Erstellt von Sangeeta K
vor mehr als 6 Jahre
|
||
Frage | Antworten |
Confidentiality: with Steganography: The practice of hiding data within data. (Protects confidential info) | Integrity: with Hashing: Hashing techniques can be used to enforce integrity. Hashing algorithms include: Message Digest 5(MD 5); Secure Hash Algorithm 1 (SHA 1) and Hash-based Message Authentication Code (HMAC). A HASH IS A NUMBER CREATED BY EXECUTING A HASHING ALGORITHM against DATA, such as a file or message. DIGITAL SIGNATURES are also used for Integrity. DS' use PKIs and certificates, which include keys for encryption. |
Integrity provides assurances that data has not been modified, tampered with, or corrupted. Hashing VERIFIES integrity. If the two hashes are different, data integrity has been lost. | Three meanings of MAC: 1. Media Access Control (MAC): addresses physical addresses assigned to Network Interface Cards. 2. Mandatory Access Control (MAC) model is one of several access control models (see Ch. 2 in Gibson book) 3. Message Authentication Code (MAC) provides integrity similar to how a hash is used. Digital Signature also provides authentication. If a digital signature arrives intact, it authenticates the sender. Authentication from the Digital Signature prevents attackers from impersonating others. It also provides non-repudiation. For example, audit logs that record details such as who, what, when, and where. If Bart logs onto his laptop with his username and pw and deletes important files and audit logs recorded these actions, it provides NON-REPUDIATION. In sum, Digital Signatures provide Authentication AND Non-Repudiation. |
Third element in the CIA triad is: Availability. Organizations implement Redundancy and Fault Tolerance to ensure high levels of availability for critical systems. | Fault Tolerance and Redundancy Techniques include: a. Disk Redundancies b. Server Redundancies c. Load Balancing d. Site Redundancies e. Backups f. Alternate Power g. Cooling systems (Heating, ventilation, and ACs (HVAC) systems improve the availability of systems by reducing outages from overheating) h. Patching to address software bugs NOTE: Beyond CIA, safety is another common goal f security. |
Identification occurs when a user claims an identity such as with a username or email address. Authentication occurs when the user proves the claimed identity (such as with a password) and the credentials are verified. Access Control systems authorize access to resources based on permissions granted to the proven identity. | Authentication is of these types: -Something you know, such as a PW or Pin -Something you have such as a Smart Card or USB token -Something you are (Biometrics) -Somewhere you are (Such as your location using geolocation technologies) Something you do (e.g. touch screen patterns to lock and unlock an iPhone) |
Something you have: -Smart Cards (have embedded certificates and Public Key Infrastructure (PKI)) CACs and PIVs (types of smart cards used by DoD and the Feds) -Tokens or Key Fobs (e.g. token or RSA Secur ID; USB Tokens (include a USB Connector and a Smart Chip: stores a certificate similar to CAC)) | HOTP: HMAC-based One-Time password is an open standard used for creating a one-time PW similar to rolling passwords used in tokens. The algorithm combines a secret key and an incrementing counter and then uses HMAC to create a hash of the result, which it then converts to into a HOTP value of six-to-eight digits. TOTP: Time-based one-time passwords are similar to HOTPs except they use a time stamp instead of a counter and expire after 30 seconds. HOTP creates a one-time password that does not expire. |
AUTHENTICATION SERVICES 1. Kerberos: is a network authentication mechanism used within Windows AD domains and some Unix environments known as realms. Requirements of Kerberos: -Uses method of issuing tickets for authentication * The Key Distribution Center (KDC) and Ticket Granting Tickets (TGT) package user credentials within a ticket *Time synchronization (Kerberos requires all systems to be synchronized within 5 minutes of each other) A Database of Subjects or Users (e.g. Active Directory (AD)) |
Möchten Sie mit GoConqr kostenlos Ihre eigenen Karteikarten erstellen? Mehr erfahren.