Encryption and Authentication Quiz

Understanding Encryption and Authentication for Securing Data Transmissions

• Encryption protects data by scrambling it with a randomly generated passcode, called an encryption key.
• Authentication is the process of determining if a claim is true using a secret or piece of evidence called a “factor”.
• Authentication is followed by authorization, which grants access to the user.
• Multiple factors can be used to make it harder for a bad actor to gain access, such as two-factor authentication.
• In cloud applications, public-key encryption is used, which uses two keys: one to encrypt the data and one to decrypt it.
• Public keys are often publicly available, but private keys must be kept secret.
• Attackers can steal private keys or trick the sender into using the wrong public key with a Man-in-the-Middle attack.
• Encryption authentication prevents attacks with digital signatures unique to each party.
• SSL/TLS uses a trustworthy Certificate Authority (CA) to verify each party and handle encryption key management automatically.
• Anyone moving data through a network should use secure, authenticated, and industry-accepted encryption mechanisms.
• Sensitive data should be encrypted when transmitted across networks to protect against eavesdropping by unauthorized users.
• Recommendations for strategies to encrypt and authenticate users include web traffic over SSL, email encryption with PGP or S/MIME, and application or network level encryption for non-web traffic.