ISA3100 Chapter 8 Review, HS 155 Final (Chapter 8), Information Security Management Chapter 8,, Chapter 8: Information Security, Principles of Info Security (6th Ed.) -
__________ are encrypted messages that can be mathematically proven to be authentic. A) Digital signatures B) MAC C) Message certificates D) Message digests
A) Digital signatures
The CA periodically distributes a(n) _________ to all users that identifies all revoked certificates. A) CRL B) RA C) MAC D) RDL
A) CRL
Digital signatures should be created using processes and products that are based on the __________. A) DSS B) NIST C) SSL D) HTTPS
A) DSS
A __________ is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest.
MAC
Two basic processing methods are used to convert plaintext data into encrypted data
bit stream and block ciphering.
In a book cipher, the key consists of a list of codes representing the page number, line number, and word number of the plaintext word.
false
Digital Certificates
• Electronic document/container file containing key value and identifying information about entity that controls key. • Distinguished name (DN): uniquely identifies a certificate entity.
Public-Key Infrastructure (PKI)
• Integrated system of software, encryption methodologies, protocols, legal agreements, and thirdparty services enabling users to communicate securely
Substitution Cipher
• Substitutes or exchanges one value for another
Steganography
• The process of hiding messages; for example, hiding a message within the digital encoding of a picture or graphic so that it is almost impossible to detect that the hidden message even exists • Also known as the art of secret writing
Book-Based Ciphers
• Uses text from a predetermined book as a key to decrypt a message. • Book cipher: ciphertext consists of a list of codes representing page, line, and word numbers of plaintext word.
Cryptography = The process of making and using codes to secure information Cryptanalysis = The process of obtaining the plaintext message from a ciphertext message without knowing the keys used to perform the encryption
1. What are cryptography and cryptanalysis?
> Digital signatures are encrypted message components that can be mathematically proven as authentic > Digital certificates are public-key container files that allow PKI system components and end users to validate a public key and identify its owner. > Difference: A digital certificate is a wrapper for a key value. A digital signature is a combination of a message digest and other information used to assure nonrepudiation.
10. What is the difference between a digital signature and a digital certificate?
The Diffie-Hellman exchange uses session keys, which protects data from exposure to third parties, which is sometimes a problem when keys are exchanged out of band.
11. What critical issue in symmetric and asymmetric encryption is resolved by using a hybrid method like Diffie-Hellman?
> Steganography is the process of hiding messages. > Used to hide a message in the digital encoding of a picture/graphic so it's impossible to detect that the hidden message even exists / protects confidentiality of information in transit. Steganography is a process used to hide messages within digital encoding of pictures and graphics. It is a concern for security professionals because hidden messages can contain sensitive information that needs to be protected.
12. What is steganography, and what can it be used for?
> Secure HTTP (S-HTTP): An extended version of HTTP that provides for the encryption of protected web pages transmitted via the internet between a client and server > Secure Sockets Layer (SSL): A security protocol developed by Netscape to use public key encryption to secure a channel over the internet. > Secure Electronic Tansactions (SET): A protocol developed by credit card companies to protect against electronic payment fraud.
13. Which security protocols are predominantly used in Web-based electronic commerce?
> S/MIME (Secure Multipurpose Internet Mail Extensions): Security protocol that builds on the encoding format of the multipurpose internet mail extensions protocol and uses digital signatures based on public key cryptosystems to secure email. > PEM (Privacy-Enhanced Mail): A standard proposed by the internet engineering task force that uses 3des symmetric key encryption and RSA for key exchanges and digital signatures > PGP (Pretty Good Privacy): Hybrid cryptosystem that combines some of the best available cryptographic algorithms.
14. Which security protocols are used to protect e-mail?
> Modes: Transport and Tunnel > Transport: Only packet's IP data is encrypted, NOT the IP headers; this allows intermediate nodes to read source and destination addresses. > Tunnel: ENTIRE IP packet is encrypted and inserted as the payload in another IP packet. Systems at the ends of the tunnel must act as proxies to send and receive the encrypted packets and transmit the packets to their destination
15. IPSec can be implemented using two modes of operation. What are they?
> Uses pre-identified terms: Dictionary attack > All possible key combinations: Brute force attack (?)
16. Which kind of attack on cryptosystems involves using a collection of pre-identified terms? Which kind of attack involves sequential guessing of all possible key combinations?
SHA-1 produces a(n) ___________-bit message digest, which can then be used as an input to a digital signature algorithm.
160
> Key size: 128+ > Why: The current "gold standard" is to ensure that all computing device are capable of AES 256 bit encryption. The more bits, the better. 128 gives you 19 sextillion years, so...
17. If you were setting up an encryption-based network, what key size would you choose and why?
> Key size: WPA used 128-bit keys, and NextGen Wireless Protocols such as RNS uses up to 256
18. What is the typical key size of a strong encryption system used on the Web today?
> Standard: Advanced Encyption Standard (AES): Current federal standard for the encryption of data, as specified by NIST. Based on Rijndael algorithm, developed by VINCENT RIJMEN an JOAN DAEMEN - should be unclassified, publicly disclosed, and available royalty-free worldwide - implements Rijndael Block Cipher with variable block length and key length of 128, 192, 256 bits
19. What encryption standard is currently recommended by NIST?
Concealing military and political secrets while they were transported from place to place Julius Caesar (50 B.C)
2. What was the earliest reason for the use of cryptography?
> SET, SSL, S-HTTP, Secure Shell (SSH-2), and IP Security (IPSec) > SET (Secure Electronic Transactions): --Developed by MasterCard and Visa in 1997 to protect against electronic payment fraud --Uses DES to enrcypt card info transfers and RSA for key exchange --Internet-based AND in-store swipes > SSL (Secure Sockets Layer): --Developed by Netscape to use a public-key encryption to secure a channel over the Internet --Most popular browsers use it --Provides 2 protocols in TCP framework: SSL Record Protocol and Standard HTTP > S-HTTP (Secure HTTP): --Extended version of HTTP --Provides for encryption of protected Web pages transmitted via Internet between client and server --Application of SSL over HTTP, protected and secure virtual connection --Designed for sending indiv messages over the Internet, so session must be established --Provides confidentiality, authentication, and data integrity > IPSec (IP Security): --PRIMARY and DOMINANT cryptographic authentication and encryption product --Created by IETF's IP Protocol Security Working Group --Made for TCP/IP family of protocol standards --Provides application support for all users in TCP/IP, including VPNs --Protect data integiryt, user confidentiality, and authenticity at IP level --Defined in REquest for Comments (RFC) 1825, 1826, 1827 --Widely used to create VPNs --Open framework --Includes IP Sec protocol itself --Used to secure comms across IP-based networks such as LANs, WANs, and Internet
20. What are the most popular encryption systems used over the Web?
Cryptographic key = Information used in conjunction with the algorithm to create the ciphertext from plaintext or derive the plaintext from ciphertext. Can be a series of bits used in a math algorithm of the knowledge of how to manipulate the plaintext. Formal name: Cryptovariable
3. What is a cryptographic key, and what is it used for? What is a more formal name for a cryptographic key?
> Substitution Cipher: One value is substituted for another > Transposition Cipher: Block values are rearranged based on an established pattern. AKA permutation cipher > Exclusive OR operation (XOR): Two bits are compared; identical = 0, not identical = 1
4. What are the three basic operations in cryptography?
> Out of band: Using a channel or band other than the one carrying ciphertext > Importance: The primary challenge of symmetric key encryption is getting the key to the receiver, and it mus be done OUT OF BAND. Key exchange must either be done OUT OF BAND or using a secured method so that the key is not intercepted and used to read the secret message.
6. What does it mean to be "out of band"? Why is it important to exchange keys out of band in symmetric encryption?
In symmetric encryption, the key that is used to encrypt/decrypt is the same and anyone that is in possession of the key can decrypt an encrypted transmission. In asymmetric encryption, there is an "A" key and a "B" key. Either key can be used to encrypt, but only the opposite key can be used to decrypt the message.
7. What is the fundamental difference between symmetric and asymmetric encryption?
PKI makes the use of cryptographic systems more convenient and cost-effective. Enable the protection of information assets by making verifiable digital certificates readily available to business applications Greatest value when one key serves as a private key and the other serves as a public key
8. How does public-key Infrastructure add value to an organization seeking to use cryptography to protect information assets?
> Certificate authority: third party that manages users' digital certificates / issues, manages, authenticates signs, and revokes users' digital signatures > Registration authority: third party that operates under the trusted collaboration of the certificate authority and handles day-to-day certification functions / verifying registration information , generating end-user keys, revoking certificates, and validating user certificates > Certificate directories: Central locations for certificate storage that provide a single access point for administration and distribution > Management protocols: Organize and manage communications among CAs, RAs, and end users / functions and procedures for setting up new users, issuing keys, updating keys, revoking keys, and enabling transfer of certificates and status > Policies and procedures: Assist an organization in the application and management of certificates / legal liabilities and limitations
9. What are the components of PKI?
Asymmetric Encryption
A cryptographic method that incorporates mathematical operations involving two different keys (commonly known as the public key and the private key) to encipher or decipher a message.
Vernam Cipher
A cryptographic technique developed at AT&T and known as the "one-time pad." • This cipher uses a set of characters for encryption operations only one time and then discards it.
__________ is the process of converting an original message into a form that is unreadable to unauthorized individuals. A) Encryption B) Decryption C) Cryptology D) Cryptography
A) Encryption
_________ is a hybrid cryptosystem that combines some of the best available cryptographic algorithms and has become the open-source de facto standard for encryption and authentication of e-mail and file storage applications. A) PGP B) DES C) AH D) ESP
A) PGP
A(n) distinguished name uniquely identifies a certificate entity, to a user's public key. _________________________ A) True B) False
A) True
AES implements a block cipher called the Rijndael Block Cipher. _________________________ A) True B) False
A) True
Bluetooth is a de facto industry standard for short-range wireless communications between devices. A) True B) False
A) True
Ciphertext or cryptogram is the encoded message, or a message that has been successfully encrypted. _________________________ A) True B) False
A) True
Hash algorithms are public functions that create a message digest by converting variable-length messages into a single fixed-length value. _________________________ A) True B) False
A) True
In addition to being credited with inventing a substitution cipher, Julius Caesar was associated with an early version of the transposition cipher. A) True B) False
A) True
Internet Protocol Security (IPSec) is an open-source protocol framework for security development within the TCP/IP family of protocol. A) True B) False
A) True
Internet Protocol Security is designed to protect data integrity, user confidentiality, and authenticity at the IP packet level. _________________________ A) True B) False
A) True
Nonrepudiation means that customers or partners can be held accountable for transactions, such as online purchases, which they cannot later deny. A) True B) False
A) True
One encryption method made popular by spy movies involves using the text in a book as the key to decrypt a message. A) True B) False
A) True
PKI systems are based on public key cryptosystems and include digital certificates and certificate authorities. A) True B) False
A) True
Popular cryptosystems use a hybrid combination of symmetric and asymmetric algorithms. A) True B) False
A) True
Pretty Good Privacy (PGP) uses the freeware ZIP algorithm to compress the message after it has been digitally signed but before it is encrypted. _________________________ A) True B) False
A) True
Secure Multipurpose Internet Mail Extensions builds on the encoding format of the MIME protocol and uses digital signatures based on public key cryptosystems to secure e-mail. _________________________ A) True B) False
A) True
Steganography is a data hiding method that involves embedding information within other files, such as digital pictures or other images. A) True B) False
A) True
The encapsulating security payload protocol provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification. A) True B) False
A) True
The most common hybrid system is based on the Diffie-Hellman key exchange, which is a method for exchanging private keys using public key encryption. A) True B) False
A) True
The most popular modern version of steganography involves hiding information within files that contain digital pictures or other images. _________________________ A) True B) False
A) True
The permutation cipher simply rearranges the values within a block to create the ciphertext. A) True B) False
A) True
When an asymmetric cryptographic process uses the sender's private key to encrypt a message, the sender's public key must be used to decrypt the message. A) True B) False
A) True
Transposition Cipher
Also known as a permutation cipher; involves simply rearranging the values within a block based on an established pattern.
The __________ protocol provides system-to-system authentication and data integrity verification, but does not provide secrecy for the content of a network communication. A) ESP B) AH C) HA D) SEP
B) AH
At the World Championships in Athletics in Helsinki in August of 2005, a virus called Cabir infected dozens of __________, the first time this occurred in a public setting. A) Ipad tablets B) Bluetooth mobile phones C) WiFi routers D) laptop Macintosh computers
B) Bluetooth mobile phones
3DES was created to offer the same strength as the DES algorithm but ran three times as fast, thus saving time. A) True B) False
B) False
A brute force function is a mathematical algorithms that generate a message summary or digest (sometimes called a fingerprint) to confirm message identity and integrity. A) True B) False
B) False
A cryptovariable is a value representing the application of a hash algorithm on a message. A) True B) False
B) False
A multipart authentication code (MAC) is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest. _________________________ A) True B) False
B) False
Adopted by NIST in 1976 as a federal standard, DES uses a 64-bit block size and key. A) True B) False
B) False
As DES became known as being too weak for highly classified communications, Double DES was created to provide a level of security far beyond that of DES. _________________________ A) True B) False
B) False
Encryption is the process of converting the ciphertext message back into plaintext so that it can be readily understood. _________________________ A) True B) False
B) False
Hashing functions require the use of keys. A) True B) False
B) False
In 1953, Giovan Batista Bellaso introduced the idea of the passphrase (password) as a key for encryption. A) True B) False
B) False
In a book cipher, the key consists of a list of codes representing the page number, line number, and word number of the plaintext word._________________________ A) True B) False
B) False
In transport mode the entire IP packet is encrypted and is then placed as the content portion of another IP packet. _________________________ A) True B) False
B) False
SSL builds on the encoding format of the Multipurpose Internet Mail Extensions protocol and uses digital signatures based on public key cryptosystems to secure e-mail. A) True B) False
B) False
Sequence encryption is a series of encryptions and decryptions between a number of systems, wherein each system in a network decrypts the message sent to it and then reencrypts it using different keys and sends it to the next neighbor, and this process continues until the message reaches the final destination. A) True B) False
B) False
Symmetric encryption uses two different but related keys, and either key can be used to encrypt or decrypt the message. _________________________ A) True B) False
B) False
The AES algorithm was the first public key encryption algorithm to use a 256 bit key length. A) True B) False
B) False
The S-HTTP security solution provides six services: authentication by digital signatures, message encryption, compression, e-mail compatibility, segmentation, and key management. A) True B) False
B) False
The application header (AH) protocol provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification. _________________________ A) True B) False
B) False
The number of horizontal and vertical pixels captured and recorded is known as the image's contrast. _________________________ A) True B) False
B) False
To encipher means to decrypt, decode, or convert, ciphertext into the equivalent plaintext. _________________________ A) True B) False
B) False
To perform the Caesar cipher encryption operation, the pad values are added to numeric values that represent the plaintext that needs to be encrypted. A) True B) False
B) False
UltraViolet wireless (UVW) is a de facto industry standard for short-range wireless communications between devices. _________________________ A) True B) False
B) False
Usually, as the length of a crytpovariable increases, the number of random guesses that have to be made in order to break the code is reduced. A) True B) False
B) False
Within a PKI, a(n) registration authority issues, manages, authenticates, signs, and revokes users' digital certificates, which typically contain the user name, public key, and other identifying information. _________________________ A) True B) False
B) False
You cannot combine the XOR operation with a block cipher operation. A) True B) False
B) False
__________ was developed by Phil Zimmermann and uses the IDEA Cipher for message encoding. A) PEM B) PGP C) S/MIME D) SSL
B) PGP
__________ is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely. A) MAC B) PKI C) DES D) AES
B) PKI
The __________ algorithm, developed in 1977, was the first public key encryption algorithm published for commercial use. A) DES B) RSA C) MAC D) AES
B) RSA
A method of encryption that requires the same secret key to encipher and decipher the message is known as __________ encryption. A) asymmetric B) symmetric C) public D) private
B) symmetric
• Plaintext can be encrypted through:
Bit stream - Block cipher
SHA-1 produces a(n) ___________-bit message digest, which can then be used as an input to a digital signature algorithm. A) 48 B) 56 C) 160 D) 256
C) 160
__________ is the current federal information processing standard that specifies a cryptographic algorithm used within the U.S. government to protect information in federal agencies that are not a part of the national defense infrastructure. A) DES B) 2DES C) AES D) 3DES
C) AES
__________ is a protocol that can be used to secure communications across any IP-based network such as LANs, WANs, and the Internet. A) PEM B) SSH C) IPSec D) SET
C) IPSec
__________ is the information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext. A) Password B) Cipher C) Key D) Passphrase
C) Key
More advanced substitution ciphers use two or more alphabets, and are referred to as __________ substitutions. A) multialphabetic B) monoalphabetic C) polyalphabetic D) polynomic
C) polyalphabetic
Using a database of precomputed hashes from sequentially calculated passwords called a(n) __________, an attacker can simply look up a hashed password and read out the text version. A) timing matrix B) agile scrum C) rainbow table D) smurf list
C) rainbow table
The __________ is responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the cleartext prior to transmission. A) Standard HTTP B) SFTP C) S-HTTP D) SSL Record Protocol
D) SSL Record Protocol
__________ is the amount of effort (usually in hours) required to perform cryptanalysis to decode an encrypted message when the key or algorithm (or both) are unknown. A) Code B) Algorithm C) Key D) Work factor
D) Work factor
human error
Human errors are usually defined as circumstances in which planned actions, decisions or behaviors reduce — or have the potential to reduce — quality, safety and security
Hash Functions
Mathematical algorithms that create a message summary or digest to confirm message identity and integrity Message authentication code (MAC) may be attached to a message
protocols designed to enable secure communications across the Internet.
S-HTTP (Secure Hypertext Transfer Protocol), Secure Electronic Transactions (SET), and SSL (Secure Sockets Layer)
protocols that are used to secure e-mail.
Secure Multipurpose Internet Mail Extensions (S/MIME), Privacy Enhanced Mail (PEM), and Pretty Good Privacy (PGP)
examples of human errors
System misconfiguration; Poor patch management; Use of default usernames and passwords or easy-to-guess passwords; Lost devices; Disclosure of information via an incorrect email address; Double-clicking on an unsafe URL or attachment;
most modern Wi-Fi networks are now protected with
WPA2.
> Hash function: Mathematical algorithms > Use: Generates a message summary/digest to confirm message identity and integrity
What is a hash function, and what can it be used for?
Bit stream methods commonly use algorithm functions like the exclusive OR operation (__________).
XOR
misfeasor
a legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges.
intrusion detection
a security service that monitors and analyzes system events for the purpose of finding, and providing real-time or near real-time warning of, attempts to access system resources in an unauthorized manner.
unintentional threats to information systems
acts performed without malicious intent that never less represent a serious threat to information security
common vulnerability and exposures (CVE) list
aims to provide common names and indentifies for all publicly known software vulnerabilites
masquerader
an individual who is not authorized to use the computer and who penetrates a system's access controls to exploit a legitimate user's account.
clandestine user
an individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection.
Internet Protocol Security (IPSec)
an open-source protocol framework for security development within the TCP/IP family of protocol standards.
threat
any danger to which a system may be exposed
untrusted network
any network external to your organization
trusted network
any network within your organization
invisibility
assets in IS are not tangible artifacts that can be seen or felt, instead they are binary types of data (0s and 1s)
four components of the information security model
assets, vulnerability, threats, controls
social engineering
attack in which the perpetrator uses social skills to track or manipulate legitimate employees into providing confidential company information such as passwords
scanning
attack that occurs when an attacker probes a target network or system by sending different kinds of packets. Using the responses received from the target, the attacker can learn many of the sytem's characteristics and vulnerabilities. This attack acts as a target identification tool for an attacker.
most common type of social engineering
attacker impersonates someone else on the telephone, claiming that he forgot his password
false positive
authorized users identified as intruders
Encryption is the process of converting the ciphertext message back into plaintext so that it can be readily understood.
false
Encryption methodologies that require the same secret key to encipher and decipher the message are using what is called public-key encryption.
false
Hashing functions require the use of keys.
false
data safeguards
data rights and responsibilities passwords encryption backup and recovery physical security
resource or information that is to be protected
data, hardware, and software
honeypot
decoy system designed to lure a potential attacker away from critical systems. Designed to divert an attacker from accessing critical systems, collect information about attacker's activity, and encourage the attacker to stay on the system long enough for administrators to respond.
• Secure Sockets Layer (SSL) protocol
developed by Netscape; uses public-key encryption to secure channel over public Internet.
- Bit stream
each plaintext bit is transformed into a cipher bit one bit at a time.
what causes the most data breaches
employee negligence
Digital signatures
encrypted messages that are independently verified by a central facility, and which provide nonrepudiation.
__________ is the process of converting an original message into a form that is unreadable to unauthorized individuals.
encryption
availability
ensuring timely and reliable access to and use of information
payload
examples of payloads include data destruction, managers with insulting text or spurious e-mail messages sent to a large number of people
• Secure Hypertext Transfer Protocol (S-HTTP)
extended version of Hypertext Transfer Protocol; provides for encryption of individual messages between client and server across Internet.
3DES was created to offer the same strength as the DES algorithm but ran three times as fast, thus saving time.
false
A brute force function is a mathematical algorithm that generates a message summary or digest (sometimes called a fingerprint) to confirm message identity and integrity.
false
Asymmetric encryption systems use a single key to both encrypt and decrypt a message.
false
S-HTTP is an extended version of Hypertext Transfer Protocol that provides for the encryption of protected e-mail transmitted via the Internet between a client and server.
false
Standard HTTP (S-HTTP) is an extended version of the Hypertext Transfer Protocol that provides for the encryption of individual messages transmitted via the Internet between a client and server.
false
Symmetric encryption uses two different but related keys, and either key can be used to encrypt or decrypt the message
false
To encipher means to decrypt, decode, or convert ciphertext into the equivalent plaintext.
false
To perform the Caesar cipher encryption operation, the pad values are added to numeric values that represent the plaintext that needs to be encrypted.
false
UltraViolet wireless (UVW) is a de facto industry standard for short-range wireless communications between devices.
false
Usually, as the length of a cryptovariable increases, the number of random guesses that have to be made in order to break the code is reduced.
false
Within a PKI, a(n) registration authority issues, manages, authenticates, signs, and revokes users' digital certificates, which typically contain the user name, public key, and other identifying information.
false
integrity
guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity
exposure
harm, loss, or damage that can result if a threat compromises that resource
_________ functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content.
hash
why is information security important to small businesses
have fewer resources and therefore can be destroyed by a data breach
human safeguards
hiring training education procedure design administration assessment compliance accountability
rule-based anomaly detection
historical audit records are analyzed to identify usage patterns and to generate automatically rules that describe these patterns. Rules may represent past behavior patterns of users, programs, privileges, time slots, terminals, and so on. Current behavior is observed and each transaction is matched against the set of rules to determine if it conforms to any historically observed pattern of behavior.
loss of infrastructure
human error malicious attacks natural disaster
technical safeguards
identification and authorization encryption firewalls malware protection application design
inline sensor
inserted into a network segment so that the traffic that it is monitoring must pass through the sensor.
• Public-key infrastructure (PKI)
integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services. PKI includes digital certificates and certificate authorities
false negative
intruders are not identified as intruders
two differences between conventional and information assets
invisibility and duplicability
anomaly detection
involves the collection of data relating to the behavior of legitimate users over a period of time. Then statistical tests are applied to observed behavior to determine with a high level of confidence whether that behavior is not legitimate user behavior. Two approaches: threshold detection and profile based
Template cipher
involves use of hidden message in book, letter, or other message; requires page with specific number of holes cut into it.
beacons
is an object embedded in a web page or email, which unobtrusively (usually invisible) allows checking that a user has accessed the content
A __________ is the information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext.
key
The strength of many encryption applications and cryptosystems is determined by
key size.
__________ is the entire range of values that can possibly be used to construct an individual key.
keyspace
The science of encryption
known as cryptology, encompasses cryptography (making and using encryption codes) and cryptanalysis (breaking encryption codes
Hash functions
mathematical algorithms that generate a message summary, or digest, that can be used to confirm the identity of a specific message, and confirm that the message has not been altered.
Block cipher
message is divided into blocks (e.g., sets of 8- or 16-bit blocks), and each is transformed into encrypted block of cipher bits using algorithm and key.
passive sensor
monitors a copy of network traffic, the actual traffic does not pass through the device. More efficient than inline sensor because it does not add an extra handling step that contributes to packet delay.
network-based IDS (NIDS)
monitors network traffic for particular network segments or devices and analyzes network, transport, and application protocols to identify suspicious activity.
host-based IDS
monitors the characteristics of a single host and the events occurring within that host for suspicious activity
Data Encryption Standard (DES)
one of the most popular symmetric encryption cryptosystems. - 64-bit block size; 56-bit key
shoulder surfing
perpetrator watches an employee's computer screen over the employee's shoulder
More advanced substitution ciphers use two or more alphabets, and are referred to as __________ substitutions.
polyalphabetic
vulnerability
possibility that the system will be harmed by a threat
confidentiality
preserving authorized restrictions on access and disclosure, including means for protecting personal property and proprietary information
malicious attacks
pretexting, phishing, spoofing, sniffing, and hacking
incorrect data modification
procedures not followed correctly or incorrectly designed increasing a customer's discount or incorrectly modifying employee's salary placing incorrect data on company web-site system errors faulty recovery actions after a disaster
Encryption
process of converting a message into a form that is unreadable to unauthorized people.
IPSec
protocol used to secure communications across any IP-based network, such as LANs, WANs, and the Internet.
Using a database of precomputed hashes from sequentially calculated passwords called a(n) __________, an attacker can simply look up a hashed password and read out the text version.
rainbow table
information security
refers to all of the processes and policies designed to protect an organization's information and information systems from unauthorized use, disclosure, disruption, modification, or destruction
controls
safeguards used to minimize the impact of threats
decreasing skills necessary to be a computer programmer
scrips- users with few skills can download and use to attack any information system connected to the internet
worms
segment of computer code that performs malicious actions and will replicate, or spread, by itself
lack of management support
senior managers must set the tone, unfortunately they don't
spyware and adware symptoms
slow system startup sluggish system performance many pop-up advertisements suspicious browser homepage changes
trojan horses
software programs that hide in other computer programs and reveal their designed behavior only when they are activated
accountant management
standards for new user accounts, modification of account permissions, removal of unnedded accounts
The other major methods used for scrambling data
substitution ciphers, transposition ciphers, the XOR function, the Vigenère cipher, and the Vernam cipher
A method of encryption that requires the same secret key to encipher and decipher the message is known as __________ encryption.
symmetric
Most cryptographic algorithms can be grouped into two broad categories
symmetric and asymmetric. Most popular cryptosystems combine the two.
tailgating
technique designed to allow the perpetrator to enter restricted areas that are controlled with locks or card entry
signature detection
techniques that detect intrusion by observing events in the system and applying a set of rules thta lead to a decision regarding whether a given pattern of activity is or is not suspicious. Two types: rule-based anomaly detection and rule-based penetration identification.
Steganography
the hiding of information. It is not properly a form of cryptography, but is similar in that it is used to protect confidential information while in transit.
smaller, faster, cheaper computers and storage devices
these characteristics make it easier to steal or lose a computer storage device that contains huge amounts of sensitive information
hacker
those who break into computers for the thrill of it or for status. Often look for targets of opportunity and then share the information with others.
responsibility of custodians of information
to provide the privacy to individuals whose information they have in their possession
five key factors to the increasing vulnerability of organizational information resources make it more difficult to secure them
today's interconnected, interdependent, wirelessly networked business environment smaller, faster, cheaper computers and storage devices, decreasing skills necessary to be a computer programmer international organized crime taking over cybercrime lack of management support
Bluetooth is a de facto industry standard for short-range wireless communications between devices.
true
Ciphertext or a cryptogram is an encoded message, or a message that has been successfully encrypted.
true
Hash algorithms are public functions that create a message digest by converting variable-length messages into a single fixed-length value.
true
In addition to being credited with inventing a substitution cipher, Julius Caesar was associated with an early version of the transposition cipher.
true
Internet Protocol Security is designed to protect data integrity, user confidentiality, and authenticity at the IP packet level
true
Nonrepudiation means that customers or partners can be held accountable for transactions, such as online purchases, which they cannot later deny.
true
One encryption method made popular by spy movies involves using the text in a book as the key to decrypt a message.
true
PKI systems are based on public-key cryptosystems and include digital certificates and certificate authorities.
true
Popular cryptosystems use a hybrid combination of symmetric and asymmetric algorithms.
true
Pretty Good Privacy (PGP) uses the freeware ZIP algorithm to compress the message after it has been digitally signed but before it is encrypted
true
Secure Electronic Transactions was developed by MasterCard and Visa in 1997 to protect against electronic payment fraud.
true
Steganography is a data hiding method that involves embedding information within other files, such as digital pictures or other images.
true
The most popular modern version of steganography involves hiding information within files that contain digital pictures or other images.
true
When an asymmetric cryptographic process uses the sender's private key to encrypt a message, the sender's public key must be used to decrypt the message.
true
t/f a very small fraction of the treats will cause real damage to the organization
true
t/f an information system that is unavailable is not useful
true
t/f conventional security methods such as lock and guards are not very effective at maintaining IS
true
t/f higher the level of employee, the greater the threat he or she poses to information security
true
t/f if your data is stolen you will not notice until it is brought to your attention becasue it can be easily duplicated
true
t/f most threats are blocked by the controls commonly adopted by organizations
true
t/f the information security profession revolves around systematically indetifying the information assets, vulnerabilities, threats, and controls and deploying controls appropriately so that the money spend on these controls delivers the greatest possible benefit to the organization
true
banner grabbing
typically consists or initiating a connection to a network server and recording the data that is returned at the beginning of the session. This information can specify the name of the application, version number, and even the operating system that is running the server.
intruder
typically follow patterns that differ from those of ordinary users. Engage in trespass that could take the form of unauthorized login to a machine or acquisition or privileges or performance of actions beyond those that have been authorized.
malware safeguards
use antivirus and antispyware programs scan frequently update malware definitions open email attachments from known sources install software updates browse only reputable internet neighborhoods
password management
users should change passwords frequently
Pretty Good Privacy (PGP)
uses IDEA Cipher for message encoding
Running key cipher
uses a book for passing the key to cipher similar to Vigenère cipher; sender provides encrypted message with sequence of numbers from predetermined book to be used as an indicator block.
rule-based penetration
uses rules for identifying known penetrations or penetrations that would exploit known weaknesses. Rules can also be defined that identify suspicious behavior, even when the behavior is within the bounds of established patterns of usage.
ATLAS
uses sensors deployed at ISPs around the world to gather real-time information about threats being faced by organizations
__________ is the amount of effort (usually in hours) required to perform cryptanalysis to decode an encrypted message when the key or algorithm (or both) are unknown.
work factor
Exclusive OR (XOR)
• A function within Boolean algebra used as an encryption function in which two bits are compared. Very simple to implement and simple to break
