Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
42 Cards in this Set
- Front
- Back
Root CA |
The Initial Certificate Authority Created |
|
Key Escrow |
A key escrow is a special container that holds the keys needed to decrypt encrypted data. |
|
Hashing |
Hashing provides integrity, authentication, and nonrepudiation. As long as there are no changes applied to that document, the hash value always will be the same. However, even a single word is changed within the document, the hash value will not be comparable. |
|
Hashing provides which 3 |
Hashing provides integrity, authentication, and nonrepudiation. |
|
MD2 |
MD stands for message digest. All three of the message digest algorithms take a message of arbitrary length and produce a 128-bit message digest. MD2 was designed for 8-bit machines |
|
MD4 |
MD4 and MD5 were designed for 32-bit machines. The way padding is performed and the actual algorithms are more stringent as you move from MD2 to MD4 through to MD5. |
|
MD5 |
MD4 and MD5 were designed for 32-bit machines. The way padding is performed and the actual algorithms are more stringent as you move from MD2 to MD4 through to MD5. |
|
Haval |
HAVAL can produce hashes of different lengths from 128 bits up to 256 bits. |
|
SHA1 |
SHA-1, which stands for secure hash algorithm, was designed by the United States, National Security Agency. SHA-1 produces a 160-bit value. SHA-1 is 160-bit value, SHA-3 can be arbitrary. SHA-1 is the most common version of the secure hash algorithm. |
|
SHA3 |
SHA-3 uses what is known as the sponge construction, in which message blocks are exclusively ORed into initial bits of the state, which is then invertibly permuted; therefore, digest sizes can be arbitrary. |
|
RIPEMD |
RIPEMD stands for RACE Integrity Primitives Evaluation Message Digest and was based upon the design principles used in the message digest version 4 (or MD4). Performance wise, it is comparable to SHA-1 but offers digest sizes of 128, 160, 256, and 320 bits. |
|
HMAC |
HMAC (or keyed hash message authentication code) is used to simultaneously verify data integrity and authentication of the message. |
|
CBC-MAC |
CBC-MAC (or Cipher Block Chaining Message Authentication Code) is another algorithm used in the message authentication code. |
|
LANMAN or LM |
LAN Manager - Authentication protocols to authenticate users and ensure that communication occurs securely.
Also NTLAN Manager version 2, or NTLMv2.
|
|
Two Approaches to Key Stretching |
Two approaches to key stretching include PBKDF2 and Bcrypt. |
|
Bottom Bottom Bottom Bottom Bottom Bottom Bottom Bottom Bottom Bottom Bottom Bottom Bottom Bottom Bottom |
Bottom Bottom Bottom Bottom Bottom Bottom Bottom Bottom Bottom Bottom Bottom Bottom Bottom Bottom Bottom |
|
Two Modes for IPSec |
Transport Tunnel |
|
Reasons for Using IPSect |
Popular Flexible Robust Encrypted |
|
IPSec operates at which level of OSI Model |
Network Layer |
|
Mode in which only payload packet or data portion of packet is encrypted |
Transport Mode of IPSec |
|
Mode in which header of packet and header are encrypted |
Tunnel Mode of IPSec |
|
AH |
Authenticating Header IPSec Protocol that is responsible for authenticating the sender with IPSec - used to ensure message integrity |
|
ESP |
Encapsulating Security Payload - responsible for encrypting the data in the packets to provide confidentiality |
|
Derives a cryptographic Hash from data packet using a secret key known only by sending and receiving host to ensure that data was not modified along the way |
AH |
|
Adds 3 values to a packet |
ESP adds header, trailer, integrity check value |
|
Supported by ESP for Hashing and Encryption |
SHA1 SHA2 through MD5 TripleDES AES
|
|
SSL |
Secure Sockets Layer - protocol for transmitting data in secure manner over internet.
Uses 2 keys to encrypt data - public and private keys - public known to everyone, private known only by recipient of data |
|
What Layer of OSI model does SSL Operate |
Application Layer of OSI Model |
|
Advantages of SSL over IPSec |
Simple Configuration Better Protection |
|
Disadvantage of SSL over IPSec |
SSL does not have full network access |
|
RADIUS |
Remote Authentication Dial In User Service Client/Server Protocol Works at Application Layer Provides Authentication and Authorization Allows for accounting of users who have been granted or denied access |
|
RADIUS Encrypts password using which protocol? |
MD5 |
|
TACACS+ |
Terminal Access Controller Access Control System plus - AAA Protocol used by Cisco Supercedes original TACACS and XTACACS |
|
XTACACS |
Extended Terminal Access Controller Access Control System - a Central Authentication Service for Cisco devices. |
|
SAML |
Security Assertion Markup Language - allows for Single Sign On |
|
Kerberos |
Popular Mutual Authentication Protocol used by default in Active Directory environments |
|
VPN Concentrator |
Allows enterprise to centralize VPN Process by having external users log into the concentrator before accessing the internal network |
|
Symetric Encryption Algorithyms |
DES - Data Encryption Standard -
3DES - Triple Data Encryption Standard AES - Advanced Encryption Standard
Larger the number of bits, stronger the encryption |
|
DES Standard |
64 bit block 56 bit key 8 parity bits ECB - Electronic Code Book CBC - Cipher Block Chaining Mode CF - Cipher Feedback Mode OF - Output Feedback Mode CM - Counter Mode
|
|
3DES Standard |
Uses 3 56 bit keys - encrypts 3 times with 3 keys Heavy load on usage
4 Modes - DES-EEE3 - 3 keys used DES-EDE3 - Plain txt encrypted 1 key - encryption process, then encrypted with 3rd key DES-EEE2 - 1st,2nd,then 1st, DES-EDE2 - 1st & 3rd key used |
|
AES |
Symetric Block Cipher Based on Rjindael Algorithim Key length & Block Size - 128, 192, 256 bits 10-14 Computational Rounds 128 bits - 10 rounds, 192 bits - 12 rounds, 256 bits - 14 rounds |
|
AES Stages |
Add Round Key SubBytes ShiftRows MixColumns |