CompTIA Security+ Chapter 4 Notes
Studied by 0 people
Call with Kai
Knowt Play
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/47
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
48 Terms
Public Key Infrastructure (PKI)
Bind public keys with user indentities through certificates
Creates, distributes, and manages digital certificates
Method of accomplishing public key encryption
Asymmetric key pair has public key and private key
Private keys can be stored in key escrow
Centralized vs decentralized keys
Centralized are generated at a server
Decentralized are generated at a local computer
Encryption
Converting information into code unreadable to unauthorized individual
Level
Refers to the extent data is tranformed in the encryption process
Full-disk
Cryptographic method that involves encrypting an entire hard drive
Provided “blanket” protection for sensitive data
Supported by all major OSs
Partitions
Portion of a disk the OS treats as seperate units
Must be encrypted seperately
Files
Containers that hold data
Can be encrypted to protect data in shared environments
Volume
Sinle accessible storage area with physical drives
Encryption maintains confidentiality of a large amount of data
Database
Securing and encryption a database includes:
Seperating the database from web servers
Encrypting data, files, and backups
Use of a web application firewall (WAF)
Ensuring physical security
Enable alerts, audit procedures, and active monitoring
Record
Collection of related data items that are treated as a unit
Securing these individual units of data
3 states data should be encrypted
At rest
In transit
In use
Symmetric encryption
Uses a single key for both encryption and decryption
Easier use
Less secure
Examples include:
Advanced Encryption Standard (AES)
RC4
Asymmetric encryption
Uses a public key for encryption and private for decryption
More complex
More secure
Examples include:
EIGamal
RSA
DSA
Elliptic-curve tehniques
PKCS
Key exchange
Method by which cryptographic keys are exchanged allowing use of a cryptographic algorithm
In asymmetric encryption both parties need each other’s public keys
Algorithms
Mathmatical formula used in cryptographic processes
Cipher suite
Set of algorithms
Secures network connections using Transport Layer Security (TLS)
Algortihms tyically include:
Key exchange
Bulk encryption
Message authentication code (MAC) - Provides data integrity checks
Structure defined in TLS standard document
Stream cipher
Symmetric key state cipher
Combined plaintext digits with a pseudorandom digit stream, or keystream
Plaintext digits are individually encrypted with corresponding keystream digits
High speeds
Low complexity
Block cipher
Encryption method that assign an algorithm and key to a block of text rather than individual digits
Key length
Number of bits in an encryption algorithm
Determines maximum number of combinations to break algorithm
Shorter key length are less secure
Different ciphers require longer lengths to achieve similiar security
Tools
Specialized technologies and protocols that secure and manage data
Trusted Platform Module (TPM)
Safeguard information on computer systems
Chips are tamper-resistant, secure cryptoprocessors that carry out cryptographic operations
Advantages include:
Managing and limiting the use of cryptographic keys
Executing platform device authentication using RSA
Ensuring platform integrity by holding security measurements
Hardware Security Module (HSM)
Physical devices that act as secure cryptoprocessors
Used for encryption during various security processes
Faster than software encryption
Tamper-resistant
High availability due to independence from other computer systems
Involved in generation, storage, and archival of encryption key pairs
Key Management System (KMS)
Backbone of managing cryptograhic keys
Central functions include:
Generation of cryptographic keys
Secure storage of keys
Key exchange
Key access control
Key replacement and rotation
Secure enclave
Hardware-based feature that handles encryption and decryption
Microprocessor within a larger chip
Tamper-resistant
Prevents data from being accessed against security protocol
Obfuscation
Altering original data to prevent it being understood
Additional measure to encryption
Not a translation but a distortion
Steganography
Practice of hiding a secret message inside public information
Form of data hiding rather than cryptography
Intended to conceal and decieve
Audio Steganography
Transmits hidden information by modifying an audio signal
Cover file combines with the message to form a stego-file
Tools include Deepsound
Video Steganography
Tranmits hidden file in a cover video file
Typically more secure due to size and complexity
Individual frames are analyzed and altered
Tools include OpenCv and DDmpeg
Image Steganography
Technique to hide a message inside an image
Methods include:
Least signigicant bit (LSB) substitution
Blocking
Pallette modification
Least significant bit (LSB) substitution
Form of image steganography
Extracts pixels’ alpha, red, green, and blue (ARPB)
Finds LSB and sets it to corresponding binary value of the message’s characters
Blocking
Form of image steganography
Breaks up an image using Discrete Cosine Transform (DCT)
Modifies luminance and color coefficients as a hidden message
Palette modification
Replaced image’s colors with new ones to represent the hidden message
Tokenization
Process of randomely generating a token value for plaintext data and storing the mapping in a token vault
Difficult to scale
Typically used for data at rest due to inaccessibility
Data masking
Hiding sensitive data such as personally indentifiable information (PII) with specific characters
Can be done through substitution or censoring
Hashing
One-way function in which data is mapped to a fixed-length value
Verifies that a file or piece of data hasn’t been altered
Compares original hash value with the current to detect changes
Salting
Addition of random data to a password before hashing
Makes messages more secure from hash attacks
Digital signatures
Mathematical scheme for verifying a digital message’s authenticity
Implement asymmetric cryptography
Proovide authentication, integrity, and non-repudiation
Consists of 3 algorithms:
Key generation
Signing
Signature verifying
Requires private key and authenticity verification using public key
Key Stretching
Lengthens and randomizes passwords for better security
Uses a key derivation function that may use a salt or pepper
Pepper
Universal data to further increase complexity to passwords
Added before hashing
Certificates
Verifies identity of holder and provides legitamacy
Digitally signed electronic documents that binds a public key with a user identity
Obtained using a certificate signing request (CSR)
May be verified by registration authority (RA)
Only valid during a certain time period
Certificate authorities (CAs)
Entity, typically a server, that issues certificates to users
Certificate revocation list (CRL)
Comprised of certificates that are invalid or revoked by the CA
Online Certificate Status Protocol (OCSP)
Constrain less information and are less complex than CRLs
Certificate Attributes
Common name (CN)
Organization (O)
Locality (L)
Organizational unit (OU)
Country (C)
Serial number
Issuer
Validity dates
Public key
Thumbprint algorithm
Certificate-signing request (CSR)
Self-signed certificates
Create and endorse their own identity
Uses private key as signature
Lacks as much trust as public CAs
Contexts in which certificates can be used
Local encryption in an Encryption File System (EFS)
Domain validation (DV)
Organization validation (OV)
Extended validation (EV)
Types of Certificates
Wildcard
Code signing
Machine/computer
Email
User
Root
Certificate formats
Basic Encoding Rules (BER)
Canonical Encoding Rules (CER) - Restricted
Distinguished Encoding Rules (DER) - Restricted