Domain 3 Test Notes Flashcards by C T

Involves systematically trying all possible keys or passwords until the
correct one is found.

Safeguards and Countermeasures:
* Use long, complex keys and passwords.
* Implement account lockout policies after a certain number of failed attempts.
* Cryptographic salt
* Use key stretching techniques

Brute Force

How well did you know this?

Not at all

Perfectly

is a method used by hackers to crack passwords by systematically trying all
the words in a dictionary or word list.

Safeguards and Countermeasures:
* Password complexity requirements
* Account lockouts
* Cryptographic salts and strong hashing
* Multi-factor authentication
* Password blacklists that prohibit the use of common or previously compromised passwords.

Dictionary Attacks

How well did you know this?

Not at all

Perfectly

combines brute-force and dictionary attacks. It starts with a dictionary attack and then applies brute force techniques to create variations of the words in the dictionary.

Hybrid Attack

How well did you know this?

Not at all

Perfectly

the attacker has access to a collection of ciphertexts but does not know the corresponding
plaintexts. The goal is to deduce the key or plaintext by analyzing the ciphertext.

Safeguards and Countermeasures:
* Use strong, modern encryption algorithms like AES
* Ensure proper key management and secure key storage
* Use encryption modes that provide semantic security, such as CBC or CTR

Ciphertext Only

How well did you know this?

Not at all

Perfectly

The attacker has access to both the plaintext and its corresponding ciphertext. This information
is used to deduce the encryption key.

Known plaintext

How well did you know this?

Not at all

Perfectly

is used to break classical ciphers by studying the frequency of letters or
groups of letters in the ciphertext. This technique exploits the statistical properties of the
plaintext language.

Safeguards and Countermeasures:
* Use modern encryption algorithms instead of classical ciphers.
* Apply padding or randomization techniques to the plaintext before encryption.
* Use encryption modes that provide semantic security.

Frequency analysis

How well did you know this?

Not at all

Perfectly

The attacker can choose specific ciphertexts and obtain their corresponding plaintexts. This
attack is used to gain information about the encryption key or algorithm.

Safeguards and Countermeasures:
* Use encryption algorithms that are resistant to chosen-ciphertext attacks, like AES.
* Implement proper padding schemes and integrity checks.
* Use authenticated encryption modes, such as GCM or CCM

Chosen ciphertext

How well did you know this?

Not at all

Perfectly

exploit weaknesses in the implementation of cryptographic algorithms or protocols, rather than the underlying mathematics.

Safeguards and Countermeasures:
* Regularly update and patch cryptographic libraries and software.
* Use well-vetted, open-source cryptographic implementations.
* Perform thorough security testing and code reviews.

Implementation attacks

How well did you know this?

Not at all

Perfectly

attacks exploit the unintentional information leakage from the physical implementation
of a cryptographic system, such as timing, power consumption, or electromagnetic
emissions. The attacker gains information from the physical implementation of a computer
system, rather than exploiting software vulnerabilities.

Safeguards and Countermeasures:
* Use hardware-based encryption modules with physical tamper resistance.
* Apply techniques like blinding or masking to reduce information leakage.

Side-channel Attack

How well did you know this?

Not at all

Perfectly

the attacker intercepts and possibly alters the communication between two parties without their
knowledge, allowing them to eavesdrop or manipulate the data.

Safeguards and Countermeasures:
* Use secure communication protocols like TLS or SSH
* Implement mutual authentication between communicating parties
* Use digital signatures or message authentication codes to ensure data integrity

Man in the Middle Attack

How well did you know this?

Not at all

Perfectly

is a specific type of chosen plaintext attack that works by examining how changes in the plaintext affect the ciphertext.

Differential cryptanalysis

How well did you know this?

Not at all

Perfectly

hardware modules that were developed to be resistant to hardware tampering and have a limited interface making it easier to verify the integrity and secure operation of the code running on it.

Cryptoprocessors

How well did you know this?

Not at all

Perfectly

Basic capacity with a single path for power and cooling and no redundant systems. This tier offers the lowest level of uptime guarantee.

Tier 1 Uptime Institute

How well did you know this?

Not at all

Perfectly

Redundant capacity components, offering some redundancy in power and cooling systems, but still with a single path for critical infrastructure.

Tier 2 Uptime Institute

How well did you know this?

Not at all

Perfectly

Concurrently maintainable, with multiple active power and cooling paths, allowing for maintenance and upgrades without disrupting operations.

Tier 3 Uptime Institute

How well did you know this?

Not at all

Perfectly

Fault tolerant, with fully redundant systems and the highest level of uptime guarantee, able to withstand any single failure without downtime.

Tier 4 Uptime Institute

How well did you know this?

Not at all

Perfectly

is a system that manages digital certificates and public key
(asymmetric) encryption to secure communications over networks.

Public Key Infrastructure

How well did you know this?

Not at all

Perfectly

Certificate Authorities (CAs)
Registration Authorities (RAs)
Digital certificates
Certificate revocation

Components of PKI

How well did you know this?

Not at all

Perfectly

Trusted entities that issue, sign, and revoke digital certificates

Certificate Authorities (CAs)

How well did you know this?

Not at all

Perfectly

Entities responsible for verifying the identity of certificate
requesters and forwarding requests to CAs

Registration Authorities (RAs)

How well did you know this?

Not at all

Perfectly

Electronic documents that bind a public key to an identity, signed by a trusted CA.

Digital certificates

How well did you know this?

Not at all

Perfectly

The process of invalidating a digital certificate before its expiration date due to compromise or change in circumstances

Certificate revocation

How well did you know this?

Not at all

Perfectly

is the foundation of a PKI hierarchy. It is self-signed,
meaning it verifies its own public key. This self-signed certificate is trusted by users and devices. It is a single server responsible for issuing certificates to intermediate
CAs.

Root CA

How well did you know this?

Not at all

Perfectly

is a CA that derives its trust from the root CA. It is issued a certificate by the root CA, which establishes its authority to issue certificates. They are often used to manage
specific domains or groups within a larger organization.

Intermediate/Subordinate CA.

How well did you know this?

Not at all

Perfectly

is the CA that directly issues certificates to entities, such as users or devices. It derives its trust from the Root CA through an intermediate CA. They are used for day-to-day operations and certificate issuance.

Issuing CA

A periodically published list of digital certificates that have been revoked by their issuing Certificate Authority (CA) before their scheduled expiration date. It’s essentially a list of invalid certificates.

Certificate Revocation List (CRL)

A real-time certificate verification protocol that allows applications to query the status of a specific certificate directly from a server hosting this role, which has access to the CAs.

Online Certificate Status Protocol (OCSP)

A user or device generates a public and private key pair

Key Generation (step 1 in PKI)

The user request a digital certificate from a CA, often including their public key and other identifying information

Certificate Request (step 2 in PKI)

The CA verifies the information and issues a digital certificate, digitally signing it to ensure its authenticity

Certificate Issuance (step 3 in PKI)

The public key is used for encryption and verification, while the private key is used for decryption

Key Usage (step 4 in PKI)

Use more than one propagation technique in an attempt to penetrate systems that defend against only one method.

Multipartite Viruses

Hide themselves by actually tampering with the operating system to fool antivirus packages into thinking that everything is functioning normally

Stealth Viruses

Modify their own code as they travel from system to system.

Polymorphic Viruses

Use cryptographic techniques to avoid detection

Encrypted Viruses

A security solution that monitors and responds to threats on individual devices. Focuses on detecting and responding to threats on individual endpoints, providing visibility into endpoint activity and enabling rapid response to potential breaches.

Endpoint Detection and Response (EDR)

1. Client Initiates Connection 2. Server Sends Certificate 3. Client Verifies Server Certificate 4. Client Sends Credentials (Optional) 5. Server Verifies Client Credentials 6. Session Key Exchange 7. Secure Communication Begins

Client & Server Authentication Process

is the act of creating virtual compute, storage, and network resources. It allows you to create software versions of hardware.

Virtualization

Is the component of virtualization that creates, manages, and operates the virtual machines.

Hypervisor

There is no host OS, instead the hypervisor installs directly onto the hardware where host OS would normally reside. Think Data Center

Hypervisor Type 1 (Bare Metal)

A standard regular OS is present on the hardware, and then the hypervisor is installed as another software. Think PC

Hypervisor Type 2 (Hosted)

is a software-based computer that runs on top of a physical computer's hardware.

Virtual Machine

Where an attacker gains access to a VM, then attacks either the host machine that holds all VMs, the hypervisor, or any of the other VMs

Virtual Escape

Uses a single shared key for both encryption and decryption. It is fast and efficient bulk encryption but requires an assist with secure key distribution.

Symmetric Cryptography

Widely used symmetric encryption algorithm. Is considered very secure. It supports key sizes 128, 192, and 256 bits.

Advanced Encryption Standard (AES)

Encryption algorithm that works one character or bit at a time. Typcially used to encrypt serial communication links and cell phone traffic. Can be employed in devices with limited CPU power.

Stream Cipher

Use deterministic algorithm that takes a fixed-sized block of bits and a key value, and produces an encrypted block of the same size as the plaintext block.

Block Cipher

Processes 64-bit blocks, encrypts block with the chosen key. If the same block encountered multiple times, the same encryption block is produced, making it easy to break.

Electronic Codebook Mode (ECB)

Each block of unencrypted text is XORed with the block of ciphertext immediately preceding. The decryption process simply decrypts ciphertext and reverses the XOR operation. Uses chaining, so errors propagate.

Cipher Block Chaining (CBC)

Is the streaming version of CBC. Works on data in real time, using memory buffers of same block size. When buffer is full, data is encrypted and transmitted. Uses chaining, so errors propagate.

Cipher Feedback (CFB)

Operates similar to CFB, but XORs the plain text with a seed value. No chaining function, so errors do not propagate.

Output Feedback (OFB)

Uses an incrementing counter instead of a seed. Errors do not propagate.

Counter (CTR)

uses a counter mode for encryption, which is efficient and parallelizable. It is widely used due to its high performance and security properties.

Galois/Counter Mode (GCM)

uses counter mode for encryption and a cipher block chaining message authentication code (CBC-MAC) for authentication. CCM is simpler to implement than GCM but might have slightly lower performance.

Counter with Cipher Block Chaining Message Authentication Code Mode (CCM)

AES DES 3DES IDEA RC2 RC5 RC6 Skipjack Blowfish Twofish

Types of Symmetric Block Cipher

RC4

Type of Symmetric Stream Cipher

is a method of encrypting and decrypting data using two different keys: a public key and a private key.

Asymmetric Cryptography

This key is openly shared with anyone. It’s used to encrypt messages or data. Think of it like a public mailbox where anyone can drop off a letter, but only you have the key to open it.

Public Key

This key is kept secret by the owner. It’s used to decrypt messages that were encrypted with the corresponding public key. Only the person with this key can read the message, ensuring privacy.

Private Key

is one of the first and most widely used public-key cryptosystems. It’s based on the practical difficulty of factoring the product of two large prime numbers. RSA can be used for both encryption and digital signatures.

Rivest–Shamir-Adleman (RSA)

public-key cryptosystem that consists of both encryption and signature algorithms. It’s an extension of Diffie-Hellman exchange, and is based on the difficulty of computing discrete logarithms in a finite field.It's encryption is probabilistic, meaning that a single plaintext can be encrypted to many possible ciphertexts.

ElGamal

is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. It offers equivalent security to traditional methods (like RSA) but with smaller key sizes, making it more efficient. It is used for encryption, digital signatures, and key agreement protocols.

Elliptic Curve Cryptography (ECC)

Algorithm that takes a block of data and computes a derived value such that any change to the data will result in a change to the hash value

Hash Function

cryptographic hash function that produces variable-length outputs. It’s part of the MD4 family and allows for adjustable levels of security.

HAVAL

is a widely used hash function that produces a 128-bit hash value. While it was once considered secure, it has been found to be vulnerable to collision attacks. It’s use today is limited to hashing operations in file transfer integrity checks and other non-cryptographic functions

MD5

A family of cryptographic hash functions developed in Europe.

RIPEMD

a family of cryptographic hash functions published by NIST. It offer varying digest sizes and security levels

SHA

Used inside an organization and are not trusted by browsers of external users, but internal systems may be configured to trust it.

Self Signed Certificates

it is a chip or chips that governs all major operations and either directly peforms or coordinates the complex symphony of calculations that allows a computer to perform its intended tasks.

Central Processing Unit (CPU)

a fundamental component of a computer's CPU that performs arithmetic and logical operations on binary data. It's the "brain" that handles calculations and decision-making within the processor.

Arithmetric Logic Unit (ALU)

It fetches instructions from memory, decodes them, and generates control signals that coordinate the execution of those instructions by other CPU components, like the Arithmetic Logic Unit (ALU).

Control Unit (CU)

Handling 2 or more tasks simultaneously.

Multitasking

A computer using more than one CPU at a time for a task each with it own memory space.

Multiprocessing

A computer running more than one program at a time.

Multiprogramming

a technique that allows multiple parts of a computer program, called threads, to run concurrently within the same process (sharing memory). This enables a single CPU to handle multiple tasks seemingly at the same time, improving performance and responsiveness.

Multithreading

Is a device that senses movement or sound in a specific area.

Motion Detector

monitors for significant or meaningful changes in the digital pattern of monitored area.

Digital Motion Detector

montiors for significant or meaningful changes in the heat levels and patterns in a monitored area.

Passive Infrared Motion Detector

Transmits a consistent low ultrasonic or high microwave frequency signal into a monitored area and monitors for significant or meaningful changes or disturbances in reflected pattern

Wave Pattern Motion Detector

Senses changes in the electrical or magnetic field surrounding a monitored object

Capacitance Motion Detector

Senses changes in visible light levels for the monitored area. Typically deployed in internal rooms that have no windows and that are kept dark

Photoelectric Motion Detector

Listens for abnormal sounds in the monitored area

Passive Audio Motion Detector

Serve to use computer capabilities and automation to implement safeguards. Example: access control system

Technical Control

People Facing policies, policies, procedures, standards, and guidelines that an organization uses to implement technical and physical controls

Administrative Control

Controlling physical access to information assets is often the least expensive and most effective prevention control we can use

Physical Control

a diagnostic process that a computer or other digital device runs when it's first turned on. It checks the basic hardware components to ensure they are functioning correctly before the operating system loads.

Power On Self Test

Stage1 - The Incipient: the is only air ionization and no smoke Stage2 - The Smoke: Smoke is visible from the point of ignition Stage3 - Flame: When a flame can be seen with the naked eye Stage4 - Heat: intense heat buildup and everything in the area burns

The Four Primary Stages of Fire

fires are common combustibles such as wood, paper, etc. This type of fire is the most common and should be extinguished with water or soda acid.

Class A (ASH)

fires are burning alcohol, oil, and other petroleum products such as gasoline. They are extinguished with gas or soda acid. You should never use water to extinguish this fire.

Class B (BOIL)

fires are electrical fires which are fed by electricity and may occur in equipment or wiring. Electrical fires are conductive fires, and the extinguishing agent must be non-conductive, such as any type of gas.

Class C (CONDUCTIVE)

fires are burning metals and are extinguished with dry powders.

Class D (DILYTHIUM)

fires are kitchen fires, such as burning oil or grease. Wet chemicals are used to extinguish class K fires.

Class K (KITCHEN)

use closed sprinkler heads, and the pipe is charged with compressed air instead of water. The water is held in check by an electrically operated sprinkler valve and the compressed air.

Preaction systems (Water Suppression System)

are always full of water. Water discharges immediately when suppression is triggered.

Wet pipe systems (Water Suppression Systems)

also have closed sprinkler heads. The difference is the pipes are filled with compressed air. The water is held back by a valve that remains closed as long as sufficient air pressure remains in the pipes. They are often used in areas where water may freeze, such as parking garages.

Dry pipe systems (Water Suppression Systems)

are similar to dry pipes, except the sprinkler heads are open and larger than dry pipe heads. The pipes are empty at normal air pressure; the water is held back by a deluge valve

Deluge Systems

usually more effective than water discharge systems but should not be used in environments where people are located, because they work by interrupting the chemical chain reaction that sustains a fire (between fuel, oxygen, and heat), including removing oxygen from the air.

Gas Discharge Systems

are remotely located, separtely managed systems that are accessible by the internet

Cloud Computing

Organizations get out of the datacenter business, handing over responsibility for hardware, facilities, and related operations

Infrastructure as a Service (IaaS)

Organizations are provided with hardware, operating systems, and a runtime environment which includes programming languages, libraries, services, and other tools

Platform as a Service (PaaS)

Organizations received a fully functional applications typically accessible via a web browser.

Software as a Service (SaaS)

a cloud computing execution model where developers can run code without managing servers. Simplifies application deployment by abstracting away the underlying infrastructure, allowing developers to focus on writing code and business logic

Function as a Service (FaaS)

Network Design where data and the compute resources are located as close a possible in order to optimize bandwidth use while minimizing latency.

Edge Computing

relies on sensors, IoT devices, or even edge computing devices to collect data then transfer it back to a central location for processing.

Fog Computiing

refers to the stages through which cryptographic systems or components, particularly encryption algorithms and keys, evolve from creation to eventual retirement. This cycle is crucial due to the finite lifespan of cryptographic systems, which is impacted by advancements in computing power, mathematical breakthroughs, discovered vulnerabilities, and even artificial intelligence.

Cryptographic Life Cycle

1. Selection and Implementation 2. Key Management 3. Monitoring and Updating 4. Decommissioning 5. Governance and Compliance

Goals of the Cryptographic Life Cycle

a type of storage that allows data to be written to it only once, but can be read multiple times.

Write Once Read Many (WORM)

Is a seven step risk-based threat model that supports dynamic threat analysis. Provides a robust process for identifying and mitigating threats.

Process for Attack Simulation and Threat Analysis (PASTA)

1. Define objectives 2. Define Technical Scope 3. Application Decomposition 4. Threat Analysis 5. Vulnerability Analysis 6. Attack Modeling 7. Risk and Impact Analysis

7 Steps of PASTA

An encryption method that substitutes digraphs (pairs of letters) in the plaintext with other digraphs or symbols. It's a more complex substitution cipher operating on letter pairs instead of individual letters.

Digraph Attack

An area of advanced theoretical research in computer science and physics. The theory behind them is that we can use principles of quantum mechanics to replace the binary 1 and 0 bits of digital computing with multidimensional quantum bits.

Quantum Computing

Is a confidentiality security access model. It has 3 rules: Simple security Property (ss)- No Read Up Star Property (*) - No write down Discretionary Property- Subject can perform an operation on an object if permitted by the access matrix

Bell-LaPadula Model

Is a integrity security access model. has 2 rules: Simple Integrity Property- No read down Star Integrity Property- No Write Up

Biba Model

Also called the Chinese wall model, it was developed to prevent conflicts of interest problems. Protects confidentiality and conflict of interest.

Brewer and Nash Model

Is an integrity security access model. A concept of well formed transaction is that subjects are constrained to make only those changes that maintain the integrity of the data. Uses security labels to grant access to objects: Constrained Data Item (CDI) Unconstrained Data Item (UDI) Integrity Verification Procedure (IVP) Transformation Procedures (TPs)

Clark Wilson Model

An confidentialty security model that uses 8 security labels (rules) 1.Securely create an object 2. Securely create a subject 3. Securely delete an object 4. Securely delete a subject 5. Seurely provide the read access right. 6. Securely provide the grant access right 7. Securely provide the delete access right 8. Securely provide the transfer access right

Graham-Denning Model

A confidentiality access security model. It has rules that govern the interactions between subjects and objects. It has 4 rules Take Grant Create Remove

Take Grant Model

Domain 3 Test Notes Flashcards

(117 cards)