Upgrade to remove ads
CISA Domain 5—Protection of Information Assets
Terms in this set (40)
Collection, Access, Disclosure and Destruction
• Confidentiality- data at rest, data in transit
• Availability - resiliency, backups, redundancy
• Integrity-cryptographic, hash, validation
name +(DOB, Place of residence, etc)
Data loss prevention (DLP)
is an automated preventive tool that can block sensitive information from leaving the network, while at the same time logging the offenders.
Inventory & Classification of Information Assets
-loss implications of recovery
Phases of Incident response
PDIEERRCP-please do intercept electric eel rrapidly cuz pulse
planning, detection, initiation, evaluation, eradication, recovery, remediation, closure, post-incident review
Identification, authentication and authorization
MAC, DAC, and Role based
is the changing of data before or during entry into the computer system. Examples include forging or counterfeiting documents used for data entry and exchanging valid disks and tapes with modified replacements.
Audit logging tools
1-Audit reduction - reduce the volume of audit records requested for manual review
2-Trend/variance-detection-they look for anomalies
3-Attack-signature detection-look for an attack signature which would indicate unauthorized access attempts
Network based threats
unauthorized person, spoofing, eavesdropping, malware, DOS, man in middle, man in browser
Common Attack Methods
DOS-ICMP, Tear drop, peer to peer, PDOS, Application level
network security countermeasures
user authentication, controls, machine authentication control, anti-malware, encryption, IDS, IPS
high interaction -partly/ completely unpatched
low interaction -resembles prod
• Inline mode and promiscuous mode
• Signature based - intrusion patterns stored as signatures, limited by detection rules
• Statistical based - expected behavior
• Neural networks-similar to statistical but with added learning functionality
• A signature- statistical combination offers better protection
• Catagories: Network based, Host based
Sensor, analyzer, admin console, user interface
is a protocol suite layer 3, mutual authentition between packets using cyrptography
1-Authentication Headers (AH) provide connectionless data integrity and data origin authentication for IP datagrams and provides protection against replay attacks.
2-Encapsulating Security Payloads (ESP) provide confidentiality, data-origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic-flow confidentiality
3-Security Associations (SA) provide the bundle of algorithms and data that provide the parameters necessary for AH and/or ESP operations. The Internet Security Association and Key Management Protocol (ISAKMP) provides a framework for authentication and key exchange, with actual authenticated keying material provided either by manual configuration with pre-shared keys, Internet Key Exchange (IKE and IKEv2), Kerberized Internet Negotiation of Keys (KINK), or IPSECKEY DNS records
IPSec modes of operations
1- transport -only the data part of the IP packet is encrypted. The IP header is not.
2- tunnel- the entire packet is encrypted
CHAP, Kerberos, Sesame
SSL and TLS differences
TLS is newer and encrypts more
protect data privacy through data-in-motion encryption;
provide server and (optionally) client authentication;
check for message integrity using message authentication codes; and
perform a preliminary handshake process wherein the two communicating parties negotiate for a common cipher suite.
Methods of encryption
symmetric, asymmetric, hybrid
Services of Cryptosystem
• Integrity - hashing algorithm (MD5 and SHA), creates a fixed length digest. If the digest changed the data was altered, otherwise it was not
• Authentication -
Confidentiality, Integrity, Authentication, Non-Repudiation
Authentication=Yes -with digital sign
Non-repudiation=Yes with digital sign
Plaintext-> encyrption -> ciphertext -> decryption -> plain text
is the unreadable text
same key for encryption and decryption, very fast but can only provide confidentiality
-Strengths- much faster, hard to break if using large key size
-Weakness - not very scalable due to key exchange of private key, key management, provides confidentiality but not authenticity or nonrepudiation
-DES is common, no longer considered secure. AES is replacing DES
Symetric Encryption Methods
DES - Data Encryption Standard - now considered insecure 56-bits.
AES - Advanced Encryption Standard - is the successor to DES. fast both in hardware and in software. It accepts a 128-, 192- or 256-bit key. It has a decently quick key setup time and relatively small memory requirements
Blowfish- alternative to DES; no issues so far, but can be attacked if the key is weak. Much faster than DES. Blowfish was designed for software. It uses a lot of memory
AES, since it's more widespread, more standard, faster, and more secure than DES.
One public and one private key. Consists of encryption, key exchange, digital signatures, and digital certificates.
o Strengths- scalability, can provide authentication and nonrepudiation
o Weakness - slower, mathematically intensive tasks, types of algorithms:
-RSA is common,
-ECC -mobile devices
-Diffie-Hellman -key exchange method
Asymmetric Encryption Methods
RSA - Widely used, older but still secure. Usually RSA is used to share a secret key and then a symmetric key algorithm is used for the actual encryption. RSA can be used for digital signing but is slower.
DH - Diffie-Hellman- Does not do encryption or signing. It is only used for arriving at a shared key
ECC-Newer, very secure
RSA, Diffie-Hellman, ECC, etc, RSA is faster than ECC.
Public Key Infrastructure (PKI)
consist of programs data formats procedures communication protocol security policies and public key cryptographic mechanisms to disperse people keys in a secure manager.
Public Key Cryptography Standards (PKCS)
are a set of inter-vendor standard protocols for making possible secure information exchange on the Internet using a public key infrastructure (PKI).
Secure Key Exchange
refers to methods used by two parties to securely establish a symmetric encryption key without actually transmitting the key over a channel. most popular is Diffe Hellman.
Data Integrity-uses a hash
Authentication -claimed sender has the secret key
Nonrepudiation -sender cannot deny generating or sending the message
A cryptographic operation on a block of data that returns a fixed-length string of characters, used to verify the integrity of a message. Hashing is used to achieve data integrity
MD2 - MD5 - least secure use 128bits
MD6 - Message-Digest 6
SHA- Secure Hash Algorithm SHA-2 not used not secure as SHA3
SHA-3 - Secure Hash Algorithm 3 - winner of the NIST hash function competition. Not meant to replace SHA-2 currently.
is used for integrity, function that takes a variable length string and provides a fixed length value called a hash value
The result of a cryptographic hash function, think of hashing
standard specifies formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.
method of hiding data in another media type (ie, hide text in graphic file)
SET -Secure Electronic Transcations
used to secure payment information
-Scanners-look for signatures
-Active Monitors-look for malware like actions
-Integrity CRC Checkers-compute binary number in non-malware program and checks when executed
-Behavior blockers- detects abnormal behaviors, like writing to boot sector
-Immunizers- appending themselves to files, continuously check the file for changes
THIS SET IS OFTEN IN FOLDERS WITH...
CISA Domain 1 - Auditing Process & Domain 2 - IT G…
CISA Domain 4—IS Operations, Maintenance and Servi…
CISA Domain 3 - Info Sys Acquisition, Development…
YOU MIGHT ALSO LIKE...
ST0-401:6 TS Quiz Cryptography
Intro to Network Security sixth ed chapter 3
OTHER SETS BY THIS CREATOR
Domain Eight - Software Development Security
Domain Seven - Security Operations