8 Questions
What is the primary purpose of salting in password storage?
To add a random value to the password before hashing
What type of firewall monitors and controls incoming and outgoing traffic on a single host?
Host-based firewall
What is the main difference between Default Deny and Default Allow firewall rules?
Default Deny denies all traffic unless explicitly allowed, while Default Allow allows all traffic unless explicitly denied
What is the primary goal of Access Control Lists (ACLs)?
To define permissions for users or groups to access resources
What is the main difference between Symmetric and Asymmetric encryption?
Symmetric encryption uses a single key, while Asymmetric encryption uses a pair of keys
What is the primary purpose of Cryptographic Hash Functions?
To ensure data integrity
What is the main advantage of using Role-Based Access Control (RBAC)?
It simplifies the management of access control by assigning roles to users
What is the main goal of password expiration policies?
To force users to change their passwords regularly
Study Notes
Password Management
-
Password Policies:
- Length: minimum 8-12 characters
- Complexity: mix of uppercase, lowercase, numbers, and special characters
- Expiration: 60-90 days
- History: prevent reuse of previous passwords
-
Password Storage:
- Hashing: one-way encryption, storing hashed passwords instead of plaintext
- Salting: adding a random value to the password before hashing
-
Password Cracking:
- Types: brute force, dictionary, rainbow table attacks
- Prevention: use strong passwords, implement rate limiting, and account lockout policies
Firewalls
-
Types:
- Network-based: monitors and controls incoming and outgoing network traffic
- Host-based: monitors and controls incoming and outgoing traffic on a single host
-
Firewall Rules:
- Default deny: denies all traffic unless explicitly allowed
- Default allow: allows all traffic unless explicitly denied
-
Firewall Configurations:
- Whitelisting: only allows specific traffic to pass through
- Blacklisting: blocks specific traffic from passing through
Access Control
-
Access Control Models:
- Discretionary Access Control (DAC): access based on user identity
- Mandatory Access Control (MAC): access based on user clearance level
- Role-Based Access Control (RBAC): access based on user role
-
Access Control Lists (ACLs):
- Define permissions for users or groups to access resources
- Can be used to implement DAC, MAC, and RBAC models
-
Authentication, Authorization, and Accounting (AAA):
- Authentication: verifies user identity
- Authorization: determines access to resources
- Accounting: tracks and logs user activity
Cryptography
-
Types of Cryptography:
- Symmetric encryption: uses the same key for encryption and decryption
- Asymmetric encryption: uses a pair of keys for encryption and decryption
-
Cryptography Algorithms:
- AES (Advanced Encryption Standard): symmetric encryption algorithm
- RSA (Rivest-Shamir-Adleman): asymmetric encryption algorithm
-
Cryptographic Hash Functions:
- SHA-256 (Secure Hash Algorithm 256): one-way encryption, used for data integrity
- MD5 (Message-Digest Algorithm 5): one-way encryption, used for data integrity (though considered insecure)
Password Management
- Password policies require a minimum of 8-12 characters in length, with a mix of uppercase, lowercase, numbers, and special characters.
- Passwords should expire every 60-90 days and have a history to prevent reuse of previous passwords.
- Password storage involves hashing, which is a one-way encryption, and salting, which adds a random value to the password before hashing.
- Password cracking can be prevented by using strong passwords, implementing rate limiting, and account lockout policies.
- Types of password cracking attacks include brute force, dictionary, and rainbow table attacks.
Firewalls
- Network-based firewalls monitor and control incoming and outgoing network traffic.
- Host-based firewalls monitor and control incoming and outgoing traffic on a single host.
- Firewall rules can have a default deny policy, which denies all traffic unless explicitly allowed, or a default allow policy, which allows all traffic unless explicitly denied.
- Firewall configurations can use whitelisting, which only allows specific traffic to pass through, or blacklisting, which blocks specific traffic from passing through.
Access Control
- Discretionary Access Control (DAC) grants access based on user identity.
- Mandatory Access Control (MAC) grants access based on user clearance level.
- Role-Based Access Control (RBAC) grants access based on user role.
- Access Control Lists (ACLs) define permissions for users or groups to access resources and can be used to implement DAC, MAC, and RBAC models.
- Authentication verifies user identity, authorization determines access to resources, and accounting tracks and logs user activity.
Cryptography
- Symmetric encryption uses the same key for encryption and decryption.
- Asymmetric encryption uses a pair of keys for encryption and decryption.
- AES (Advanced Encryption Standard) is a symmetric encryption algorithm.
- RSA (Rivest-Shamir-Adleman) is an asymmetric encryption algorithm.
- SHA-256 (Secure Hash Algorithm 256) is a one-way encryption algorithm used for data integrity.
- MD5 (Message-Digest Algorithm 5) is a one-way encryption algorithm used for data integrity, but it is considered insecure.
Assess your knowledge of password policies, storage, and cracking prevention methods. Learn how to create strong passwords and protect them from attacks.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
