Module 6

Ace your homework & exams now with Quizwiz!

Digitized signature

An image of an electronically reproduced signature

Extensible Authentication Protocol (EAP)

an authentication framework that defines the transport of keys and authentication credentials. Commonly used in wireless network authentication

Transposition cipher

an encryption cipher that rearranges characters or bits of data.

key revocation

A situation in which someone is no longer trusted or allowed to use a cryptosystem. In a symmetric key system, where everyone shares the same key, compromising one copy of the key comprises all copies.

Fibre Channel

A storage networking protocol originally used in supercomputers to connect storage devices.

Internet Small Computer System Interface (iSCSI)

A storage networking protocol used to link data storage devices to IP networks.

Caesar cipher

A substitution cipher that shifts characters a certain number of positions in the alphabet

Internet Protocol Security (IPSec)

A suite of protocols designed to connect sites securely using IP networks

Certificate authority (CA)

A trusted entity that stores and distributes verified digital certificates such as Verisign or Computer Associates.

Key directory

A trusted repository of all public keys.

Symmetric key cryptography

A type of cryptography that cannot secure correspondence until after the two parties exchange keys

attribute-based encryption (ABE)

A type of public key encryption in which the secret key of a user and the ciphertext are dependent upon attributes of the sender such as country or state

Telephony denial of service (TDoS)

A variation of denial of service (DoS) attacks, but launched against traditional and packet-based telephone systems. A TDoS attack disrupts an organization's use of its telephone system through a variety of methods.

Open Systems Interconnection (OSI) Reference Model

An internationally accepted framework of standards that govern how separate computer systems communicate using networks.

Digital signature

An object that uses asymmetric encryption to bind a message or data to a specific entity

Network port

a hardware jack on a networking device into which a network cable is plugged or a software construct that identifies a certain type of network messages destined for a specific type of network service

Algorithm

a mathematical process or formula for performing some kind of math function

Hashing function

a one-way function that takes input and produces output that is hard to replicate and extremely difficult to reverse

Subnet

a partition of a network defined by devices that share the same network address portion of the IP address

Firewall

a program or dedicated hardware device that inspects network traffic passing through it and denies or permits that traffic based on a set of rules you determine at configuration

Elliptic curve cryptography (ECC)

a public key cryptographic algorithm based on the structure of elliptic curves

Key

a secret value a cipher uses to encrypt or decrypt information

Secure Hash Algorithm (SHA)

a set of cryptographic hash functions developed by the US National Security Agency

Perfect forward secrecy

an approach in which each communication session setup process is unique. If an attacker compromises a current session's keys, it doesn't put any previous session keys at risk

Elliptic Curve DHE (ECDHE)

an asymmetric cryptographic key exchange algorithm that uses algebraic curve to generate keys

Protected Extensible Authentication Protocol (PEAP)

an authentication framework running in a TLS tunnel. Provides more security than EAP fro authentication exchanges

Public (asymmetric) key

an encryption key that can be shared and does not need to be kept private

Key-encrypting key

an encryption key used to encrypt other keys before transmitting them

Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP)

an encryption protocol that implements the 802.11i standard. Provides enhanced security through he use of the Counter mode of the AES standard

Key escrow

an external key storage method that allows some authorized third party access to a key under certain circumstances

Connection encryption

assurance that communication is secured from end to end, for example between an HTTPS website and secure browser connection with a desktop or mobile device

In-band key exchange

the use of one's own IP data network to exchange keys

Plaintext

unencrypted information

IP address

A 32-bit (IPv4) or 128-bit (IPv6) number that uniquely identifies a device, such as a computer, on a network

Stream cipher

A cryptographic cipher that encrypts a single byte (or bit) at a time

Web security gateway

A device that performs URL-filtering, but does not examine the content of the packet.

Rivest-Shamir-Adelman (RSA)

A digital signature algorithm that relies on the difficulty of factoring large numbers.

Screened subnet

A firewall device that has three NICs. One NIC connects to the internet, the second NIC connects to the internal network, and the third NIC connects to the DMZ

Packet-filtering firewall

A firewall that examines each packet it receives and compares that packet to a list of rules configured by the network administrator

Stateful inspection firewall

A firewall that examines the state of a connection as well as simple address, port, and protocol rules to determine how to process a packet.

Internet Control Message Protocol (ICMP)

A management protocol for IP networks

SSL handshake protocol

A process that creates the first secure communications session between a client and a server

Point-to-Point Tunneling Protocol (PPTP)

A protocol to implement a VPN connection between two computers

Dynamic Host Configuration Protocol (DHCP)

A protocol used on IP networks to provide configuration details automatically to client computers.

Fibre Channel over Ethernet (FCoE)

A protocol used to connect fibre channel capable devices to an Ethernet network.

Wireless access point (WAP)

A radio transceiver device that transits and receives IP communications via wireless LAN technology

ICMP echo request

An Internet Protocol IP communication mechanism that sends a ping request expecting a ping reply.

Application proxy firewall

An advanced firewall that processes all traffic between two systems. Instead of allowing a direct connection between two systems, the proxy connects to each system separately and passes filtered traffic to the destination based on filtering rules.

Diffie-Hellman algorithm

An algorithm in which a sender and receiver use asymmetric encryption to securely exchange symmetric keys

Substitution cipher

An encryption cipher that replaces bits, characters, or blocks of information with other bits, characters, or blocks.

Keyword mixed alphabet cipher

An encryption cipher that uses a cipher alphabet that consists of a keyword, less duplicates, followed by the remaining letters of the alphabet.

Vigenere cipher

An encryption cipher that uses multiple encryption schemes in succession. For example, you could encrypt every fifth letter with its own substitution scheme

Diffe-Hellman in ephemeral mode (DHE)

Asymmetric cryptographic key exchange algorithm that uses modular arithmetic to generate keys

Alice would like to send a message to Bob securely and wishes to encrypt the contents of the message. What key does she use to encrypt this message?

Bob's public key

Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy?

Captive portal

Secure Shell (SSH)

Commonly used protocol to set up secure login sessions to remote servers

Block cipher

Cryptographic cipher that encrypts an entire block of input at a time.

Wi-Fi Protected Access (WPA)

Current encryption for wireless networks. Much stronger than WEP, WPA is the recommended encryption for wireless use.

Unified threat management (UTM)

Devices used to provide filtering, plus many additional security services.

Alice and Bob would like to communicate with each other using a session key but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key?

Diffie-Hellman

What protocol is responsible for assigning IP addresses to hosts on most networks?

Dynamic Host Configuration Protocol (DHCP)

Product cipher

Encryption cipher that is a combination of multiple ciphers. Each could be transposition or substitution.

Private (symmetric) key

Encryption cipher that uses the same key to encrypt and decrypt information

A physical courier delivering an asymmetric key is an example of in-band key exchange.

False

Implicit deny is when firewalls look at message addresses to determine whether a message is being sent around an unending loop.

False

Firewall rules

Filters defined in a firewall's configuration that enable the security professional to implement security requirements.

Implicit deny

Firewall configuration that will deny all messages, except the ones that you explicitly allow.

MAC address filter

Firewall filtering rules that filter wireless network traffic by the MAC address

Loop protection

Firewall rules configured to look at message addresses and denying any messages sent around an unending loop

IPv4 addresses

Four-byte (32 bit) addresses that uniquely identify every device on the network

Wired Equivalent Privace (WEP)

Legacy encryption for wireless networks. Is week and does not provide sufficient protection for most traffic.

Content inspection

Looking within an IP packet to determine if the packet should be allowed to pass through the IP stateful firewall.

Rule-based management

Managing the security of a network by defining network device rules about what is acceptable & what is not.

VNP concentrator

Network device acting as a type of router specializing in VPN connections

Salt value

Random characters that you can combine with an actual input key to create the encryption key

Which set of characteristics describes the Caesar cipher accurately?

Symmetric, stream, substitution

Differential cryptanalysis

The act of looking for patterns in vast amounts of ciphertext.

Decryption

The act of unscrambling ciphertext into plaintext

Security association (SA)

The basic element of ISAKMP key management. SA contains all the information needed to do a variety of network security services

Telephony

The field of technology that includes the development & deployment of voice communication solutions.

Vernam cipher

The only unbreakable cryptographic cipher. Also called a one-time pad.

Checksum

The output of a one-way algorithm. A mathematically derived numerical representation of some input

Cryptanalysis

The process of breaking codes without knowledge of the key.

Key distribution

The process of securely transporting an encryption key from the key generator to the key user, without disclosing the key to any unauthorized user.

Keyspace

The set of all possible encryption keys

Cryptography

The study or practice of hiding information.

A firewall is a basic network security defense tool.

True

In a chosen-ciphertext attack, cryptanalysts submit data coded with the same cipher and key they are trying to break to the decryption device to see either the plaintext output or the effect the decrypted message has on some system

True

The Data Link Layer of the OSI Reference Model is responsible for transmitting information on computers connected to the same local area network (LAN).

True

Identity-based encryption (IBE)

Uses the sender's identity to derive a key

Lightweight Extensible Authentication Protocol (LEAP)

Wireless authentication framework developed by Cisco systems to help manage wireless keys and authetnication.

Secure router configuration

a collection of settings that ensure your router is only allowing valid network traffic to flow to and from valid nodes

Message digest algorithm (MD5)

a cryptographic hash function with a 128-bit hash value

Asymmetric key cryptography

a cryptographic technique that uses two mathematically related keys - one key to encrypt data and another to decrypt data.

Router

a device that connects two or more networks and selectively interexchanges packts of data based on predetermined routes or path determinations

Out-of-band key exchange

a different communication channel through which you can exchange keys from the one you use for data

Border firewall

a firewall that separates the closed or secure network from external or public networks

Key stretching

a function that takes a key, usually weak, as input and generates an enhanced key that can withstand a more determined attack

Protocol

a list of rules and methods for communicating

Cryptogram

a small encrypted message

Malware inspection

a specialized form of content inspection that looks at packet content for signs of malware

Hash

an algorithm that converts a large amount of data to a single (long) number.

One-way algorithm

an encryption algorithm that has no corresponding decryption algorithm

Open cipher

ciphers for which source code is readily available

Public key cryptography

cryptographic algorithm that uses two mathetmaticlly related keys--one key to encrypt data and another to decrypt data.

Quantum cryptography

cryptography that uses quantum mechanics to perform cryptographic tasks like encrypting and decrypting data or providing secure key exchange

Data Encryption standard (DES)

encryption cipher that is a product cipher with a 56-bit key consisting of 16 iterations of substitution and transformation

Network separation

firewall filtering rules that enforce divisions between networks, keeping traffic from moving from one network to another

Port security

firewall filtering rules that filter traffic based on ports

ULR Filter

firewall filtering rules that filter web traffic by the URL, as opposed to the IP address

Flood guard

firewall rules that can limit traffic bandwidth from hosts, reducing the ability for any one host to flood a network.

Network reconnaissance

gathering information about a network or system for use in a future attack

Non repudiation

prevents a part from denying a previous statement or action

Timestamping

providing an exact time when a producer creates or sends information

Load balancer

routing protocols that divide message traffic over two or more links

Revocation

stopping authorization for access to data

Digital signature algorithm (DSA)

the NIST standard for digital signatures

Encryption

the act of transforming cleartext data into undecipherable ciphertext

Cryptosystem

the algorithms or cyphers used to encrypt and decrypt data

Steganography

the art and science of writing hidden messages

Key management

the process of managing and maintaining encryption keys

Log analysis

the process of reviewing firewall and other network device log files to identify reconnaissance activity or even attacks that have already occurred.

Transport encryption

the process of securing communication in transit, generally done by software

Confidentiality

the requirement to keep information private or secret

Network address translation (NAT)

A method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address.

Network access control (NAC)

A method to restrict access to a network based on identity or other rules.

Smurf attack

A network attack in which forged Internet Control Message Protocol (ICMP) echo request packets are sent to IP broadcast addresses from remote locations to generate DoS attacks.

Subnet mask

A network configuration parameter that defines the dividing line between the network and host addresses for IPv4 addresses. The mask is a 32-bit number that is set to all "1"s for the network bits and all "0"s for the host bits.

Temporal Key Integrity Protocol (TKIP)

An encryption method used on WPA to replae WEP

Switch

a network device that connects network segments, creating a direct connection between a sending and receiving port.

Hub

a network device that connects network segments, echoing all received traffic to all other ports

Session key

a unique key for each new communication session


Related study sets

4. DSA - principles, indications, contraindications

View Set

GEOLOGY FINAL PRACTICE QUESTIONS

View Set

ATI Mental Health Online Practice 2019 A with NGN

View Set

TrueLearn Random Test 2, OTR Prepathon, OP III NBCOT Practice Qs, exam prep

View Set

How to pronounce " The United States of America" in Arabic

View Set

Chapter 4: Carbon and the Molecular Diversity of Life

View Set

Theme 1: Choose the correct form of the verbs , present continuous , present simple , past continuous or past simple

View Set

1.3 Singapore's Pro-Natalist Policies

View Set