Presentation is loading. Please wait.

Presentation is loading. Please wait.

CompTIA Security+ Study Guide (SY0-401)

Published byAmanda Russell Modified over 5 years ago

Similar presentations

Presentation on theme: "CompTIA Security+ Study Guide (SY0-401)"— Presentation transcript:

1 CompTIA Security+ Study Guide (SY0-401)
Chapter 8: Cryptography

2 Chapter 8: Cryptography
Implement the appropriate controls to ensure data security. Given a scenario, utilize general cryptography concepts. Given a scenario, use appropriate cryptographic methods. Given a scenario, use appropriate PKI, certificate management and associated components.

3 An Overview of Cryptography
Cryptography is a field almost as old as humankind. Parts of: Understanding Non-mathematical Cryptography Substitution Ciphers is a type of coding or ciphering system that changes one character or symbol into another. Transposition Ciphers (transportation code) involves transposing or scrambling the letters in a certain manner.

4 Chapter 8: Cryptography
Steganography is the process of hiding a message in a medium such as a digital image, audio file, or other file. Hybrid Systems By combining two or more of these methods of non-mathematical cryptography, you can make a pretty good cipher system. Mathematical cryptography deals with using mathematical processes on characters or messages. Hashing: refers to performing a calculation on a message and converting it into a numeric hash value.

5 Working with Symmetric Algorithms
Symmetric algorithms require both ends of an encrypted message to have the same key and processing algorithms. Some Common Standards that use Symmetric Algorithms: Data Encryption Standard (DES) Triple-DES (3DES) Advanced Encryption Standard (AES)

6 Working with Asymmetric Algorithms
Asymmetric algorithms use two keys to encrypt and decrypt data. Public key Private key

7 Chapter 8: Cryptography
Cryptographic algorithms are used to encode a message from its unencrypted or clear-text state into an encrypted message. Hashing the process of converting a message, or data, into a numeric value. Secure Hash Algorithm (SHA) Message Digest Algorithm (MD) Rainbow Tables and Salt Key Stretching

8 Code-breaking Techniques
Frequency Analysis involves looking at blocks of an encrypted message to determine if any common patterns exist. Algorithm Errors is a method or set of instructions used to perform a task or instruction. Brute-Force Attacks can be accomplished by applying every possible combination of characters that could be the key. Exploiting Human Error Human error is one of the major causes of encryption vulnerabilities.

9 Chapter 8: Cryptography
Cryptographic system A cryptographic system is a system, method, or process that is used to provide encryption and decryption. Confidentiality and Strength Integrity Digital Signatures Authentication Nonrepudiation

10 Origins of Encryption Standards
Early cryptography standards were primarily designed to secure communications for the government and military The Role of Government Agencies National Security Agency (NSA) National Security Agency/Central Security Service National Institute of Standards and Technology National Institute of Standards and Technology (NIST)

11 Industry Associations and the Developmental Process
The need for security in specific industries, such as the banking industry, has driven the development of standards. American Bankers Association (ABA) Internet Engineering Task Force (IETF) Internet Society (ISOC) World Wide Web Consortium (W3C) International Telecommunications Union (ITU) Institute of Electrical and Electronics Engineers (IEEE) Public domain cryptography Pretty Good Privacy

12 Chapter 8: Cryptography
Public-Key Infrastructure X.509/Public-Key Cryptography Standards: Public-Key Infrastructure X.509 (PKIX) is the working group formed by the IETF to develop standards and models for the PKI environment. Public-Key Cryptography Standards (PKCS) is a set of voluntary standards created by RSA and security leaders.

13 Chapter 8: Cryptography
X.509 The X.509 standard defines the certificate formats and fields for public keys. It also defines the procedures that should be used to distribute public keys. SSL and TLS Secure Sockets Layer (SSL) is used to establish a secure communication connection between two TCP-based machines. Certificate Management Protocol (CMP) is a messaging protocol used between PKI entities. Secure Multipurpose Internet Mail Extensions (S/MIME) is a standard used for encrypting .

14 Chapter 8: Cryptography
Pretty Good Privacy (PGP) is a freeware e‑mail encryption system. Hypertext Transport Protocol over SSL (HTTPS) Secure Hypertext Transport Protocol (S-HTTP) IP Security (IPSec)

15 Chapter 8: Cryptography
Tunneling protocols add a capability to the network Most common protocols used for tunneling: Point-to-Point Tunneling Protocol (PPTP) Layer 2 Forwarding (L2F) Tunneling Protocol (L2TP). The Federal Information Processing Standard (FIPS) is a set of guidelines for the United States federal government information systems.

16 Public Key Infrastructure
Public Key Infrastructure (PKI) is intended to provide a means of providing security to messages and transactions on a grand scale. PKI is a two-key—asymmetric—system with four main components: certificate authority (CA) registration authority (RA RSA (the encryption algorithm) digital certificates

17 Chapter 8: Cryptography
certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates. registration authority (RA It can distribute keys, accept registrations for the CA, and validate identities. local registration authority (LRA) It can be used to identify or establish the identity of an individual for certificate issuance.

18 Implementing Certificates
provide the primary method of identifying that a given user is valid can be used to store authorization information can verify or certify that a system is using the correct software and processes to communicate

19 Chapter 8: Cryptography
Certificate Policies define what certificates do Certificate Practice Statement (CPS) is a detailed statement the CA uses to issue certificates and implement its policies.

20 Certificate Revocation
is the process of revoking a certificate before it expires Certificate Revocation List (CRL) Online Certificate Status Protocol (OCSP) Repository a database or database server where the certificates are stored

21 Trust Models Four main types of trust models are used with PKI: 1. Hierarchical 2. Bridge 3. Mesh 4. Hybrid

22 Trust Models hierarchical trust model
also known as a tree—a root CA at the top provides all the information bridge trust model a peer-to-peer relationship exists between the root CAs mesh trust model expands the concepts of the bridge model by supporting multiple paths and multiple root CAs hybrid trust model can use the capabilities of any or all of the structures discussed in the previous sections

Download ppt "CompTIA Security+ Study Guide (SY0-401)"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Cryptographic Security Presented by: Josh Baker October 9 th, 2012 1CS5204 – Operating Systems.

Cryptographic Security Presented by: Josh Baker October 9 th, CS5204 – Operating Systems.
Crytography Chapter 8.

Crytography Chapter 8.
1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP.

1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies

Cryptographic Technologies
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Chapter 8 Web Security.

Chapter 8 Web Security.

Similar presentations

Ads by Google