Cryptography and Network Security Flashcards

Flashcards covering concepts in Cryptography and Network Security.

What is Cybersecurity?

The collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance, and technologies used to protect the cyberspace environment and assets.

What are the general security objectives in cybersecurity?

Availability, Integrity (including data authenticity and nonrepudiation), and Confidentiality.

What is Information Security?

Preservation of confidentiality, integrity, and availability of information, along with other properties like authenticity, accountability, nonrepudiation, and reliability.

What is Network Security?

Protection of networks and their services from unauthorized modification, destruction, or disclosure, ensuring the network performs its critical functions correctly without harmful side effects.

What are the two related concepts covered under Confidentiality?

Data confidentiality and Privacy.

What is Data Confidentiality?

Assures that private or confidential information is not made available or disclosed to unauthorized individuals

What is Privacy in the context of security objectives?

Assures that individuals control or influence what information related to them may be collected and stored, and by whom and to whom that information may be disclosed.

What are the two related concepts covered under Integrity?

Data integrity and System integrity.

What is Data Integrity?

Assures that data and programs are changed only in a specified and authorized manner, encompassing data authenticity and nonrepudiation.

What is System Integrity?

Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.

What does Availability assure?

Assures that systems work promptly and service is not denied to authorized users.

Define Security Attack.

Any action that compromises the security of information owned by an organization.

Define Security Mechanism.

A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack.

Define Security Service.

A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization, countering security attacks using one or more security mechanisms.

Define Threat.

A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.

Define Attack.

An assault on system security that derives from an intelligent threat; a deliberate attempt to evade security services and violate the security policy of a system.

What is a Passive Attack?

An attack that attempts to learn or make use of information from the system but does not affect system resources.

What is an Active Attack?

An attack that attempts to alter system resources or affect their operation.

Name two types of passive attacks.

Release of message contents and Traffic analysis.

What is Masquerade in the context of security attacks?

When one entity pretends to be a different entity.

What is Replay attack?

Involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect.

What is Data Modification attack?

Some portion of a legitimate message is altered, or messages are delayed or reordered to produce an unauthorized effect.

What is Denial of Service attack?

Prevents or inhibits the normal use or management of communications facilities.

What is Authentication concerned with?

Assuring that a communication is authentic, verifying the source of a message or the identity of entities in an ongoing interaction.

What are the two specific authentication services defined in X.800?

Peer entity authentication and Data origin authentication.

What is Peer entity authentication?

Provides for the corroboration of the identity of a peer entity in an association, ensuring that an entity is not performing a masquerade or an unauthorized replay of a previous connection.

What is Data origin authentication?

Provides for the corroboration of the source of a data unit, supporting applications like electronic mail without ongoing interactions.

What is Access Control?

The ability to limit and control the access to host systems and applications via communications links, typically requiring authentication first.

What is Data Confidentiality?

The protection of transmitted data from passive attacks, either protecting all user data or specific parts, and also protecting traffic flow from analysis.

What is Data Integrity?

Assures that messages are received as sent with no duplication, insertion, modification, reordering, or replays (connection-oriented), or provides protection against message modification only (connectionless).

What is Nonrepudiation?

Prevents either sender or receiver from denying a transmitted message, providing proof of sending or receiving.

What is Availability Service?

Protects a system to ensure its availability, addressing security concerns raised by denial-of-service attacks through proper management and control of system resources.

What is Cryptographic algorithms?

Mechanism that include reversible (encryption) and irreversible (hash algorithms, message authentication codes) methods.

Describe Data Integrity as a security mechanism.

Mechanisms used to assure the integrity of a data unit or stream of data units.

Describe Digital Signature as a security mechanism.

Data appended to, or a cryptographic transformation of, a data unit that allows a recipient to prove the source and integrity of the data unit and protect against forgery.

Describe Authentication Exchange as a security mechanism.

A mechanism intended to ensure the identity of an entity by means of information exchange.

Describe Traffic Padding as a security mechanism.

The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.

Describe Routing Control as a security mechanism.

Enables selection of particular physically or logically secure routes for certain data and allows routing changes when a breach of security is suspected.

Describe Notarization as a security mechanism.

The use of a trusted third party to assure certain properties of a data exchange.

Describe Access Control as a security mechanism.

A variety of mechanisms that enforce access rights to resources.

What is a Cryptographic hash function?

A hash function turns a variable amount of text into a small, fixed-length value called a hash value, hash code, or digest, providing additional properties useful for cryptography.

What is a Pseudorandom number generator?

Produces a deterministic sequence of numbers or bits that has the appearance of being a truly random sequence.

What are Symmetric encryption algorithms?

Encryption algorithms that use a single key for both encryption and decryption.

What are two primary forms of Symmetric encryption?

Block cipher and Stream cipher

What is a Message Authentication Code (MAC)?

A data element associated with a data block or message, generated by a cryptographic transformation involving a secret key and typically a cryptographic hash function, used to verify the integrity of the message.

What is a Digital Signature Algorithm?

A value computed with a cryptographic algorithm and associated with a data object, allowing any recipient to verify the data’s origin and integrity.

What is Key Exchange?

The process of securely distributing a symmetric key to two or more parties.

What is User Authentication?

The process of authenticating that a user attempting to access an application or service is genuine, and similarly, that the application or service is genuine.

What does Communications Security deal with?

The protection of communications through the network, including measures to protect against both passive and active attacks, primarily implemented using network protocols.

Define Firewall.

A hardware and/or software capability that limits access between a network and device attached to the network, filtering data traffic based on a set of rules.

Define Intrusion Detection.

Hardware or software products that gather and analyze information from various areas within a computer or a network for the purpose of finding, and providing real-time or near-real- time warning of, attempts to access system resources in an unauthorized manner.

Define Intrusion Prevention.

Hardware or software products designed to detect intrusive activity and attempt to stop the activity, ideally before it reaches its target.

What is the role of NIST?

A U.S. federal agency that deals with measurement science, standards, and technology related to U.S. government use and to the promotion of U.S. private-sector innovation.

What is the role of ISOC?

A professional membership society with worldwide organizational and individual membership, providing leadership in addressing issues that confront the future of the Internet and the organization home to the IETF and IAB.

What is the role of ITU-T?

The International Telecommunication Union, coordinating global telecom networks and services and developing technical standards covering all fields of telecommunications.

What is the role of ISO?

A worldwide federation of national standards bodies promoting the development of standardization and related activities to facilitate the international exchange of goods and services.