Ch12: Logical Security Concepts

What type of network access is facilitated by VPN?

A Virtual Private Network (VPN) is often deployed to provide remote access to users who cannot otherwise make a physical connection an office network. A remote access VPN means that the user can connect to a private network using a public network for transport. Encryption and authentication are used to make sure the connection is private and only available to authorized users. You might also mention that VPNs can be used to other types of access (such as connecting one network site to another).

What type of cryptographic key is delivered in a digital certificate?

A digital certificate is a wrapper for a subject's public key. The public and private keys in an asymmetric cipher are paired. If one key is used to encrypt a message, only the other key can then decrypt it.

What distinguishes a cryptographic hash from the output of an encryption algorithm?

An encrypted cipher text can be decrypted by using the correct key; a cryptographic hash is irreversibly scrambled.

What type of cryptographic algorithm is AES?

The Advanced Encryption Standard (AES) is a symmetric encryption cipher. This means that the same key can be used to perform both encryption and decryption operations on a message.

While you are assigning privileges to the accounting department in your organization, Cindy, a human resource administrative assistant, insists that she needs access to the employee records database so that she can fulfill change of address requests from employees. After checking with her manager and referring to the organization's access control security policy, Cindy's job role does not fall into the authorized category for access to that database. What security concept is being practiced in this scenario?

The principle of least privilege.

Confidentiality and integrity are two important properties of information stored in a secure retrieval system. What is the third property?

Availability—information that is inaccessible is not of much use to authorized users. For example, a secure system must protect against Denial of Service(DoS) attacks.

John brought in the new tablet he just purchased and tried to connect to the corporate network. He knows the SSID of the wireless network and the password used to access the wireless network. He was denied access, and a warning message was displayed that he must contact the IT Department immediately. What happened and why did he receive the message?

John's new tablet probably does not meet the compliance requirements for network access. Being a new device, it might not have had updates and patches applied, it might not have appropriate virus protection installed, or it does not meet some other compliance requirement. This caused the system to appear asa non-compliant system to the network, and network access was denied.