Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
93 Cards in this Set
- Front
- Back
- 3rd side (hint)
What are the essential ingredients of a symmetric cipher?
|
1) Plaintext
2) Encryption algorithm 3) Secret key 4) Cipher text 5) Decryption algorithm |
Ch 20 Review
|
|
What are the two basic functions used in encryption algorithms?
|
Substitution and Transposition (rearranging)
|
Ch 20 Review
|
|
How many keys are required for two people to communicate via a symmetric cipher?
|
1 secret key
|
Ch 20 Review
|
|
What is the difference between a block cipher and stream cipher?
|
A block cipher process one block of elements at a time, creating one block of output for each block of input. A stream cipher processes input elements continuously, producing output one element at a time.
*Block ciphers can reuse keys but Stream ciphers cannot, and Stream has variable key lengths |
Ch 20 Review
|
|
What are the two general approaches to attacking a cipher?
|
Brute-force approach (requires trying half of all possible keys to achieve success) or Cryptanalysis
|
Ch 20 Review
|
|
Computationally Secure means:
|
1) the cost of breaking the cipher exceeds the value of the encrypted information
2) the time required to break the cipher exceeds the useful lifetime of the information |
Ch 20 Def
|
|
What is the significance of the Feistel Cipher structure?
|
Many symmetric block encryption algorithms have a structure like the Feistel Cipher structure, including DES
|
Ch 20 Objs
|
|
Describe the structure and function of DES.
|
(NIST FIPS PUB 46)
Plaintext: 64 bit blocks, Key: 56 bits, Rounds: 16, Subkeys Generated from Key: 16 (one for each round) |
Ch 20 Objs
|
|
Why do some block cipher modes of operation only use encryption while others use both encryption and decryption?
|
TBA
|
Ch 20 Review
|
|
What is triple encryption?
|
Using 3 keys and 3 executions of the DES algorithm
|
Ch 20 Review
|
|
Why is the middle portion of 3DES a decryption rather than encryption?
|
No significance but allows decryption of older data using single DES
|
Ch 20 Review
|
|
Distinguish between 2-key and 3-key Triple DES.
|
3DES with 3 keys has an effective key length of 168 bits
with 2 keys (k1=k3): key length is 112 bits |
Ch 20 Objs
|
|
Describe the structure and function of AES.
|
Structure - Block length: 128 bits, Key length: 128, 192, or 256 bits (is NOT a Feistel Structure)
4 stages (1 of permutation, 3 of sub) Decryption is not identical to encryption algorithm |
Ch 20 Objs
|
|
What is RC4 used in?
|
SSL/TLS, WEP (not secure), WPA
|
Ch 20 Extra
|
|
What is the difference between link and end-to-end encryption?
|
Link:encrypted/decrypted between each frame switch on both ends of all communication lines, to read header and route (only vulnerable while in memory of Frame Switch)
End-to-end: encryption/decryption at end systems, user data fully protected but must do Link e/d on header for routing purposes COMBINED FOR BEST SECURITY |
Ch 20 Review
|
|
Discuss the issues involved in key distribution.
|
Making sure parties A and B receive the correct key, without being intercepted
|
Ch 20 Objs
|
|
List ways in which secret keys can be distributed to 2 communicating parties.
|
p648 1-4
|
Ch 20 Review
|
|
What is the difference between a session key and a master key?
|
Session Key: for the duration of logical connection between 2 hosts, all user data is encrypted with a one-time key (then is destroyed)
Permanent Key: used between entities in order to distribute session keys |
Ch 20 Review
|
|
What is a key distribution center?
|
Determines what systems are allowed to communicate with each other. When permission is granted, a one-time session key is issued for that connection
|
Ch 20 Review
|
|
In the context of a hash function, what is a compression function?
|
see p665
equivalent to hash function applied to a message of single b-bit blocks |
Ch 21 Review
|
|
What basic arithmetical and logical functions are used in SHA?
|
SHA-1 Digest Size: 160 bits
SHA-2 Digest Size: 256, 384, 512 bits |
Ch 21 Review
|
|
What changes in HMAC are required in order to replace one underlying hash function with another?
|
TBA
|
Ch 21 Review
|
|
What is a one-way function?
|
TBA
|
Ch 21 Review
|
|
Briefly explain the Diffie-Hellman key exchange.
|
TBA
|
Ch 21 Review
|
|
In general terms, what are the 4 means of authenticating a user's identity?
|
TBA
|
Ch 3 Review
|
|
List and briefly describe the principal threats to the secrecy of passwords.
|
TBA
|
Ch 3 Review
|
|
What are 2 common techniques used to protect a password file?
|
TBA
|
Ch 3 Review
|
|
List and briefly describe four common techniques for selecting or assigning passwords.
|
TBA
|
Ch 3 Review
|
|
Explain the difference between a simple memory card and a smart card.
|
TBA
|
Ch 3 Review
|
|
List and briefly describe the principal physical characteristics used for biometric identification.
|
TBA
|
Ch 3 Review
|
|
In the context of biometric user authentication, explain the terms, enrollment, verification, and identification.
|
TBA
|
Ch 3 Review
|
|
Define the terms "false match rate" and "false non match rate", and explain the use of a threshold in relationship to these 2 rates.
|
TBA
|
Ch 3 Review
|
|
Describe the general concept of a challenge-response protocol.
|
TBA
|
Ch 3 Review
|
|
ipconfig: What is the practical difference between an IP address and a physical (MAC) address?
|
tba
|
Thought Questions - Lab Ch 1 DOS Commands
|
|
ipconfig: What is the "Default Gateway"?
|
tba
|
Thought Questions - Lab Ch 1 DOS Commands
|
|
ipconfig: What do DNS servers do?
|
tba
|
Thought Questions - Lab Ch 1 DOS Commands
|
|
ipconfig: What is a subnet mask?
|
tba
|
Thought Questions - Lab Ch 1 DOS Commands
|
|
ping: Why does it send 4 packets?
|
tba
|
Thought Questions - Lab Ch 1 DOS Commands
|
|
ping: What is a TTL?
|
tba
|
Thought Questions - Lab Ch 1 DOS Commands
|
|
ping: How do packets get lost?
|
tba
|
Thought Questions - Lab Ch 1 DOS Commands
|
|
ping: Does each hostname have an IP address assigned to it?
|
tba
|
Thought Questions - Lab Ch 1 DOS Commands
|
|
tracert: How many computers do you go through each time you click on a website?
|
tba
|
Thought Questions - Lab Ch 1 DOS Commands
|
|
tracert: Why are some links slower than others?
|
tba
|
Thought Questions - Lab Ch 1 DOS Commands
|
|
tracert: Who owns all those computers/routers that route the packets?
|
tba
|
Thought Questions - Lab Ch 1 DOS Commands
|
|
tracert: How does the tracert program actually work (hint: TTL)
|
tba
|
Thought Questions - Lab Ch 1 DOS Commands
|
|
netstat: How can netstat help you track the information coming in and out of your computer?
|
tba
|
Thought Questions - Lab Ch 1 DOS Commands
|
|
netstat: How can netstat help you diagnose network problems?
|
tba
|
Thought Questions - Lab Ch 1 DOS Commands
|
|
netstat: How would the routing table (netstat -r) be useful?
|
tba
|
Thought Questions - Lab Ch 1 DOS Commands
|
|
netstat: Why would someone need different statistics for IP, IPv6, ICMP, TCP, UDP, etc.?
|
tba
|
Thought Questions - Lab Ch 1 DOS Commands
|
|
nslookup: Why are there multiple IP addresses associated with a single domain name?
|
tba
|
Thought Questions - Lab Ch 1 DOS Commands
|
|
nslookup: Why did Nslookup query fiber1.utah.edu instead of querying www.cnn.com directly?
|
tba
|
Thought Questions - Lab Ch 1 DOS Commands
|
|
nslookup: How could someone use Nslookup in an unethical manner?
|
to find the ip address of an organization's server and overload it with requests to result in a possible denial of service attack
|
Thought Questions - Lab Ch 1 DOS Commands
|
|
nslookup: How do domain names and IP addresses get registered?
|
through a Registrar. The DNS (Domain Name Service) is what associates an IP address with a domain name.
|
Thought Questions - Lab Ch 1 DOS Commands
|
|
dir & cd: Can you use the DIR command to show only directories? Executables? How?
|
Executables:
DIR *.EXE |
Thought Questions - Lab Ch 1 DOS Commands
|
|
dir & cd: Can you edit text files from the DOS prompt? How?
|
EDIT <TEXTFILE.TXT>
|
Thought Questions - Lab Ch 1 DOS Commands
|
|
dir & cd: Can you start programs from the command prompt?
|
START PROGRAM.EXE
|
Thought Questions - Lab Ch 1 DOS Commands
|
|
dir & cd: Can you change the color of the text and background in the command prompt? How?
|
COLOR [BACKGROUNDCOLOR][TEXTCOLOR]
for colors (0-F) |
Thought Questions - Lab Ch 1 DOS Commands
|
|
Nessus: Running the scan was fairly easy. Where could you go to get more information about understanding the results from the scan?
|
tba
|
Thought Questions - Lab Ch 6 Vulnerability Scanners
|
|
Nessus: Who creates the plug-ins for Nessus and how do they decide which vulnerabilities to include?
|
tba
|
Thought Questions - Lab Ch 6 Vulnerability Scanners
|
|
Nessus: How many vulnerabilities are reported each day?
|
tba
|
Thought Questions - Lab Ch 6 Vulnerability Scanners
|
|
Nessus: Do all operating systems and applications have vulnerabilities? Which are less vulnerable?
|
tba
|
Thought Questions - Lab Ch 6 Vulnerability Scanners
|
|
AppScan: What would it take to fix your Web site so it's not vulnerable to a SQL injection attack?
|
tba
|
Thought Questions - Lab Ch 6 Vulnerability Scanners
|
|
AppScan: What background training would you need to be able to fully understand the attacks listed in AppScan (e.g. databases, SQL, HTML, programming, networking, TCP/IP, etc.)?
|
tba
|
Thought Questions - Lab Ch 6 Vulnerability Scanners
|
|
AppScan: Do you think companies actually see SQL injection attacks? How often?
|
tba
|
Thought Questions - Lab Ch 6 Vulnerability Scanners
|
|
AppScan: If a hacker could get into your Web server, could he/she subsequently gain access to the rest of your mission-critical systems through your web server?
|
tba
|
Thought Questions - Lab Ch 6 Vulnerability Scanners
|
|
Shields Up: Why isn't the functionality [to do a simple scan of potential vulnernabilities on your own pc] built into your operating system?
|
tba
|
Thought Questions - Lab Ch 6 Vulnerability Scanners
|
|
Shields Up: Do you have any ports open that you know shouldn't be open?
|
tba
|
Thought Questions - Lab Ch 6 Vulnerability Scanners
|
|
Shields Up: Could this functionality be built into websites that you visit and be used by the Web administrator to compromise your system?
|
tba
|
Thought Questions - Lab Ch 6 Vulnerability Scanners
|
|
Shields Up: Could other tools listed in this book be written as a Web-based application?
|
tba
|
Thought Questions - Lab Ch 6 Vulnerability Scanners
|
|
HashCalc: Why are there so many different hashing methods?
|
Because of collisions and bc people may have learned how to change the file and compress and rehash it in a way that makes it unnoticeable
|
Thought Questions - Lab Ch 11 File Integrity Checkers and System Monitors
|
|
HashCalc: Is it possible to get the exact same hash out of different files?
|
Yes, this is called a collision
|
Thought Questions - Lab Ch 11 File Integrity Checkers and System Monitors
|
|
HashCalc: Is hashing the same thing as encrypting?
|
No, hashing is to provide integrity, while encryption is used for confidentiality
|
Thought Questions - Lab Ch 11 File Integrity Checkers and System Monitors
|
|
HashCalc: Can you de-hash?
|
No, hashing is just a way to provide a unique value for a file, to verify that nothing has been changed unexpectedly
|
Thought Questions - Lab Ch 11 File Integrity Checkers and System Monitors
|
|
Process Monitor: Why do programs make so many read/writes to the hard drive?
|
tba
|
Thought Questions - Lab Ch 11 File Integrity Checkers and System Monitors
|
|
Process Monitor: Can you stop programs from running or starting up?
|
tba
|
Thought Questions - Lab Ch 11 File Integrity Checkers and System Monitors
|
|
Process Monitor: Why are there so many entries for the registry? What is the registry?
|
The registry is a database in Windows that contains important information about system hardware, installed programs and settings, and profiles of each of the user accounts on your computer. Windows continually refers to the information in the registry.
You should not need to make manual changes to the registry because programs and applications typically make all the necessary changes automatically. An incorrect change to your computer's registry could render your computer inoperable. However, if a corrupt file appears in the registry, you might be required to make changes |
Thought Questions - Lab Ch 11 File Integrity Checkers and System Monitors
|
|
Process Monitor: What is the difference between a process and a thread?
|
A process is a collection of virtual memory space, code, data, and system resources. A thread is code that is to be serially executed within a process. A processor executes threads, not processes, so each application has at least one process, and a process always has at least one thread of execution, known as the primary thread. A process can have multiple threads in addition to the primary thread. Prior to the introduction of multiple threads of execution, applications were all designed to run on a single thread of execution.
|
Thought Questions - Lab Ch 11 File Integrity Checkers and System Monitors
|
|
Sentinel: Why would this integrity checker only be concerned with certain types of file extensions (DLL, SYS, EXE, COM, etc)?
|
tba
|
Thought Questions - Lab Ch 11 File Integrity Checkers and System Monitors
|
|
Sentinel: What does the RegWatch feature do?
|
tba
|
Thought Questions - Lab Ch 11 File Integrity Checkers and System Monitors
|
|
Sentinel: What advantage would an integrated virus scanner give a file integrity checker?
|
tba
|
Thought Questions - Lab Ch 11 File Integrity Checkers and System Monitors
|
|
Sentinel: Does Sentinel use MD5 hashes too? How do you know?
|
tba
|
Thought Questions - Lab Ch 11 File Integrity Checkers and System Monitors
|
|
File Verifier++: How could a top-notch hacker keep you from knowing which files were changed?
|
tba
|
Thought Questions - Lab Ch 11 File Integrity Checkers and System Monitors
|
|
File Verifier++: Can you calculate a hash for a single file?
|
Yes
|
Thought Questions - Lab Ch 11 File Integrity Checkers and System Monitors
|
|
File Verifier++: From the hash, could you tell what was changed in the file?
|
No, it will just show a different hash sequence, unique from the original file's hash
|
Thought Questions - Lab Ch 11 File Integrity Checkers and System Monitors
|
|
File Verifier++: Should you use the longest hash possible? How long is good enough?
|
Hash length is important (hence the outdating of SHA-1 for SHA-2).. However, you should only use the necessary length due to time/computing power of longer hashes. SHA-2 includes SHA-224, -256, -386, and -512
|
Thought Questions - Lab Ch 11 File Integrity Checkers and System Monitors
|
|
Windows Event Viewer: Will these security logs track failed logon attempts? From remote machines too?
|
tba
|
Thought Questions - Lab Ch 11 File Integrity Checkers and System Monitors
|
|
Windows Event Viewer: Will it track security events other than just logon/logoff events?
|
tba
|
Thought Questions - Lab Ch 11 File Integrity Checkers and System Monitors
|
|
Windows Event Viewer: Can you use event viewer to view other logs?
|
tba
|
Thought Questions - Lab Ch 11 File Integrity Checkers and System Monitors
|
|
Windows Event Viewer: Why is there a log that tracks which Microsoft programs you use and how long you use them?
|
tba
|
Thought Questions - Lab Ch 11 File Integrity Checkers and System Monitors
|
|
Snare: Can you view the events happening on your machine from a remote computer? How?
|
tba
|
Thought Questions - Lab Ch 11 File Integrity Checkers and System Monitors
|
|
Snare: Can you add custom filters?
|
tba
|
Thought Questions - Lab Ch 11 File Integrity Checkers and System Monitors
|
|
Snare: How can Snare for Windows help a network administrator manage a network?
|
tba
|
Thought Questions - Lab Ch 11 File Integrity Checkers and System Monitors
|
|
Snare: How can Snare for Windows help secure a machine or network?
|
tba
|
Thought Questions - Lab Ch 11 File Integrity Checkers and System Monitors
|