- erating systems to connect to a server; configuring Windows domain trusts securely; using multifactor authentication; using tokens; and implementing the principle of least privilege for user accounts. When employing least privi- lege, be sure to include domain accounts and local admin accounts. Finally, standard network security discussed in Chapter 6 through 9 should also be implemented, including IDS/IPS solutions, firewall restrictions, and so on.

Passwords can also be hashed using algorithms. Some password hashes are more secure than others, whereas older ones have been cracked and are therefore compromised. This section details the Windows-based LANMAN, NTLM, and NTLMv2 hashes starting from the oldest. These three types of authentication are what attempts to make your login to the Windows com- puter secure, unless

you log in to a domain where Kerberos is used by default.

Battery backup is great, but the battery can't last indefinitely! It is consid- ered emergency power and typically keeps your computer system running for 5 to 30 minutes depending on the model you purchase. UPS devices to- day have a USB connection so that (describe)

your computer can communicate with the UPS. When there is a power outage, the UPS sends a signal to the computer telling it to shut down, suspend, or stand-by before the battery discharges completely. Most UPSs come with software that you can install that enables you to configure the computer with these options.

AES is the successor to DES/3DES and is another symmetric key encryption standard composed of three differ- ent versions of block ciphers:

AES-128, AES-192, and AES-256. Actually, each of these has the same 128-bit cipher block size, but the key sizes for each are 128-bit, 192-bit, and 256-bit, respectively.

RC6 is a block cipher entered into the AES competition and was one of the five finalists. Though it was not selected, it is a patented algorithm offered by RSA Security as an alternative to

AES. It is similar to AES in block size and key size options but uses different mathematical methods than Rijndael.

Examples of symmetric key algorithms include __(4), all of which we discuss later in this chap- ter.

DES, 3DES, RC, and AES

AES is the successor to __ and is another symmetric key encryption standard composed of three differ- ent versions of block ciphers: AES-128, AES-192, and AES-256.

DES/3DES

A block cipher is a type of algorithm that encrypts a group of bits collec- tively as individual units known as blocks. For example, the Advanced En- cryption Standard (AES) algorithm can use 128-bit or 256-bit block ciphers. Block ciphers can work in different modes including: (6)

Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feed- back (OFB), Galois/Counter Mode (GCM), and Counter (CTR).

Examples of symmetric key algorithms include DES, 3DES, RC, and AES, all of which we discuss later in this chap- ter. Another example of a technology that uses symmetric keys is

Kerberos. By default, Kerberos makes use of a third party known as a key distribution center (KDC) for the secure transmission of symmetric keys, also referred to as tickets. (Note: Kerberos can optionally use public key cryptography (covered later in this chapter) by making use of asymmetric keys. This is done during specific authentication stages. Kerberos is covered in more depth in Chapter 10, "Physical Security and Authentica- tion Models.")

Note: The __ was de- signed as a replacement to DES and is an optional algorithm in the OpenPGP standard, though it suffers from a simple key schedule resulting in weak keys.

International Data Encryption Algorithm (IDEA)

Pretty Good Privacy (PGP) is an encryption program used primarily for signing, encrypting, and decrypting e-mails in an attempt to increase the se- curity of e-mail communications. You might remember that we previously discussed weaknesses of e-mail client programs when sending via POP3 and SMTP servers. PGP uses (actually wrote) the encryption specifications as shown in the __ standard; other similar programs use this as well.

OpenPGP

RC4 is a somewhat widely used stream cipher in protocols such as SSL, WEP, and RDP. It is known for its speed and simplicity. However, it is avoid- ed when designing newer applications and technologies due to several vul- nerabilities; when used with WEP on wireless networks, it can be cracked quickly with the use of aircrack-ptw. One way to avoid this to a certain extent is to use the Temporal Key Integrity Protocol (TKIP) with WEP. However, it still is recommended that AES and WPA2 be used in wireless networks. Some versions of Microsoft Remote Desktop Services use __. How- ever, __...

RC4 128-bit; Microsoft recommends disabling RC4 if at all possible, and using other encryption, such as Federal Information Processing Standard (FIPS)-com- pliant encryption (IPsec and EFS) and TLS for authentication.

Other algorithms have been adapted to work with elliptic curves, including Diffie-Hellman and the Digital Signature Algorithm (DSA). The Diffie-Hell- man version (known as Elliptic Curve Diffie-Hellman, or ECDH) uses elliptic curve public/private key pairs to establish the secret key. Another variant,Elliptic Curve Diffie-Hellman Ephemeral (ECDHE), runs in ephemeral mode, which as previously stated makes sure that a compromised message won't start a chain reaction, and that other messages maintain their integrity. By its very design, the elliptic curve solves the problem of the extra computational power required by DHE. DSA is

a U.S. federal government standard public key encryption algorithm used in digital signatures. The el- liptic version is known as ECDSA. In general, the size of the public key in an elliptic curve-based algorithm can be 1/6 the size of the non-elliptic curve version. For example, ECDSA has a public key that is 160 bits, but regular DSA uses a public key that is 1024 bits. This is part of the reasoning behind the reduced amount of CPU power needed.

RC6 is

a block cipher entered into the AES competition and was one of the five finalists. Though it was not selected, it is a patented algorithm offered by RSA Security as an alternative to AES. It is similar to AES in block size and key size options but uses different mathematical methods than Rijndael.

RC5 is

a block cipher noted for its simplicity and for its variable size (32-, 64-, or 128-bit). The strongest RC5 block cipher that has been cracked via brute-force as of the writing of this book is a 64-bit RC5 key, in 2001. This was done by distributed.net, a nonprofit organization which at the time had 30 TFLOPS of computational power. It is also working on cracking the 72-bit version of RC5, with substantially higher throughput at its disposal. This is cause for concern for some—because Moore's Law tells us of the effective doubling of CPU power every two years or so—but you must remember that stronger algorithms such as AES 256-bit are exponentially harder to crack. RC6 is a block cipher entered into the AES competition and was one of the five finalists. Though it was not selected, it is a patented algorithm offered by RSA Security as an alternative to AES. It is similar to AES in block size and key size options but uses different mathematical methods than Rijndael.

The Data Encryption Standard (DES) is an older type of block cipher selected by the U.S. federal government back in the 1970s as its encryption standard. But due to its weak key, it is now considered deprecated and has been replaced by other standards. Being a block cipher, it groups 64 bits to- gether into encryption units. Today, a 64-bit cipher is not considered power- ful enough; also, and more important, the key size is 56-bit, which can be cracked fairly easily with a __ or __.

a brute-force attack; linear cryptanalysis attack

Note: The Diffie-Hellman algorithm can also be used within __, though the RSA algorithm is far more common.

a public key infrastructure (PKI)

Diffie-Hellman relies on secure key exchange before data can be transferred. This key exchange establishes

a shared secret key that can be used for secret communications but over a public network. Originally, fictitious names were chosen for the "users": Alice and Bob. Basically, Alice and Bob agree to initial prime and base numbers. Then, each of them selects secret integers and sends an equation based on those to each other. Each of them computes the other's equation to complete the shared secret, which then allows for en- crypted data to be transmitted. The secret integers are discarded at the end of the session. These were originally static keys, meaning that they were used for a long period of time.

Internet standards, such as SSL/TLS and PGP, use public key cryptography. Don't confuse the term public key cryptography with public key in- frastructure (PKI). Although they are related, they are not the same. PKI is an entire system of __(3) and so on, that binds public keys with user identities by way of certificates and a certificate authority (server or other such device).

hardware, software, policies,

A one-time pad (also known as the Vernam cipher, named after the engi- neer Gilbert Vernam) is a stream cipher that encrypts plaintext with a secret random key that is the same length as the plaintext. It uses a string of bits that is generated at random (known as a keystream). Encryption is accom- plished by combining the keystream with the plaintext message using the bitwise XOR operator to produce the ciphertext. Because the keystream

is randomized, even an attacker with a plethora of computational resources on hand can only guess the plaintext if the attacker sees the ciphertext.

The RSA algorithm uses what is known as (describe)

integer factorization cryptogra-phy. It works by first multiplying two distinct prime numbers that cannot be factored. Then it moves on to some more advanced math in order to derive a set of two numbers. Finally, from these two numbers, it creates a private and public key pair.

One of the issues with a one-time pad is that it requires perfect randomness. The problem with computer-based random number generators is that they usually aren't truly random because high-quality random numbers are diffi- cult to generate; instead, they are

pseudorandom number generators (PRNGs), discussed a bit later. Another issue is that the exchange of the one- time pad data must be equal to the length of the message. It also requires proper disposal, which is difficult due to data remanence.

ECC is used with smart cards, wireless security, and other communications such as VoIP and IPsec (with DSA). It can be susceptible to

side-channel at- tacks (SCAs), which are attacks based on leaked information gained from the physical implementation (number and type of curves) of the cryptosystem, and fault attacks (a type of SCA), plus there are concerns about backdoors into the algorithm's random generator. Elliptic curve cryptography (as well as RSA and other algorithms) is also theoretically vulnerable to quantum cryptanalysis-based computing attacks.

Pretty Good Privacy (PGP) is an encryption program used primarily for (3)

signing, encrypting, and decrypting e-mails in an attempt to increase the se- curity of e-mail communications.

ECC is used with (3)

smart cards, wireless security, and other communications such as VoIP and IPsec (with DSA). It can be susceptible to side-channel at- tacks (SCAs), which are attacks based on leaked information gained from the physical implementation (number and type of curves) of the cryptosystem, and fault attacks (a type of SCA), plus there are concerns about backdoors into the algorithm's random generator. Elliptic curve cryptography (as well as RSA and other algorithms) is also theoretically vulnerable to quantum cryptanalysis-based computing attacks.

Diffie-Hellman is considered secure against eavesdroppers due to the diffi- culty of mathematically solving the Diffie-Hellman problem. However, it is vulnerable to man-in-the-middle attacks. To prevent this,

some method of authentication is used such as password authentication. This algorithm is used by the Transport Layer Security (TLS) protocol during encrypted web sessions. When used in this manner, it works in ephemeral mode, meaning that keys are generated during each portion of the key establishment process, and are used for shorter periods of time than with static keys. It is this ephemeral process that achieves perfect forward secrecy (PFS), which ensures that the compromise of one message will not lead to the compromise of another message. This ephemeral version of Diffie-Hellman is called DHE, or sometimes Ephemeral Diffie-Hellman (EDH), because it uses an ephemeral key, meaning that the cryptographic key is generated for each ex- ecution of the key establishment process. One of the drawbacks to DHE is that it requires more computational power; however, there is an elliptic curve alternative, which we talk about in the next section.

Steganography can hide messages within encrypted documents by inserting extra encrypted information. The hidden messages can also be found in (types of files)(4)

sound files, image files, slowed-down video files, and regular Word docu- ments or Excel spreadsheets. Messages can also be concealed within VoIP conversations (known as Lost Audio Packets Steganography, or LACK), and within any streaming service as well. They can also be obscured on a com- promised wireless network with the HICCUPS system (Hidden Communica- tion System for Corrupted Networks).

AES is based on the substitution-permutation network, which

takes plaintext and the key and applies x number of rounds to create the ciphertext. These rounds consist of substitution boxes and permutation boxes (usually in groups of 4×4 bytes) that convert the plaintext input bits to ciphertext out-put bits. AES specifies 10, 12, or 14 rounds for each of the respective versions.

In the Diffie-Hellman scheme, each user

generates a public/private key pair and distributes a public key to everyone else. After two or more users obtain a copy of the others' public keys, they can be used to create a shared secret used as the key for a symmetric cipher. Due to the varying methods of public key cryptography, the whole subject can become somewhat confusing. Re- member that there will always be a private key and a public key involved, and that public key cryptography can use asymmetric keys alone or in addi- tion to symmetric keys.

Key management deals with the relationship between users and keys; it's im- portant to manage the __(4) of those keys.

generation, exchange, storage, and usage

One of the issues with a one-time pad is

that it requires perfect randomness. The problem with computer-based random number generators is that they usually aren't truly random because high-quality random numbers are diffi- cult to generate; instead, they are pseudorandom number generators (PRNGs), discussed a bit later. Another issue is that the exchange of the one- time pad data must be equal to the length of the message. It also requires proper disposal, which is difficult due to data remanence.

By definition, cryptography is

the practice and study of hiding information, or more accurately, hiding the meaning of the infor- mation. It is used in e-commerce and with passwords. Most commonly, en- cryption is used to hide a message's meaning and make it secret.

Encryption is

the process of changing information using an algorithm (or cipher) into another form that is unreadable by others—un- less they possess the key to that data. Encryption is used to secure communi- cations and to protect data as it is transferred from one place to another. The reverse, decryption, can be accomplished in two ways: First, by using the proper key to unlock the data, and second, by cracking the original encryp- tion key. Encryption enforces confidentiality of data.

Keys can be private or public. A private key is only known to a specific user or users who keep the key a secret. A public key is known to all parties in- volved in encrypted transactions within a given group. An example of a pri- vate key would be

the usage of an encrypted smart card for authentication. Smart cards, ExpressCard/PC Card technology, and USB flash drives are ex- amples of devices that can store keys. When private keys are stored on these types of devices and delivered outside of a network, it is known as out-of- band key exchange. An example of a public key would be when two people want to communicate securely with each other over the Internet; they would require a public key that each of them knows. When this key transfer hap- pens over a network, it is known as in-band key exchange.

RC4 is a somewhat widely used stream cipher in protocols such as SSL, WEP, and RDP. It is known for its speed and simplicity. However, it is avoid- ed when designing newer applications and technologies due to several vul- nerabilities; when used with WEP on wireless networks, it can be cracked quickly with the use of aircrack-ptw. One way to avoid this to a certain extent is

to use the Temporal Key Integrity Protocol (TKIP) with WEP. However, it still is recommended that AES and WPA2 be used in wireless networks.

3DES key size

up to 168 Bit

Twofish key size

up to 256 bits

Blowfish key size

variable, between 32 and 448 bits

Diffie-Hellman is considered secure against eavesdroppers due to the diffi- culty of mathematically solving the Diffie-Hellman problem. However, it is vulnerable to man-in-the-middle attacks. To prevent this, some method of authentication is used such as password authentication. This algorithm is used by the Transport Layer Security (TLS) protocol during encrypted web sessions. When used in this manner, it

works in ephemeral mode, meaning that keys are generated during each portion of the key establishment process, and are used for shorter periods of time than with static keys. It is this ephemeral process that achieves perfect forward secrecy (PFS), which ensures that the compromise of one message will not lead to the compromise of another message. This ephemeral version of Diffie-Hellman is called DHE, or sometimes Ephemeral Diffie-Hellman (EDH), because it uses an ephemeral key, meaning that the cryptographic key is generated for each ex- ecution of the key establishment process. One of the drawbacks to DHE is that it requires more computational power; however, there is an elliptic curve alternative, which we talk about in the next section.

AES block size

128 bit

Twofish block size

128 bits

Twofish typical key size(s)

128, 192, 256-bit

RC4 typical key size

128-bit typical

A block cipher is a type of algorithm that encrypts a group of bits collec- tively as individual units known as blocks. For example, the Advanced En- cryption Standard (AES) algorithm can use __(#)-bit or __(#)-bit block ciphers.

128; 256

In general, the size of the public key in an elliptic curve-based algorithm can be

1/6 the size of the non-elliptic curve version. For example, ECDSA has a public key that is 160 bits, but regular DSA uses a public key that is 1024 bits. This is part of the reasoning behind the reduced amount of CPU power needed.

AES is based on the substitution-permutation network, which takes plaintext and the key and applies x number of rounds to create the ciphertext. These rounds consist of substitution boxes and permutation boxes (usually in groups of 4×4 bytes) that convert the plaintext input bits to ciphertext out-put bits. AES specifies __(#), __(#), or __(#) rounds for each of the respective versions.

10; 12; 14

RC6

256-bit typical

Let's talk about some asymmetric key algorithms. The original and very com- mon RSA (which stands for Rivest, Shamir, and Adleman, the creators) is a public key cryptography algorithm. As long as the proper size keys are used, it is considered to be a secure protocol and is used in many e-commerce sce- narios. It is slower than symmetric key algorithms but has advantages of be- ing suitable for signing and for encryption. It works well with credit card se- curity and TLS/SSL. Key lengths for RSA are much longer than in symmetric cryptosystems. For example,

512-bit RSA keys have proven to be breakable over a decade ago; however, 1024-bit keys are currently considered unbreak- able by most known technologies, but RSA still recommends using the longer 2048-bit key, which should deter even the most powerful super hack- ers. It is important to note that asymmetric algorithm keys need to be much larger than their symmetric key counterparts to be as effective. For example, a 128-bit symmetric key is essentially equal to a 2304-bit asymmetric key in strength.

3DES block size

64 bit

Blowfish block size

64 bit

DES block size

64 bits

RC5 typical key size

64-bit typical

Note: FIPS-compliant could be in the form of a hardware- or software- based crypto-module. For example, FIPS 140-1 and 140-2 spec- ify Microsoft as a proper vendor; see this link for more: http://csr- c.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm). Microsoft includes a software library known as the __ that implements the Microsoft CryptoSPI (a sys- tem program interface).

Cryptographic Service Provider (CSP)

Elliptic curve cryptography (ECC) is a type of public key cryptography based on the structure of an elliptic curve. It uses logarithms calculated against a finite field and is based on the difficulty of certain mathematical problems. It uses smaller keys than most other encryption methods. Keys are created by graphing specific points on the curve, which were generated mathematically. All parties involved must agree on the elements that define the curve. This asymmetric algorithm has a compact design, leading to re- duced computational power compared to other asymmetric algorithms, yet it creates keys that are difficult to crack. Other algorithms have been adapted to work with elliptic curves, including (2) (describe)

Diffie-Hellman and the Digital Signature Algorithm (DSA). The Diffie-Hell- man version (known as Elliptic Curve Diffie-Hellman, or ECDH) uses elliptic curve public/private key pairs to establish the secret key. Another variant,Elliptic Curve Diffie-Hellman Ephemeral (ECDHE), runs in ephemeral mode, which as previously stated makes sure that a compromised message won't start a chain reaction, and that other messages maintain their integrity. By its very design, the elliptic curve solves the problem of the extra computational power required by DHE. DSA is a U.S. federal government standard public key encryption algorithm used in digital signatures. The el- liptic version is known as ECDSA. In general, the size of the public key in an elliptic curve-based algorithm can be 1/6 the size of the non-elliptic curve version. For example, ECDSA has a public key that is 160 bits, but regular DSA uses a public key that is 1024 bits. This is part of the reasoning behind the reduced amount of CPU power needed.

Encryption is the process of changing information using an algorithm (or cipher) into another form that is unreadable by others—un- less they possess the key to that data. Encryption is used to secure communi- cations and to protect data as it is transferred from one place to another. The reverse, decryption, can be accomplished in two ways:

First, by using the proper key to unlock the data, and second, by cracking the original encryp- tion key. Encryption enforces confidentiality of data.

CBC is a commonly used mode that builds on ECB by XORing each block of plaintext with the previous ciphertext block that was created. CBC is one of the modes that require a unique binary sequence (an initializa- tion vector, or IV) for each encryption operation. The IV can be a vulnerabili- ty, as in the CBC IV attack, where a predictable IV can lead to the decipher- ing of all blocks, because each one is based on the block previous. Secure coding concepts should be employed when using CBC or a separate block mode should be selected altogether such as

GCM, which is considered to be a more efficient mode. The mode chosen will depend on the purpose of the en- cryption and the application it is being developed for.

You may have heard of the terms DEK, KEK, and MEK. These are different types of keys used during the encryption process. AES provides a good place to discuss these. (discuss them)

Let's say you have data that you need encrypted and you de- cide to use AES to do so. When AES encrypts the data, it does so with a data encryption key (DEK). To make an encryption system more secure, you can store that DEK in an encrypted format. This is done with a key encryption key (KEK) and can be stored in a separate location for additional security if need be. A master encrypting key (MEK), or simply master key, is another type of key that describes either a DEK or KEK being used. For example, in a secure storage scenario, the master key will be a DEK that is used to encrypt data that is put in a user's protected storage area. It is encrypted by a KEK that is based on the user's password. That is a very basic explanation of DEK, KEK, and MEK. For the Security+ exam you should be able to define them, and understand that they can be instrumental in dealing with secure storage of data, potentially in multiple locations. However, unless you are a develop- er, you most likely won't be working with each type of key individually.

In 2000, RSA Security released the RSA algorithm to the public. Therefore, no licensing fees are required if an organization decides to use or modify the algorithm. RSA published a group of standards known as __ in an effort to promote its various public key tech- niques.

PKCS (Public-Key Cryptography Standards)

In the late 1990s, the National Institute of Standards and Technology (NIST) started a competition to develop a more advanced type of encryption. There were 15 submissions, including Serpent, Twofish, RC6, and others, but the selected winner was __. This submission was then further developed into the Advanced Encryption Standard (AES) and became the U.S. federal government standard in 2002.

Rijndael

AES is fast, uses minimal resources, and can be used on a variety of plat- forms. For example, it is the encryption algorithm of choice if you have a wireless network running the WPA2 protocol; the IEEE 802.11i standard specifies the usage of AES with WPA2, and in the process deprecates WEP. (See Chapter 9, "Securing Network Media and Devices," for more about WEP and WPA.) You will also find AES as the encrypting protocol for remote con- trol applications. These are examples of data in motion (also called data in transit). Any network session that uses AES would fall into this category. But memory encryption would fall into that category as well. For example, there are programs that can encrypt passwords and other personally identifiable information (PII) as it is passing through RAM. They often use AES or Twofish. In addition, AES is a good choice for transferring encrypted data quickly to a USB flash drive. It is also used as the

Windows Encrypting File System (EFS) algorithm and in whole disk encryption techniques such as BitLocker.

CBC is a commonly used mode that builds on ECB by

XORing each block of plaintext with the previous ciphertext block that was created. CBC is one of the modes that require a unique binary sequence (an initializa- tion vector, or IV) for each encryption operation. The IV can be a vulnerabili- ty, as in the CBC IV attack, where a predictable IV can lead to the decipher- ing of all blocks, because each one is based on the block previous. Secure coding concepts should be employed when using CBC or a separate block mode should be selected altogether such as GCM, which is considered to be a more efficient mode. The mode chosen will depend on the purpose of the en- cryption and the application it is being developed for.

A one-time pad (also known as the Vernam cipher, named after the engi- neer Gilbert Vernam) is a stream cipher that encrypts plaintext with a secret random key that is the same length as the plaintext. It uses a string of bits that is generated at random (known as

a keystream).

A one-time pad (also known as the Vernam cipher, named after the engi- neer Gilbert Vernam) is

a stream cipher that encrypts plaintext with a secret random key that is the same length as the plaintext. It uses a string of bits that is generated at random (known as a keystream). Encryption is accom- plished by combining the keystream with the plaintext message using the bitwise XOR operator to produce the ciphertext. Because the keystream is randomized, even an attacker with a plethora of computational resources on hand can only guess the plaintext if the attacker sees the ciphertext. Unlike other encryption types, it can be computed by hand with a pencil and paper (thus the word "pad" in the name), although today computers will be used to create a one-time pad algorithm for use with technology. It has been proven as impossible to crack if used correctly and is known as being "infor- mation-theoretically secure"; it is the only cryptosystem with theoretically perfect secrecy. This means that it provides no information about the origi- nal message to a person trying to decrypt it illegitimately. However, issues with this type of encryption have stopped it from being widely used. Because of this, the acronym OTP is more commonly associated with "one-time pass- words," which we talk about later in this chapter. One of the issues with a one-time pad is that it requires perfect randomness. The problem with computer-based random number generators is that they usually aren't truly random because high-quality random numbers are diffi- cult to generate; instead, they are pseudorandom number generators (PRNGs), discussed a bit later. Another issue is that the exchange of the one- time pad data must be equal to the length of the message. It also requires proper disposal, which is difficult due to data remanence.

Elliptic curve cryptography (ECC) is

a type of public key cryptography based on the structure of an elliptic curve. It uses logarithms calculated against a finite field and is based on the difficulty of certain mathematical problems. It uses smaller keys than most other encryption methods. Keys are created by graphing specific points on the curve, which were generated mathematically. All parties involved must agree on the elements that define the curve. This asymmetric algorithm has a compact design, leading to re- duced computational power compared to other asymmetric algorithms, yet it creates keys that are difficult to crack.

RC4 is a somewhat widely used stream cipher in protocols such as SSL, WEP, and RDP. It is known for its speed and simplicity. However, it is avoid- ed when designing newer applications and technologies due to several vul- nerabilities; when used with WEP on wireless networks, it can be cracked quickly with the use of

aircrack-ptw.

A cipher is

an algorithm that can perform encryption or de- cryption. A basic example would be to take the plaintext word "code" and en- crypt it as a ciphertext using a specific algorithm. The end result could be anything, depending on the algorithm used, but, for example, let's say the end result was the ciphertext "zlab." I don't know about you, but "zlab" looks like gibberish to me. (Although if you Google it, I'm sure you'll find all kinds of endless fun.) You've probably already guessed at my cipher—each letter of the plaintext word "code" was stepped back three letters in the alphabet. Historical ciphers use substitution methods such as this, and transposition methods as well. However, actual algorithms today are much more complex.Algorithms are well-defined instructions that describe computations from their initial state to their final state. IF-THEN statements are examples of computer algorithms. The entire set of instructions is the cipher.

Internet standards, such as SSL/TLS and PGP, use public key cryptography. Don't confuse the term public key cryptography with public key in- frastructure (PKI). Although they are related, they are not the same. PKI is an entire system of hardware, software, policies, and so on, that binds public keys with user identities by way of certificates and a certificate authority (server or other such device). A certificate is

an electronic document that uses a digital signature to bind the key with the identity.

Pretty Good Privacy (PGP) is

an encryption program used primarily for signing, encrypting, and decrypting e-mails in an attempt to increase the se- curity of e-mail communications. You might remember that we previously discussed weaknesses of e-mail client programs when sending via POP3 and SMTP servers. PGP uses (actually wrote) the encryption specifications as shown in the OpenPGP standard; other similar programs use this as well. Today, PGP has an entire suite of tools that can encrypt e-mail, accomplish whole disk encryption, and encrypt zip files and instant messages. PGP uses a symmetric session key (also referred to as a preshared key, or PSK), and as such, you might hear PGP referred to as a program that uses symmetric en- cryption, but it also uses asymmetric RSA for digital signatures and for send- ing the session key. Because of this it is known as a hybrid cryptosystem, combining the best of conventional systems and public key cryptography. When encrypting data, PGP uses key sizes of at least 128 bits. Newer ver- sions allow for RSA or DSA key sizes ranging from 512 bits to 2048 bits. The larger the key, the more secure the encryption is, but the longer it takes to generate the keys; although, this is done only once when establishing a con- nection with another user. The program uses a combination of hashing, data compression, symmetric key cryptography, and public key cryptography. New versions of the program are not fully compatible with older versions be- cause the older versions cannot decrypt the data that was generated by a newer version. This is one of the issues when using PGP; users must be sure to work with the same version. Newer versions of PGP support OpenPGP and S/MIME, which allows for secure communications with just about everyone.

When encrypting data, PGP uses key sizes of

at least 128 bits. Newer ver- sions allow for RSA or DSA key sizes ranging from 512 bits to 2048 bits. The larger the key, the more secure the encryption is, but the longer it takes to generate the keys; although, this is done only once when establishing a con- nection with another user. The program uses a combination of hashing, data compression, symmetric key cryptography, and public key cryptography. New versions of the program are not fully compatible with older versions be- cause the older versions cannot decrypt the data that was generated by a newer version. This is one of the issues when using PGP; users must be sure to work with the same version. Newer versions of PGP support OpenPGP and S/MIME, which allows for secure communications with just about everyone.

Key management deals with the relationship between users and keys; it's im- portant to manage the generation, exchange, storage, and usage of those keys. It is crucial technically, and organizationally, because issues can present themselves due to poorly designed key systems and poor manage- ment. Keys must be chosen and stored securely. The generation of strong keys is probably the most important concept. Some algorithms have weak keys that make cryptanalysis easy. For example, DES uses a considerably weaker key than AES; the stronger the key, the stronger the key manage- ment. We detail several methods for the exchange of keys later in this chap- ter, including encapsulating one key within another, using key indicators, and exchanging symmetric session keys with an asymmetric key algorithm— in effect, ciphering our cipher. (We'll talk more about session keys in Chap- ter 15.) Secure storage of keys often depends on users and passwords, or oth- er authentication schemes. Proper storage of keys allows for

availability, part of the CIA triad. Finally, keys should be replaced frequently.

A one-time pad (also known as the Vernam cipher, named after the engi- neer Gilbert Vernam) is a stream cipher that encrypts plaintext with a secret random key that is the same length as the plaintext. It uses a string of bits that is generated at random (known as a keystream). Encryption is accom- plished by combining the keystream with the plaintext message using the bitwise XOR operator to produce the ciphertext. Because the keystream is randomized, even an attacker with a plethora of computational resources on hand can only guess the plaintext if the attacker sees the ciphertext. Unlike other encryption types, it can

be computed by hand with a pencil and paper (thus the word "pad" in the name), although today computers will be used to create a one-time pad algorithm for use with technology. It has been proven as impossible to crack if used correctly and is known as being "infor- mation-theoretically secure"; it is the only cryptosystem with theoretically perfect secrecy. This means that it provides no information about the origi- nal message to a person trying to decrypt it illegitimately. However, issues with this type of encryption have stopped it from being widely used. Because of this, the acronym OTP is more commonly associated with "one-time pass- words," which we talk about later in this chapter.

Let's talk about some asymmetric key algorithms. The original and very com- mon RSA (which stands for Rivest, Shamir, and Adleman, the creators) is a public key cryptography algorithm. As long as the proper size keys are used, it is considered to be a secure protocol and is used in many e-commerce sce- narios. It is slower than symmetric key algorithms but has advantages of

be- ing suitable for signing and for encryption. It works well with credit card se- curity and TLS/SSL. Key lengths for RSA are much longer than in symmetric cryptosystems. For example, 512-bit RSA keys have proven to be breakable over a decade ago; however, 1024-bit keys are currently considered unbreak- able by most known technologies, but RSA still recommends using the longer 2048-bit key, which should deter even the most powerful super hack- ers. It is important to note that asymmetric algorithm keys need to be much larger than their symmetric key counterparts to be as effective. For example, a 128-bit symmetric key is essentially equal to a 2304-bit asymmetric key in strength.

A one-time pad (also known as the Vernam cipher, named after the engi- neer Gilbert Vernam) is a stream cipher that encrypts plaintext with a secret random key that is the same length as the plaintext. It uses a string of bits that is generated at random (known as a keystream). Encryption is accom- plished by

combining the keystream with the plaintext message using the bitwise XOR operator to produce the ciphertext. Because the keystream is randomized, even an attacker with a plethora of computational resources on hand can only guess the plaintext if the attacker sees the ciphertext.

Other examples of RSA encryption include tokens in the form of SecurID USB dongles, and devices such as hardware security modules (HSMs) and trusted platform modules (TPMs). All these devices can store RSA asymmet- ric keys and can be used to assist in user authentication. RSA key distribu- tion is vulnerable to man-in-the-middle attacks. However, these attacks are defensible through the use of

digital certificates and other parts of a PKI sys- tem that we detail in the next chapter. It is also susceptible to timing attacks that can be defended against through the use of cryptographic blinding: This blind computation provides encryption without knowing actual input or out- put information. Due to other types of attacks, it is recommended that a se- cure padding scheme be used. Padding schemes work differently depending on the type of cryptography. In public key cryptography, padding is the addi- tion of random material to a message to be sufficient, and incorporating a proof, making it more difficult to crack. A padding scheme is always in- volved, and algorithm makers such as RSA are always releasing improved versions.

Pretty Good Privacy (PGP) is an encryption program used primarily for signing, encrypting, and decrypting e-mails in an attempt to increase the se- curity of e-mail communications. You might remember that we previously discussed weaknesses of e-mail client programs when sending via POP3 and SMTP servers. PGP uses (actually wrote) the encryption specifications as shown in the OpenPGP standard; other similar programs use this as well. Today, PGP has an entire suite of tools that can (3)

encrypt e-mail, accomplish whole disk encryption, and encrypt zip files and instant messages.

Public key cryptography can become more intense. In some schemes, the private key is used to sign a message, and anyone can check the signature with the public key. This signing is done with a digital signature. A digital signature authenticates a document through math, letting the recipient know that the document was created and sent by the actual sender, and not someone else. So, it ensures integrity and non-repudiation, and it protects against forgery and tampering. The basic order of functions for the usage of asymmetric keys in this case would be (4)

encrypt, sign, decrypt, and verify.

Symmetric encryption is the preferred option when

encrypting and sending large amounts of data. This is in part because it usually takes far less time to encrypt and decrypt data than asymmetric encryption does.

Internet standards, such as SSL/TLS and PGP, use public key cryptography. Don't confuse the term public key cryptography with public key in- frastructure (PKI). Although they are related, they are not the same. PKI is an

entire system of hardware, software, policies, and so on, that binds public keys with user identities by way of certificates and a certificate authority (server or other such device). A certificate is an electronic document that uses a digital signature to bind the key with the identity.

Elliptic curve cryptography (ECC) is a type of public key cryptography based on the structure of an elliptic curve. It uses logarithms calculated against a finite field and is based on the difficulty of certain mathematical problems. It uses smaller

keys than most other encryption methods. Keys are created by graphing specific points on the curve, which were generated mathematically. All parties involved must agree on the elements that define the curve. This asymmetric algorithm has a compact design, leading to re- duced computational power compared to other asymmetric algorithms, yet it creates keys that are difficult to crack.

Pretty Good Privacy (PGP) is an encryption program used primarily for signing, encrypting, and decrypting e-mails in an attempt to increase the se- curity of e-mail communications. You might remember that we previously discussed weaknesses of e-mail client programs when sending via POP3 and SMTP servers. PGP uses (actually wrote) the encryption specifications as shown in the OpenPGP standard; other similar programs use this as well. Today, PGP has an entire suite of tools that can encrypt e-mail, accomplish whole disk encryption, and encrypt zip files and instant messages. PGP uses a symmetric session key (also referred to as a preshared key, or PSK), and as such, you might hear PGP referred to as a program that uses symmetric en- cryption, but

it also uses asymmetric RSA for digital signatures and for send- ing the session key. Because of this it is known as a hybrid cryptosystem, combining the best of conventional systems and public key cryptography. When encrypting data, PGP uses key sizes of at least 128 bits. Newer ver- sions allow for RSA or DSA key sizes ranging from 512 bits to 2048 bits. The larger the key, the more secure the encryption is, but the longer it takes to generate the keys; although, this is done only once when establishing a con- nection with another user. The program uses a combination of hashing, data compression, symmetric key cryptography, and public key cryptography. New versions of the program are not fully compatible with older versions be- cause the older versions cannot decrypt the data that was generated by a newer version. This is one of the issues when using PGP; users must be sure to work with the same version. Newer versions of PGP support OpenPGP and S/MIME, which allows for secure communications with just about everyone.

This ephemeral version of Diffie-Hellman is called DHE, or sometimes Ephemeral Diffie-Hellman (EDH), because it uses an ephemeral key, meaning that the cryptographic key is generated for each ex- ecution of the key establishment process. One of the drawbacks to DHE is that

it requires more computational power; however, there is an elliptic curve alternative, which we talk about in the next section.

Other examples of RSA encryption include tokens in the form of SecurID USB dongles, and devices such as hardware security modules (HSMs) and trusted platform modules (TPMs). All these devices can store RSA asymmet- ric keys and can be used to assist in user authentication. RSA key distribu- tion is vulnerable to

man-in-the-middle attacks. However, these attacks are defensible through the use of digital certificates and other parts of a PKI sys- tem that we detail in the next chapter. It is also susceptible to timing attacks that can be defended against through the use of cryptographic blinding: This blind computation provides encryption without knowing actual input or out- put information. Due to other types of attacks, it is recommended that a se- cure padding scheme be used. Padding schemes work differently depending on the type of cryptography. In public key cryptography, padding is the addi- tion of random material to a message to be sufficient, and incorporating a proof, making it more difficult to crack. A padding scheme is always in- volved, and algorithm makers such as RSA are always releasing improved versions.

Diffie-Hellman is considered secure against eavesdroppers due to the diffi- culty of mathematically solving the Diffie-Hellman problem. However, it is vulnerable to

man-in-the-middle attacks. To prevent this, some method of authentication is used such as password authentication. This algorithm is used by the Transport Layer Security (TLS) protocol during encrypted web sessions. When used in this manner, it works in ephemeral mode, meaning that keys are generated during each portion of the key establishment process, and are used for shorter periods of time than with static keys. It is this ephemeral process that achieves perfect forward secrecy (PFS), which ensures that the compromise of one message will not lead to the compromise of another message. This ephemeral version of Diffie-Hellman is called DHE, or sometimes Ephemeral Diffie-Hellman (EDH), because it uses an ephemeral key, meaning that the cryptographic key is generated for each ex- ecution of the key establishment process. One of the drawbacks to DHE is that it requires more computational power; however, there is an elliptic curve alternative, which we talk about in the next section.

Let's talk about some asymmetric key algorithms. The original and very com- mon RSA (which stands for Rivest, Shamir, and Adleman, the creators) is a public key cryptography algorithm. As long as the proper size keys are used, it is considered to be a secure protocol and is used in many e-commerce sce- narios. It is slower than symmetric key algorithms but has advantages of be- ing suitable for signing and for encryption. It works well with credit card se- curity and TLS/SSL. Key lengths for RSA are much longer than in symmetric cryptosystems. For example, 512-bit RSA keys have proven to be breakable over a decade ago; however, 1024-bit keys are currently considered unbreak- able by most known technologies, but RSA still recommends using the longer 2048-bit key, which should deter even the most powerful super hack- ers. It is important to note that asymmetric algorithm keys need to be

much larger than their symmetric key counterparts to be as effective. For example, a 128-bit symmetric key is essentially equal to a 2304-bit asymmetric key in strength.

Pretty Good Privacy (PGP) is an encryption program used primarily for signing, encrypting, and decrypting e-mails in an attempt to increase the se- curity of e-mail communications. You might remember that we previously discussed weaknesses of e-mail client programs when sending via POP3 and SMTP servers. PGP uses (actually wrote) the encryption specifications as shown in the OpenPGP standard; other similar programs use this as well. Today, PGP has an entire suite of tools that can encrypt e-mail, accomplish whole disk encryption, and encrypt zip files and instant messages. PGP uses a symmetric session key (also referred to as a preshared key, or PSK), and as such, you might hear PGP referred to as a program that uses symmetric en- cryption, but it also uses asymmetric RSA for digital signatures and for send- ing the session key. Because of this it is known as a hybrid cryptosystem, combining the best of conventional systems and public key cryptography. When encrypting data, PGP uses key sizes of at least 128 bits. Newer ver- sions allow for RSA or DSA key sizes ranging from 512 bits to 2048 bits. The larger the key, the more secure the encryption is, but the longer it takes to generate the keys; although, this is done only once when establishing a con- nection with another user. The program uses a combination of hashing, data compression, symmetric key cryptography, and public key cryptography. New versions of the program are not fully compatible with

older versions be- cause the older versions cannot decrypt the data that was generated by a newer version. This is one of the issues when using PGP; users must be sure to work with the same version. Newer versions of PGP support OpenPGP and S/MIME, which allows for secure communications with just about everyone.

Keys can be private or public. A private key is only known to a specific user or users who keep the key a secret. A public key is known to all parties in- volved in encrypted transactions within a given group. An example of a pri- vate key would be the usage of an encrypted smart card for authentication. Smart cards, ExpressCard/PC Card technology, and USB flash drives are ex- amples of devices that can store keys. When private keys are stored on these types of devices and delivered outside of a network, it is known as

out-of- band key exchange. An example of a public key would be when two people want to communicate securely with each other over the Internet; they would require a public key that each of them knows. When this key transfer hap- pens over a network, it is known as in-band key exchange.

Diffie-Hellman is considered secure against eavesdroppers due to the diffi- culty of mathematically solving the Diffie-Hellman problem. However, it is vulnerable to man-in-the-middle attacks. To prevent this, some method of authentication is used such as password authentication. This algorithm is used by the Transport Layer Security (TLS) protocol during encrypted web sessions. When used in this manner, it works in ephemeral mode, meaning that keys are generated during each portion of the key establishment process, and are used for shorter periods of time than with static keys. It is this ephemeral process that achieves

perfect forward secrecy (PFS), which ensures that the compromise of one message will not lead to the compromise of another message. This ephemeral version of Diffie-Hellman is called DHE, or sometimes Ephemeral Diffie-Hellman (EDH), because it uses an ephemeral key, meaning that the cryptographic key is generated for each ex- ecution of the key establishment process. One of the drawbacks to DHE is that it requires more computational power; however, there is an elliptic curve alternative, which we talk about in the next section.

Currently, quantum cryptography is a reality only in the form of

quantum key distribution (QKD), which does have various protocols based on it. It commonly uses a fiber channel (fiber-optic matrix) to transmit quantum in- formation, which can be very costly. In fact, the entire procedure is quite ex- pensive and difficult to undertake, making it uncommon. But it is known to have flaws. Let's remember one general rule about security: There is no per- fect, utopian, secure solution. Given time, every encryption technique is ex- ploited and its vulnerabilities are exposed. It would follow that quantum en- cryption is no exception.

Key management deals with the relationship between users and keys; it's im- portant to manage the generation, exchange, storage, and usage of those keys. It is crucial technically, and organizationally, because issues can present themselves due to poorly designed key systems and poor manage- ment. Keys must be chosen and stored securely. The generation of strong keys is probably the most important concept. Some algorithms have weak keys that make cryptanalysis easy. For example, DES uses a considerably weaker key than AES; the stronger the key, the stronger the key manage- ment. We detail several methods for the exchange of keys later in this chap- ter, including encapsulating one key within another, using key indicators, and exchanging symmetric session keys with an asymmetric key algorithm— in effect, ciphering our cipher. (We'll talk more about session keys in Chap- ter 15.) Secure storage of keys often depends on users and passwords, or oth- er authentication schemes. Proper storage of keys allows for availability, part of the CIA triad. Finally, keys should be

replaced frequently. If a particular user uses a key for too long, it increases the chances of the key being cracked. Keys, like passwords, should be changed and/or recycled often.

CBC is a commonly used mode that builds on ECB by XORing each block of plaintext with the previous ciphertext block that was created. CBC is one of the modes that

require a unique binary sequence (an initializa- tion vector, or IV) for each encryption operation. The IV can be a vulnerabili- ty, as in the CBC IV attack, where a predictable IV can lead to the decipher- ing of all blocks, because each one is based on the block previous. Secure coding concepts should be employed when using CBC or a separate block mode should be selected altogether such as GCM, which is considered to be a more efficient mode. The mode chosen will depend on the purpose of the en- cryption and the application it is being developed for.

The symmetric key algorithm is a class of cipher that uses a single key, identical keys, or closely related keys for both encryption and decryption. The term symmetric key is also referred to as the following: (4)

secret key, pri- vate key, single key, and shared key.

Diffie-Hellman is considered secure against eavesdroppers due to the diffi- culty of mathematically solving the Diffie-Hellman problem. However, it is vulnerable to man-in-the-middle attacks. To prevent this, some method of authentication is used such as password authentication. This algorithm is used by the Transport Layer Security (TLS) protocol during encrypted web sessions. When used in this manner, it works in ephemeral mode, meaning that keys are generated during each portion of the key establishment process, and are used for shorter periods of time than with

static keys.

One of the issues with a one-time pad is that it requires perfect randomness. The problem with computer-based random number generators is that they usually aren't truly random because high-quality random numbers are diffi- cult to generate; instead, they are pseudorandom number generators (PRNGs), discussed a bit later. Another issue is that

the exchange of the one- time pad data must be equal to the length of the message. It also requires proper disposal, which is difficult due to data remanence.

Diffie-Hellman is considered secure against eavesdroppers due to

the diffi- culty of mathematically solving the Diffie-Hellman problem. However, it is vulnerable to man-in-the-middle attacks. To prevent this, some method of authentication is used such as password authentication. This algorithm is used by the Transport Layer Security (TLS) protocol during encrypted web sessions. When used in this manner, it works in ephemeral mode, meaning that keys are generated during each portion of the key establishment process, and are used for shorter periods of time than with static keys. It is this ephemeral process that achieves perfect forward secrecy (PFS), which ensures that the compromise of one message will not lead to the compromise of another message. This ephemeral version of Diffie-Hellman is called DHE, or sometimes Ephemeral Diffie-Hellman (EDH), because it uses an ephemeral key, meaning that the cryptographic key is generated for each ex- ecution of the key establishment process. One of the drawbacks to DHE is that it requires more computational power; however, there is an elliptic curve alternative, which we talk about in the next section.

In 2000, RSA Security released the RSA algorithm to the public. Therefore, no licensing fees are required if an organization decides to use or modify the algorithm. RSA published a group of standards known as PKCS (Public-Key Cryptography Standards) in an effort to promote its various public key tech- niques. For example, PKCS #1 defines __. Another example is PKCS #11, which defines __.

the mathematical properties of RSA public and private keys; how HSMs utilize RSA

A common example of steganography is when using graphic files to send hidden messages. In this scenario, the least significant bit of each byte is re- placed. For example, we could shade the color of a pixel (or triad) just slight- ly. This slight change would change the binary number associated with the color, enabling us to insert information. The color blue is represented as three bytes of data numbered 0, 0, and 255. We could change the color blue slightly to 1, 0, 255. This would not make the graphic look any different to the naked eye, but the change would be there nonetheless. This would be done in several or more pixels of the graphic to form the message. For this to work,

the recipient would first need to have possession of the original file. Then the sender would transmit the modified steganographic file to be com- pared with the original by the recipient. There are several programs available on the Internet that facilitate and automate this process. Remember that one of the goals of steganography is to provide obfuscation, meaning making something obscure and unclear. This can be difficult to do manually, and more difficult to undo manually, so use reliable vendor-provided tools to aid in the process.

AES is purportedly susceptible to

the related-key attack, if the attacker has some information about the mathematical relationship between several dif- ferent keys. Side-channel attacks can also circumvent the AES cipher using malware to obtain privilege escalation. These are ways of attacking the im- plementation of the protocol, but not the protocol itself.

A one-time pad (also known as the Vernam cipher, named after the engi- neer Gilbert Vernam) is a stream cipher that encrypts plaintext with a secret random key that is the same length as the plaintext. It uses a string of bits that is generated at random (known as a keystream). Encryption is accom- plished by combining the keystream with the plaintext message using the bitwise XOR operator to produce the ciphertext. Because the keystream is randomized, even an attacker with a plethora of computational resources on hand can only guess the plaintext if the attacker sees the ciphertext. Unlike other encryption types, it can be computed by hand with a pencil and paper (thus the word "pad" in the name), although today computers will be used to create a one-time pad algorithm for use with technology. It has been proven as impossible to crack if used correctly and is known as being "infor- mation-theoretically secure"; it is the only cryptosystem with

theoretically perfect secrecy. This means that it provides no information about the origi- nal message to a person trying to decrypt it illegitimately. However, issues with this type of encryption have stopped it from being widely used. Because of this, the acronym OTP is more commonly associated with "one-time pass- words," which we talk about later in this chapter.

Other examples of RSA encryption include (3)

tokens in the form of SecurID USB dongles, and devices such as hardware security modules (HSMs) and trusted platform modules (TPMs). All these devices can store RSA asymmet- ric keys and can be used to assist in user authentication. RSA key distribu- tion is vulnerable to man-in-the-middle attacks. However, these attacks are defensible through the use of digital certificates and other parts of a PKI sys- tem that we detail in the next chapter. It is also susceptible to timing attacks that can be defended against through the use of cryptographic blinding: This blind computation provides encryption without knowing actual input or out- put information. Due to other types of attacks, it is recommended that a se- cure padding scheme be used. Padding schemes work differently depending on the type of cryptography. In public key cryptography, padding is the addi- tion of random material to a message to be sufficient, and incorporating a proof, making it more difficult to crack. A padding scheme is always in- volved, and algorithm makers such as RSA are always releasing improved versions.

A common example of steganography is

when using graphic files to send hidden messages. In this scenario, the least significant bit of each byte is re- placed. For example, we could shade the color of a pixel (or triad) just slight- ly. This slight change would change the binary number associated with the color, enabling us to insert information. The color blue is represented as three bytes of data numbered 0, 0, and 255. We could change the color blue slightly to 1, 0, 255. This would not make the graphic look any different to the naked eye, but the change would be there nonetheless. This would be done in several or more pixels of the graphic to form the message. For this to work, the recipient would first need to have possession of the original file. Then the sender would transmit the modified steganographic file to be com- pared with the original by the recipient. There are several programs available on the Internet that facilitate and automate this process. Remember that one of the goals of steganography is to provide obfuscation, meaning making something obscure and unclear. This can be difficult to do manually, and more difficult to undo manually, so use reliable vendor-provided tools to aid in the process.


संबंधित स्टडी सेट्स

Short Term & Working Memory Quiz 5

View Set

Chapter 1 Introduction: Principles of Psychology

View Set

Intro-Into-Business: Ch. 7 Learn Smart

View Set

Вступ до математичного аналізу

View Set

Chapter 11 & 12 Test Earth Science

View Set

Chapter 48: Caring for Clients with Disorders of the Lower Gastrointestinal Tract

View Set