Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
48 Cards in this Set
- Front
- Back
|
Attack Protocol
|
a series of steps or processes used by and attacker, in a logical sequence, to launch an attack against a target system or network.
|
|
|
Footprinting
|
is the organized research of the Internet addresses owned or controlled by a target organization. The attacker uses public Internet data sources to perform keyword searches to identify the network addresses of the organization. This research is augmented by browsing the organization’s Web pages.
|
|
|
Fingerprinting
|
a systematic survey of all of the target organization’s Internet addresses (which were collected during the footprinting phase described above); the survey is conducted to identify the network services offered by the hosts in that range. Fingerprinting reveals useful info about the internal structure and operational nature of the target system or network.
|
|
|
Packet Sniffing
|
(network protocol analyzer), is a network tool that collects copies of packets from the network and analyzes them. It can provide a network administrator with valuable info for diagnosing and resolving networking issues. To use a packet sniffer legally, the admin must 1.) be on network that the organization owns, 2.) be under direct authorization, 3.) have knowledge and consent of the content creators.
|
|
|
Access Control
|
security measure that admits or prohibits people from entering sensitive areas.
|
|
|
Supplicant
|
A prospective user who, in the context of access control, seeks to use a protected system, logically access a protected service, or physically enter a protected place.
|
|
|
Token
|
a card or key fob with a computer chip and a liquid crystal display that shows a computer-generated number used to support remote login authentication
|
|
|
Synchronous Token
|
synchronized with a server, both devices (server and token) use the same time or a time-based database to generate a number that is displayed and entered during the user login phase.
|
|
|
Asynchronous Token
|
use a challenge response system, in which the server challenges the supplicant during login with a numerical sequence.
|
|
|
Biometrics
|
process of using body measurements (fingerprints, retinal print, iris pattern)
Must be truly unique. |
|
|
FRR(Type I Error)
|
False Reject Rate- is the percentage of identification instances in which authorized users are denied access a result of a failure in the biometrics device.
|
|
|
FAR(Type II Error)
|
False Accept Rate – is the percentage of identification instances in which unauthorized users are allowed access to systems or areas as a result of a failure in the biometric device.
|
|
|
Algorithm
|
The programmatic steps used to convert an unencrypted message into an encrypted sequence of bits that represent the message: sometimes refers to the programs that enable cryptographic processes.
|
|
|
Cipher/Cryptosystem
|
An encryption method of process encompassing the algorithm, keys, or cryptovariables, and procedures used to perform encryption and decryption.
|
|
|
Ciphertext/Cryptogram
|
The encoded message resulting from an encryption.
|
|
|
Decipher
|
To decrypt or convert ciphertext into the equivalent plain text
|
|
|
Encipher
|
To encrypt or convert plaintext into the equivalent ciphertext
|
|
|
Key/Cryptovariable
|
The information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext; the key can be a series of bits used by a computer program, or it can be a passphrase used by humans that is then converted into a series of bits used by a computer program.
|
|
|
Cipher Method
|
bit stream – each bit in the plaintext is transformed into a cipher bit on bit at a time.
|
|
|
Block Cipher
|
the message is divided into blocks, and then each block of plaintext bits is transformed into an encrypted block of cipher bits using an algorithm and a key.
|
|
|
Substitution cipher
|
you substitute one value for another
|
|
|
Monoalphabetic sub. cipher
|
only uses one alphabet
|
|
|
Polyalphabetic sub. cipher
|
uses 2 or more alphabets
|
|
|
Vigenere cipher
|
An advanced type of substitution cipher that uses a simple polyalphabetic code and involves using the Vigenere Square, which is made up of 26 distinct cipher alphabets.
|
|
|
Transposition Cipher
|
(permutation cipher), simply rearranges the values within a block to create the ciphertext
|
|
|
Exclusive OR (XOR)
|
is a function of Boolean algebra in which two bits are compared, and if the two bits are identical, the result is a binary 0. If the two bits are not the same, the result is a binary 1.
|
|
|
Keys
|
encryption methodologies that require the same secret key to encipher and decipher the message are using what is called a private key encryption or symmetric key encryption.
|
|
|
Symmetric Encryption
|
use mathematical operations that can be programmed into extremely fast computing algorithms so that the encryption and decryption processes are executed quickly by even small computers.
|
|
|
Data Encryption Standard (DES)
|
was developed by IBM and is based on the company’s Lucifer algorithm, which uses a key length of 128 bits. It was adopted in 1976 as a federal standard for encryption of non-classified information, after which it became widely employed in commercial applications. In 1997, it was discovered that the 56bit key size did not provide acceptable levels of security.
|
|
|
3DES
|
was created to provide a level of security far beyond that of DES. It soon proved to be too weak.
|
|
|
Advanced Encryption Standard (AES)
|
is a Federal Information Processing Standard that specifies a cryptographic algorithm used with the U.S government to protect information in federal agencies that are not a part of the nation defense infrastructure. AES uses a block cipher called the Rijndael Block Cipher with a variable block length and a key length of 128, 192, or 256 bits.
|
|
|
asymmetric encryption (public-key encryption) –
|
uses two different but related keys , and either key can be used to encrypt or decrypt the message.
|
|
|
Public-key infrastructure (PKI) –
|
Public-key infrastructure (PKI) – an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely.
|
|
|
digital certificate
|
– public key container files that allow computer programs to validate the key and identify to whom it belongs.
|
|
|
Nonrepudiation
|
– The principle of cryptology that give credence to the authentication mechanism collectively known as a digital signature. In this asymmetric cryptographic process, the sender’s private key is used to encrypt a message, and the sender’s public key must be used to decrypt the message – when the decryption happens successfully, it provides verification that the message was sent by the sender and cannot be refuted.
|
|
|
digital signature –
|
Encrypted messages that can be mathematically proven authentic
|
|
|
Diffie-Hellman Key Exchange
|
– A method for exchanging private keys using public key encryption
|
|
|
Steganography
|
– A method of hiding the existence of a secret message
|
|
|
Secure Socket Layer (SSL)
|
– A protocol to use public key encryption to secure a channel over the internet.
|
|
|
Secure Hypertext Transfer Protocol (S-HTTP
|
) – A protocol designed to enable secure communications across the Internet. S-HTTP is the application of SSL over HTTP, which allows the encryption of all information passing between two computers through a protected and secure virtual connection.
|
|
|
Pretty Good Privacy (PGP)
|
A hybrid cryptosystem that combines some of the best available cryptographic algorithms. PGP is the open source de facto standard for encryption and authentication of email and file storage applications.
|
|
|
Wired Equivalent Privacy (WEP)
|
was an early attempt to provide security with the 8002.11 network protocol. It is now considered to be too weak to provide meaningful protection from eavesdropping. Uses RC4 cipher stream to encrypt each packet using a 64-bit key. Key management is not effective since most networks use a single shared secret key value for each node. The initialization vector is too small, resulting in the recycling of IVs. And attacker can reverse engineer the RC4 cipher stream and decrypt subsequent packets, or can forge future packets.
|
|
|
Wi-Fi Protected Access (WPA)
|
it uses dynamic keys created and shared by an authentication server. WPA accomplishes this through a Temporal Key Integrity Protocol.
|
|
|
Bluetooth
|
is a de facto industry standard for short range wireless communications between devices. It is used to establish communications links between wireless telephones and headsets, between PDAs and desktop computers and between laptops.
|
|
|
Man-in-the-middle attack
|
an attack designed to intercept the transmission of a public key or even to insert a known key structure in place of the requested public key.
|
|
|
correlation attack
|
Attempts to deduce the statistical relationships of the structure of the key and the output of the cryptosystem.
|
|
|
dictionary attack
|
A form of brute force attack on passwords that uses a list of commonly used passwords instead of random combinations. In cryptography, this is done by encrypting each entry in the dictionary with the same cryptosystem used by the target, then comparing the resulting ciphertext against the target’s ciphertext.
|
|
|
timing attack
|
An attack in which an abuser explores the contents of a Web browser’s cache. These attacks allow a web designer to create a malicious form of cookie to store on the client’s system.
|
