Term
With the introduction of the computer the need for automated tools for protecting files and other
information stored on the computer became evident. |
|
Definition
|
|
Term
There is a natural tendency on the part of users and system managers to perceive little benefit
from security investment until a security failure occurs. |
|
Definition
|
|
Term
| There are clear boundaries between network security and internet security. |
|
Definition
|
|
Term
The CIA triad embodies the fundamental security objectives for both data and for information
and computing services. |
|
Definition
|
|
Term
In developing a particular security mechanism or algorithm one must always consider potential
attacks on those security features. |
|
Definition
|
|
Term
| A loss of confidentiality is the unauthorized modification or destruction of information. |
|
Definition
|
|
Term
| Patient allergy information is an example of an asset with a moderate requirement for integrity. |
|
Definition
|
|
Term
| The more critical a component or service, the higher the level of availability required. |
|
Definition
|
|
Term
Data origin authentication provides protection against the duplication or modification of data
units. |
|
Definition
|
|
Term
| The emphasis in dealing with passive attacks is on prevention rather than detection. |
|
Definition
|
|
Term
| Data integrity is the protection of data from unauthorized disclosure. |
|
Definition
|
|
Term
| Information access threats exploit service flaws in computers to inhibit use by legitimate users. |
|
Definition
|
|
Term
| Viruses and worms are two examples of software attacks. |
|
Definition
|
|
Term
A connection-oriented integrity service deals with individual messages without regard to any
larger context and generally provides protection against message modification only. |
|
Definition
|
|
Term
Pervasive security mechanisms are not specific to any particular OSI security service or protocol
layer |
|
Definition
|
|
Term
Public-key encryption is also referred to as conventional encryption, secret-key, or single-key
encryption. |
|
Definition
|
|
Term
| The advantage of a block cipher is that you can reuse keys. |
|
Definition
|
|
Term
| Ciphertext is the scrambled message produced as output. |
|
Definition
|
|
Term
The security of symmetric encryption depends on the secrecy of the algorithm, not the secrecy of
the key |
|
Definition
|
|
Term
The ciphertext-only attack is the easiest to defend against because the opponent has the least
amount of information to work with. |
|
Definition
|
|
Term
The Feistel structure is a particular example of the more general structure used by all symmetric
block ciphers. |
|
Definition
|
|
Term
| Smaller block sizes mean greater security but reduced encryption/decryption speed. |
|
Definition
|
|
Term
The essence of a symmetric block cipher is that a single round offers inadequate security but that
multiple rounds offer increasing security. |
|
Definition
|
|
Term
Triple DES was first standardized for use in financial applications in ANSI standard X9.17 in
1985. |
|
Definition
|
|
Term
| The most commonly used symmetric encryption algorithms are stream ciphers. |
|
Definition
|
|
Term
| The principal drawback of 3DES is that the algorithm is relatively sluggish in software. |
|
Definition
|
|
Term
| AES uses a Feistel structure. |
|
Definition
|
|
Term
Random numbers play an important role in the use of encryption for various network security
applications. |
|
Definition
|
|
Term
The primary advantage of a stream cipher is that stream ciphers are almost always faster and use
far less code than do block ciphers. |
|
Definition
|
|
Term
One desirable property of a stream cipher is that the ciphertext be longer in length than the
plaintext. |
|
Definition
|
|
Term
| Public key algorithms are useful in the exchange of conventional encryption keys. |
|
Definition
|
|
Term
Private key encryption is used to produce digital signatures which provide an enhanced form of
message authentication. |
|
Definition
|
|
Term
The strength of a hash function against brute-force attacks depends solely on the length of the
hash code produced by the algorithm. |
|
Definition
|
|
Term
The two important aspects of encryption are to verify that the contents of the message have not
been altered and that the source is authentic. |
|
Definition
|
|
Term
In the ECB mode of encryption if an attacker reorders the blocks of ciphertext then each block
will still decrypt successfully, however, the reordering may alter the meaning of the overall data
sequence. |
|
Definition
|
|
Term
| Message encryption alone provides a secure form of authentication. |
|
Definition
|
|
Term
Because of the mathematical properties of the message authentication code function it is less
vulnerable to being broken than encryption. |
|
Definition
|
|
Term
In addition to providing authentication, a message digest also provides data integrity and
performs the same function as a frame check sequence. |
|
Definition
|
|
Term
Cryptographic hash functions generally execute slower in software than conventional encryption
algorithms such as DES. |
|
Definition
|
|
Term
The main advantage of HMAC over other proposed hash based schemes is that HMAC can be
proven secure, provided that the embedded hash function has some reasonable cryptographic
strengths. |
|
Definition
|
|
Term
Public key algorithms are based on mathematical functions rather than on simple operations on
bit patterns. |
|
Definition
|
|
Term
| The private key is known only to its owner. |
|
Definition
|
|
Term
The security of the Diffie-Hellman key exchange lies in the fact that, while it is relatively easy to
calculate exponentials modulo a prime, it is very easy to calculate discrete logarithms. |
|
Definition
|
|
Term
The key exchange protocol is vulnerable to a man-in-the-middle attack because it does not
authenticate the participants. |
|
Definition
|
|
Term
Even in the case of complete encryption there is no protection of confidentiality because any
observer can decrypt the message by using the sender's public key. |
|
Definition
|
|
Term
For symmetric encryption to work the two parties to an exchange must share the same key, and
that key must be protected from access by others. |
|
Definition
|
|
Term
It is not necessary for a certification authority to maintain a list of certificates issued by that CA
that were not expired but were revoked. |
|
Definition
|
|
Term
| A session key is destroyed at the end of a session. |
|
Definition
|
|
Term
| Kerberos relies exclusively on asymmetric encryption and makes use of public key encryption. |
|
Definition
|
|
Term
The automated key distribution approach provides the flexibility and dynamic characteristics
needed to allow a number of users to access a number of servers and for the servers to exchange
data with each other. |
|
Definition
|
|
Term
If an opponent captures an unexpired service granting ticket and tries to use it they will be
denied access to the corresponding service. |
|
Definition
|
|
Term
The ticket-granting ticket is encrypted with a secret key known only to the authentication server
and the ticket granting server. |
|
Definition
|
|
Term
If the lifetime stamped on a ticket is very short (e.g., minutes) an opponent has a greater
opportunity for replay. |
|
Definition
|
|
Term
| Kerberos version 4 did not fully address the need to be of general purpose. |
|
Definition
|
|
Term
| One of the major roles of public-key encryption is to address the problem of key distribution. |
|
Definition
|
|
Term
It is not required for two parties to share a secret key in order to communicate securely with
conventional encryption. |
|
Definition
|
|
Term
| X.509 is based on the use of public-key cryptography and digital signatures. |
|
Definition
|
|
Term
User certificates generated by a CA need special efforts made by the directory to protect them
from being forged. |
|
Definition
|
|
Term
The principal underlying standard for federated identity is the Security Assertion Markup
Language (SAML) which defines the exchange of security information between online business
partners. |
|
Definition
|
|
Term
Federated identity management is a concept dealing with the use of a common identity
management scheme across multiple enterprises and numerous applications and supporting
many thousands, even millions, of users. |
|
Definition
|
|
Term
SSl/TLS includes protocol mechanisms to enable two TCP users to determine the security
mechanisms and services they will use. |
|
Definition
|
|
Term
Unlike traditional publishing environments, the Internet is three-way and vulnerable to attacks
on the Web servers. |
|
Definition
|
|
Term
Sessions are used to avoid the expensive negotiation of new security parameters for each
connection that shares security parameters. |
|
Definition
|
|
Term
| Microsoft Explorer originated SSL. |
|
Definition
|
|
Term
The World Wide Web is fundamentally a client/server application running over the Internet and
TCP/IP intranets. |
|
Definition
|
|
Term
One way to classify Web security threats is in terms of the location of the threat: Web server,
Web browser, and network traffic between browser and server. |
|
Definition
|
|
Term
The encryption of the compressed message plus the MAC must increase the content length by
more than 1024 bytes. |
|
Definition
|
|
Term
The Change Cipher Spec Protocol is one of the three SSL-specific protocols that use the SSL
Record Protocol. |
|
Definition
|
|
Term
| The SSL Record Protocol is used before any application data is transmitted. |
|
Definition
|
|
Term
| The first element of the CipherSuite parameter is the key exchange method. |
|
Definition
|
|
Term
The certificate message is required for any agreed on key exchange method except fixed
Diffie-Hellman. |
|
Definition
|
|
Term
| Phase 3 completes the setting up of a secure connection of the Handshake Protocol. |
|
Definition
|
|
Term
The shared master secret is a one-time 48-byte value generated for a session by means of secure
key exchange. |
|
Definition
|
|
Term
| The TLS Record Format is the same as that of the SSL Record Format. |
|
Definition
|
|
Term
Server authentication occurs at the transport layer, based on the server possessing a
public/private key pair |
|
Definition
|
|
Term
_________ security consists of measures to deter, prevent, detect, and correct security violations
that involve the transmission of information. |
|
Definition
|
|
Term
Verifying that users are who they say they are and that each input arriving at the system came
from a trusted source is _________ . |
|
Definition
|
|
Term
| __________ assures that systems work promptly and service is not denied to authorized users. |
|
Definition
|
|
Term
__________ assures that a system performs its intended function in an unimpaired manner, free
from deliberate or inadvertent unauthorized manipulation of the system. |
|
Definition
|
|
Term
The security goal that generates the requirement for actions of an entity to be traced uniquely to
that entity is _________ . |
|
Definition
|
|
Term
| __________ attacks attempt to alter system resources or affect their operation. |
|
Definition
|
|
Term
| A __________ takes place when one entity pretends to be a different entity. |
|
Definition
|
|
Term
X.800 defines _________ as a service that is provided by a protocol layer of communicating
open systems and that ensures adequate security of the systems or of data transfers. |
|
Definition
|
|
Term
_________ is a professional membership society with worldwide organizational and individual
membership that provides leadership in addressing issues that confront the future of the Internet
and is the organization home for the groups responsible for Internet infrastructure standards,
including the IETF and the IAB. |
|
Definition
|
|
Term
| The protection of data from unauthorized disclosure is _________ . |
|
Definition
|
|
Term
__________ is a U.S. federal agency that deals with measurement science, standards, and
technology related to U.S. government use and to the promotion of U.S. private sector
innovation. |
|
Definition
|
|
Term
| The prevention of unauthorized use of a resource is __________ . |
|
Definition
|
|
Term
| The __________ service addresses the security concerns raised by denial-of-service attacks. |
|
Definition
|
|
Term
| _________ is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. |
|
Definition
|
|
Term
_________ is a variety of mechanisms used to assure the integrity of a data unit or stream of data
units. |
|
Definition
|
|
Term
| A symmetric encryption scheme has _________ ingredients. |
|
Definition
|
|
Term
| _________ is the original message or data that is fed into the algorithm as input. |
|
Definition
|
|
Term
_________ mode requires only the implementation of the encryption algorithm and not the
decryption algorithm. |
|
Definition
|
|
Term
A __________ processes the input elements continuously, producing output one element at a
time, as it goes along. |
|
Definition
|
|
Term
| If both sender and receiver use the same key the system is referred to as _________ encryption. |
|
Definition
|
|
Term
| If the sender and receiver each use a different key the system is referred to as __________ encryption. |
|
Definition
|
|
Term
A _________ approach involves trying every possible key until an intelligible translation of the
ciphertext into plaintext is obtained. |
|
Definition
|
|
Term
With the ________ mode if there is an error in a block of the transmitted ciphertext only the
corresponding plaintext block is affected. |
|
Definition
|
|
Term
| The most common key length in modern algorithms is ________ . |
|
Definition
|
|
Term
A ________ takes as input a source that is effectively random and is often referred to as an
entropy source. |
|
Definition
|
|
Term
| A symmetric block cipher processes _________ of data at a time. |
|
Definition
|
|
Term
| In _________ mode a counter equal to the plaintext block size is used. |
|
Definition
|
|
Term
| The _________ algorithm performs various substitutions and transformations on the plaintext. |
|
Definition
|
|
Term
If the analyst is able to get the source system to insert into the system a message chosen by the
analyst, a _________ attack is possible. |
|
Definition
|
|
Term
| The _________ key size is used with the Data Encryption Standard algorithm. |
|
Definition
|
|
Term
| A _________ is a key used between entities for the purpose of distributing session keys. |
|
Definition
|
|
Term
| The __________ knows the passwords of all users and stores these in a centralized database and also shares a unique secret key with each server. |
|
Definition
|
|
Term
| Once the authentication server accepts the user as authentic it creates an encrypted _________ which is sent back to the client. |
|
Definition
|
|
Term
In order to solve the problem of minimizing the number of times that a user has to enter a
password and the problem of a plaintext transmission of the password a __________ server is
used. |
|
Definition
|
|
Term
In order to prevent an opponent from capturing the login ticket and reusing it to spoof the TGS,
the ticket includes a __________ indicating the date and time at which the ticket was issued. |
|
Definition
|
|
Term
| A ___________ is a service or user that is known to the Kerberos system and is identified by its principal name. |
|
Definition
|
|
Term
| Kerberos version 4 requires the use of ____________ . |
|
Definition
|
|
Term
| Encryption in version 4 makes use of a nonstandard mode of DES known as ___________ . |
|
Definition
|
|
Term
A random value to be repeated to assure that the response is fresh and has not been replayed by
an opponent is the __________ . |
|
Definition
|
|
Term
Used in most network security applications the __________ standard has become universally
accepted for formatting public-key certificates. |
|
Definition
|
|
Term
Containing the hash code of the other fields encrypted with the CA's private key, the __________
covers all of the other fields of the certificate and includes the signature algorithm identifier. |
|
Definition
|
|
Term
The _________ extension lists policies that the certificate is recognized as supporting, together
with optional qualifier information. |
|
Definition
|
|
Term
_________ are entities that obtain and employ data maintained and provided by identity and
attribute providers, which are often used to support authorization decisions and to collect audit
information. |
|
Definition
|
|
Term
| An __________ manages the creation and maintenance of attributes such as passwords and biometric information. |
|
Definition
|
|
Term
__________ is a centralized, automated approach to provide enterprise wide access to resources
by employees and other authorized individuals, with a focus of defining an identity for each
user, associating attributes with the identity, and enforcing a means by which a user can verify identity. |
|
Definition
|
|
Term
| ________ protects against passive attack (eavesdropping). |
|
Definition
|
|
Term
| The most important hash function is ________ . |
|
Definition
|
|
Term
| __________ is a procedure that allows communicating parties to verify that received messages are authentic. |
|
Definition
|
|
Term
If the message includes a _________ the receiver is assured that the message has not been
delayed beyond that normally expected for network transit. |
|
Definition
|
|
Term
| The purpose of a ___________ is to produce a "fingerprint" of a file, message, or other block of data. |
|
Definition
|
|
Term
It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). A hash function
with this property is referred to as __________ . |
|
Definition
|
|
Term
"It is easy to generate a code given a message, but virtually impossible to generate a message
given a code" describes the __________ hash function property. |
|
Definition
|
|
Term
The __________ property protects against a sophisticated class of attack known as the birthday
attack. |
|
Definition
|
|
Term
Secure Hash Algorithms with hash value lengths of 256, 384, and 512 bits are collectively known
as _________ . |
|
Definition
|
|
Term
| Public key cryptography is __________. |
|
Definition
|
|
Term
| The readable message or data that is fed into the algorithm as input is the __________ . |
|
Definition
|
|
Term
| The key used in conventional encryption is typically referred to as a _________ key. |
|
Definition
|
|
Term
The most widely accepted and implemented approach to public-key encryption, _________ is a
block cipher in which the plaintext and ciphertext are integers between 0 and n - 1 for some n. |
|
Definition
|
|
Term
The purpose of the _________ algorithm is to enable two users to exchange a secret key
securely that then can be used for subsequent encryption of messages and depends on the
difficulty of computing discrete logarithms for its effectiveness. |
|
Definition
|
|
Term
Based on the use of a mathematical construct known as the elliptic curve and offering equal
security for a far smaller bit size, __________ has begun to challenge RSA. |
|
Definition
|
|
