CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals
|
|
- Phyllis Porter
- 6 years ago
- Views:
Transcription
1 CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals This course contains copyrighted material used by permission of Logical Operations, Inc.
2 Slide 1 Course 01: Security Fundamentals The Information Security Cycle Information Security Controls Authentication Methods Cryptography Fundamentals Security Policy Fundamentals OV 1-1
3 Slide 2 Topic A: The Information Security Cycle What Is Information Security? What to Protect Goals of Security Risk Threats A Vulnerability Intrusions Attacks Controls Types of Controls The Security Management Process OV 1-2
4 Slide 3 What Is Information Security? Protection of available information or information resources. Necessary for a responsible individual or organization to secure confidential information. Minimize business risks and other consequences of losing crucial data. OV 1-3
5 Slide 4 What to Protect Data Resource Data Resource OV 1-4
6 Slide 5 Goals of Security Prevention Detection Recovery OV 1-5
7 Slide 6 Risk Likelihood: Rare Damage: Moderate Disgruntled Former Employees Threat of Improper Access OV 1-6
8 Slide 7 Threats Intentional or unintentional Information Security Threats Changes to Information Interruption of Services Interruption of Access Damage to Hardware Damage to Facilities OV 1-7
9 Slide 8 A Vulnerability Attacker Unsecured Router Information System OV 1-8
10 Slide 9 Intrusions OV 1-9
11 Slide 10 Attacks Physical Security Attacks Software-Based Attacks Social Engineering Attacks Web Application-Based Attacks Network-Based Attacks OV 1-10
12 Slide 11 Controls Controls are the countermeasures that you need to put in place to avoid, mitigate, or counteract security risks due to threats or attacks. Prevention Control Detection Control Correction Control OV 1-11
13 Slide 12 Types of Controls Prevention Detection Correction OV 1-12
14 Slide 13 The Security Management Process OV 1-13
15 Slide 14 Topic B: Information Security Controls The CIA Triad Non-repudiation Identification Authentication Authentication Factors Authorization Access Control Access Control Models Accounting and Auditing Common Security Practices Implicit Deny Least Privilege Separation of Duties Job Rotation Mandatory Vacation Time of Day Restrictions Privileged Management OV 1-14
16 Slide 15 The CIA Triad Availability OV 1-15
17 Slide 16 Non-repudiation OV 1-16
18 Slide 17 Identification OV 1-17
19 Slide 18 Authentication OV 1-18
20 Slide 19 Authentication Factors Something you are Fingerprints, handprints, or retinal patterns Something you have Key or ID card Something you know Password or PIN Somewhere you are or are not IP address or GPS Something you do Keystroke patterns Password OV 1-19
21 Slide 20 Authorization Determining the rights and privileges of a user or entity. Comes after identification and authentication. OV 1-20
22 Slide 21 Access Control Determining and assigning privileges to resources, objects, or data. Manages authorization. OV 1-21
23 Slide 22 Access Control Models Mandatory Access Control (MAC) Discretionary Access Control (DAC) Role-Based Access Control (RBAC) Rule-Based Access Control OV 1-22
24 Slide 23 Accounting and Auditing The process of tracking and recording system activities and resource access. Auditing: examine what was recorded. OV 1-23
25 Slide 24 Common Security Practices Implicit deny Least privilege Separation of duties Job rotation Mandatory vacation Time of day restrictions Privilege management OV 1-24
26 Slide 25 Implicit Deny Default Deny Read Access Granted Write Access Denied OV 1-25
27 Slide 26 Least Privilege Perform their jobs with fewer privileges User 1 User 4 Perform their jobs with more privileges User 2 Data Entry Clerks User 3 Financial Coordinators OV 1-26
28 Slide 27 Separation of Duties Backup Audit Restore OV 1-27
29 Slide 28 Job Rotation Backup Access Control Audit Firewall Restore OV 1-28
30 Slide 29 Mandatory Vacation OV 1-29
31 Slide 30 Time of Day Restrictions AM PM OV 1-30
32 Slide 31 Privilege Management Accounting/Auditing Authorization Access Control Administrator Authentication OV 1-31
33 Slide 32 Topic C: Authentication Methods User Name/Password Authentication Tokens Biometrics Geolocation Keystroke Authentication Multi-factor Authentication Mutual Authentication OV 1-32
34 Slide 33 User Name/Password Authentication Password User name OV 1-33
35 Slide 34 Tokens Unique Value PIN User Information Password OV 1-34
36 Slide 35 Biometrics Fingerprint scanner Retinal scanner Hand geometry scanner Voice-recognition software Facial-recognition software Fingerprint Scanner OV 1-35
37 Slide 36 Geolocation Where you are or are not. Determines physical location from IP address, MAC address, RFID, GPS coordinates, etc. Authentication requests from approved locations are granted. Authentication Approved Authentication Request Approved Locations Authentication Denied OV 1-36
38 Slide 37 Keystroke Authentication Keystroke Pattern Detector OV 1-37
39 Slide 38 Multi-factor Authentication Password ID Card OV 1-38
40 Slide 39 Mutual Authentication OV 1-39
41 Slide 40 Topic D: Cryptography Fundamentals Cryptography Encryption and Decryption Ciphers Cipher Types Encryption and Security Goals Steganography A Key Hashing Encryption Hashing Encryption Algorithms Symmetric Encryption Symmetric Encryption Algorithms Asymmetric Encryption Asymmetric Encryption Technologies Key Exchange Digital Signatures Cipher Suites Session Keys Key Stretching OV 1-40
42 Slide 41 Cryptography G7JDZL L539CZ AA9CZ1 ZPQ12G 93L12B LP7FFH 18ABHU UJ14A9 334FYO K71TYP CS HHX SAPRW1 SP563S 3F8Y0K PVF129 A7V8TT ADL10M N031M1 LAE3FB 1L598X RX0FYT LM2HU5 GT610A I5581Z QH1UNB 9JB70W OV 1-41
43 Slide 42 Encryption and Decryption Plaintext Encryption Ciphertext Ciphertext Decryption Plaintext OV 1-42
44 Slide 43 Ciphers Original Information Cipher Encrypted Information OV 1-43
45 Slide 44 Cipher Types Stream Cipher Plaintext Cipher Ciphertext Block Cipher Plaintext Block Cipher Ciphertext Block OV 1-44
46 Slide 45 Encryption and Security Goals Confidentiality Integrity Non-repudiation Authentication Access control OV 1-45
47 Slide 46 Steganography Steganographic techniques include: Hiding information in blocks. Hiding information within images. Invisibly altering the structure of a digital image. Vessel Image Steganographic Image Secret Data OV 1-46
48 Slide 47 A Key Original Information Cipher Encrypted Information = Two Letters Following OV 1-47
49 Slide 48 Hashing Encryption OV 1-48
50 Slide 49 Hashing Encryption Algorithms MD5 SHA NTLM versions 1 and 2 RIPEMD HMAC OV 1-49
51 Slide 50 Symmetric Encryption Encrypts Data Decrypts Data Same Key on Both Sides OV 1-50
52 Slide 51 Symmetric Encryption Algorithms DES 3DES AES Blowfish Twofish RC 4, 5, 6 OV 1-51
53 Slide 52 Asymmetric Encryption Public Key Encrypts Private Key Decrypts OV 1-52
54 Slide 53 Asymmetric Encryption Techniques RSA DH ECC DHE ECDHE OV 1-53
55 Slide 54 Key Exchange Sender Receiver For messages to be exchanged, the sender and receiver need the right cryptographic keys Symmetric cipher: Same key Asymmetric cipher: Each other s public key OV 1-54
56 Slide 55 Digital Signatures Hash Value of Signature Hash Value Matches OV 1-55
57 Slide 56 Cipher Suites Collections of symmetric and asymmetric encryption algorithms: Key exchange Bulk encryption Message authentication code Pseudorandom function Establish secure connections between hosts. Associated with TLS and SSL network protocols. Over 200 named cipher suites provide varying protection levels. Key Exchange Algorithm Bulk Encryption Algorithm Message Authentication Code Algorithm Pseudorandom Function Cypher Suite OV 1-56
58 Slide 57 Session Keys Single-Use Key Related Messages Sender Receiver Unrelated message requires a different key OV 1-57
59 Slide 58 Key Stretching Original Key Key Stretching Algorithm Enhanced Key Key stretching makes it harder to crack passwords and passphrases. OV 1-58
60 Slide 59 Topic E: Security Policy Fundamentals A Security Policy Security Policy Components Common Security Policy Types Group Policy Security Document Categories Change Management Documentation Handling Measures OV 1-59
61 Slide 60 A Security Policy Individual Policy Resources to Protect Formal Policy Statement Implementation Measures OV 1-60
62 Slide 61 Security Policy Components Policy statement Standards Guidelines Procedures OV 1-61
63 Slide 62 Common Security Policy Types AUP Privacy policy Audit policy Extranet policy Password policy Wireless standards policy Social media policy OV 1-62
64 Slide 63 Group Policy OV 1-63
65 Slide 64 Security Document Categories System architecture Change documentation Logs Inventories OV 1-64
66 Slide 65 Change Management OV 1-65
67 Slide 66 Documentation Handling Measures Classification Retention and Storage Disposal and Destruction OV 1-66
68 Slide 67 Course 01 Review: Security Fundamentals The Information Security Cycle Information Security Controls Authentication Methods Cryptography Fundamentals Security Policy Fundamentals OV 1-67
69 Slide 68 Reflective Questions 1. Which of the basic security concepts in this lesson were familiar to you, and which were new? 2. Can you describe some real-world situations where you used basic security techniques such as authentication, access control, and encryption, or made use of a security policy? OV 1-68
70 This course contains copyrighted material used by permission of Logical Operations, Inc.
71 Review Questions: 1. Which of the following is not a goal of security? A. Prevention B. Prosecution C. Detection D. Recovery 2. Which of the following could be described as a weakness in a system? A. Risk B. Threats C. 0-day D. Vulnerability 3. When looking at risk, you should consider the extent of damage that could be done along with what else? A. Likelihood B. Insurance C. Response teams D. Firewalls 4. A control is considered to be what? A. Keyboards B. Buttons on the mouse C. Countermeasure D. Social Engineering 5. Besides Prevention and Correction, what is the 3rd type of control? A. Detection B. Awareness C. Discouragement D. None of the above 6. In the CIA Triad, the I stands for what? A. Identification B. Integrity C. Information D. Inbound traffic
72 7. Using biometrics for authentication would be what type of authentication factor? A. Something you are B. Something you have C. Something you know D. Something you do 8. True or False: Using multi-factor authentication does not really help strengthen the process of authentication. A. True B. False 9. The owner of an object can determine the permissions to access that object. This is what type of access control model? A. MAC B. Role-based C. Rule-based D. DAC 10. Giving users just enough access/permissions to accomplish their job is known as what? A. Least Privilege B. Default - No Access C. Implicit Deny D. None of the above
73 Answer Key: 1. B Prosecution would be something sought after the security event occurred. 2. D A vulnerability is a weakness in a system, such as a flaw in a program, poor configuration, etc. 3. A We should evaluate risk based on the amount of damage (Single Loss Event) and the likelihood that this could occur. 4. C A control is a type of countermeasure used to reduce risk. 5. A Detection is the 3rd type of control. 6. B This is for Integrity, where the goal is to protect our information from accidental or malicious changes. 7. A This is the "something you are" authentication factor. 8. B False. Multi-factor authentication increases the strength of authentication, which in turn increases your security profile. 9. D This is known as Discretionary Access Control. 10. A This is the concept of Least Privilege, which also implies that if you don't have permission, then you should be denied access.
Protecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 10 - Identity Management and Access Control MIS5206 Week 10 Identity Management and Access Control Presentation Schedule Test Taking Tip Quiz Identity Management and
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationCompTIA Security+ (Exam SY0-401)
CompTIA Security+ (Exam SY0-401) Course Overview This course will prepare students to pass the current CompTIA Security+ SY0-401 certification exam. After taking this course, students will understand the
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography Objectives Define cryptography Describe hashing List the basic symmetric cryptographic algorithms 2 Objectives
More informationPost-Class Quiz: Access Control Domain
1. In order to perform data classification process, what must be present? A. A data classification policy. B. A data classification standard. C. A data classification procedure. D. All of the above. 2.
More informationSoftware Development & Education Center Security+ Certification
Software Development & Education Center Security+ Certification CompTIA Security+ Certification CompTIA Security+ certification designates knowledgeable professionals in the field of security, one of the
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST \ http://www.pass4test.com We offer free update service for one year Exam : SY0-301 Title : CompTIA Security+ Certification Exam (SY0-301) Vendor : CompTIA Version : DEMO 1 / 5 Get Latest & Valid
More informationCompTIA JK CompTIA Academic/E2C Security+ Certification. Download Full Version :
CompTIA JK0-022 CompTIA Academic/E2C Security+ Certification Download Full Version : https://killexams.com/pass4sure/exam-detail/jk0-022 Answer: C QUESTION: 195 A security engineer is asked by the company
More informationBraindumpsVCE. Best vce braindumps-exam vce pdf free download
BraindumpsVCE http://www.braindumpsvce.com Best vce braindumps-exam vce pdf free download Exam : SY0-501 Title : CompTIA Security+ Certification Exam Vendor : CompTIA Version : DEMO Get Latest & Valid
More informationCompTIA Security+ (2008 Edition) Exam
CompTIA SY0-201 CompTIA Security+ (2008 Edition) Exam Version: 7.20 Topic 1, Volume A QUESTION NO: 1 Which of the following cryptography types provides the same level of security but uses smaller key sizes
More informationTestpassport http://www.testpassport.net Exam : SY0-301 Title : Security+ Certification Exam 2011 version Version : Demo 1 / 5 1.Which of the following is the BEST approach to perform risk mitigation of
More informationKALASALINGAM UNIVERSITY
KALASALINGAM UNIVERSITY (Kalasalingam Academy of Research and Education) DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING CLASS NOTES CRYPTOGRAPHY AND NETWOTK SECURITY (CSE 405) Prepared by M.RAJA AP/CSE
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationIntroduction and Overview. Why CSCI 454/554?
Introduction and Overview CSCI 454/554 Why CSCI 454/554? Get Credits and Graduate Security is important More job opportunities More research funds 1 Workload Five homework assignments Two exams (open book
More informationChapter 19 Security. Chapter 19 Security
Chapter 19 Security Outline 19.1 Introduction 19.2 Cryptography 19.2.1 Secret-Key Cryptography 19.2.2 Public-Key Cryptography 19.3 Authentication 19.3.1 Basic Authentication 19.3.2 Biometrics and Smart
More informationCS 356 Lecture 7 Access Control. Spring 2013
CS 356 Lecture 7 Access Control Spring 2013 Review Chapter 1: Basic Concepts and Terminology Integrity, Confidentiality, Availability, Authentication, and Accountability Types of threats: active vs. passive,
More informationChapter 15: Security. Operating System Concepts 8 th Edition,
Chapter 15: Security, Silberschatz, Galvin and Gagne 2009 Chapter 15: Security The Security Problem Program Threats System and Network Threats Cryptography as a Security Tool User Authentication Implementing
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationCompTIA Security+(2008 Edition) Exam
http://www.51- pass.com Exam : SY0-201 Title : CompTIA Security+(2008 Edition) Exam Version : Demo 1 / 7 1.An administrator is explaining the conditions under which penetration testing is preferred over
More informationChapter 5 Authentication and Basic Cryptography
Chapter 5 Authentication and Basic Cryptography Resource from : Chapter 8 & 11 Authentication Security+ Guide to Network Security Fundamentals, Third Edition 1 Dr.Sukchatri PRASOMSUK School of Information
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationChapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao
Chapter 9: Database Security: An Introduction Nguyen Thi Ai Thao thaonguyen@cse.hcmut.edu.vn Spring- 2016 Outline Introduction to Database Security Issues Types of Security Threats to databases Database
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationCUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE
Instructor: Prof Aftab Ahmad Office: NB 612 Telephone No. (212)393-6314 Email Address: aahmad@jjay.cuny.edu Office Hours: By appointment TEXT & REFERENCE MATERIAL Text Notes from instructor posted on Blackboard
More informationDefine information security Define security as process, not point product.
CSA 223 Network and Web Security Chapter One What is information security. Look at: Define information security Define security as process, not point product. Define information security Information is
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationAPNIC elearning: Cryptography Basics
APNIC elearning: Cryptography Basics 27 MAY 2015 03:00 PM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security
More informationSyllabus: The syllabus is broadly structured as follows:
Syllabus: The syllabus is broadly structured as follows: SR. NO. TOPICS SUBTOPICS 1 Foundations of Network Security Principles of Network Security Network Security Terminologies Network Security and Data
More informationSecurity. Communication security. System Security
Security Communication security security of data channel typical assumption: adversary has access to the physical link over which data is transmitted cryptographic separation is necessary System Security
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationCompTIA Security+ Certification
CompTIA Security+ Certification Course Number: SY0-301 Length: 5 Days Certification Exam This course is preparation for the CompTIA Security+ Certification exam. Course Overview This course will prepare
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationNetwork Security and Cryptography. December Sample Exam Marking Scheme
Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers
More informationBCA III Network security and Cryptography Examination-2016 Model Paper 1
Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 1 M.M:50 The question paper contains 40 multiple choice questions with four choices and student will have to pick the correct
More informationSecurity in ECE Systems
Lecture 11 Information Security ECE 197SA Systems Appreciation Security in ECE Systems Information security Information can be very valuable Secure communication important to protect information Today
More informationMost Common Security Threats (cont.)
Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?
More informationn Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network
Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 14: Folklore, Course summary, Exam requirements Ion Petre Department of IT, Åbo Akademi University 1 Folklore on
More informationVerteilte Systeme (Distributed Systems)
Verteilte Systeme (Distributed Systems) Lorenz Froihofer l.froihofer@infosys.tuwien.ac.at http://www.infosys.tuwien.ac.at/teaching/courses/ VerteilteSysteme/ Security Threats, mechanisms, design issues
More informationPASSWORDS & ENCRYPTION
PASSWORDS & ENCRYPTION Villanova University Department of Computing Sciences D. Justin Price Fall 2014 CRYPTOGRAPHY Hiding the meaning of a message from unintended recipients. Open source algorithms are
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More information1.264 Lecture 28. Cryptography: Asymmetric keys
1.264 Lecture 28 Cryptography: Asymmetric keys Next class: Anderson chapters 20. Exercise due before class (Reading doesn t cover same topics as lecture) 1 Asymmetric or public key encryption Receiver
More informationNetwork Security and Cryptography. 2 September Marking Scheme
Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,
More informationComptia.Certkey.SY0-401.v by.SANFORD.362q. Exam Code: SY Exam Name: CompTIA Security+ Certification Exam
Comptia.Certkey.SY0-401.v2014-09-23.by.SANFORD.362q Number: SY0-401 Passing Score: 800 Time Limit: 120 min File Version: 18.5 Exam Code: SY0-401 Exam Name: CompTIA Security+ Certification Exam Exam A QUESTION
More informationAuthentication. Chapter 2
Authentication Chapter 2 Learning Objectives Create strong passwords and store them securely Understand the Kerberos authentication process Understand how CHAP works Understand what mutual authentication
More informationCPET 499/ITC 250 Web Systems Chapter 16 Security. Topics
CPET 499/ITC 250 Web Systems Chapter 16 Security Text Book: * Fundamentals of Web Development, 2015, by Randy Connolly and Ricardo Hoar, published by Pearson Paul I-Hai, Professor http://www.etcs.ipfw.edu/~lin
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationLecture 1: Introduction to Security Architecture. for. Open Systems Interconnection
Lecture 1: Introduction to Security Architecture for Open Systems Interconnection 1. Purpose of Document This document includes notes to guide the self-study of the students of the lectures on Network
More informationAuthentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1
Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1 CIA Triad Confidentiality Prevent disclosure of information to unauthorized parties Integrity Detect data tampering Availability
More informationHOST Authentication Overview ECE 525
Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication in real-time
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 2 Cryptographic Tools First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Cryptographic Tools cryptographic algorithms
More informationCryptography MIS
Cryptography MIS-5903 http://community.mis.temple.edu/mis5903sec011s17/ Cryptography History Substitution Monoalphabetic Polyalphabetic (uses multiple alphabets) uses Vigenere Table Scytale cipher (message
More informationThe question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).
Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 2 M.M:50 The question paper contains 40 multiple choice questions with four choices and students will have to pick the
More informationE-Commerce Security Pearson Prentice Hall, Electronic Commerce 2008, Efraim Turban, et al.
E-Commerce Security 2008 Pearson Prentice Hall, Electronic Commerce 2008, Efraim Turban, et al. Learning Objectives 1. Explain EC-related crimes and why they cannot be stopped. 2. Describe an EC security
More informationEXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
EXCERPT NIST Special Publication 800-171 R1 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations An Excerpt Listing All: Security Requirement Families & Controls Security
More informationMU2a Authentication, Authorization & Accounting Questions and Answers with Explainations
98-367 MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations Which are common symptoms of a virus infection? (Lesson 5 p 135-136) Poor system performance. Unusually low
More informationkey distribution requirements for public key algorithms asymmetric (or public) key algorithms
topics: cis3.2 electronic commerce 24 april 2006 lecture # 22 internet security (part 2) finish from last time: symmetric (single key) and asymmetric (public key) methods different cryptographic systems
More informationCASP CompTIA Advanced Security Practitioner Study Guide: (Exam CAS-001)
CASP CompTIA Advanced Security Practitioner Study Guide: (Exam CAS-001) Gregg, Michael ISBN-13: 9781118083192 Table of Contents Foreword xxi Introduction xxvii Assessment Test xliv Chapter 1 Cryptographic
More informationAuthentication CHAPTER 17
Authentication CHAPTER 17 Authentication Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources. getting entrance
More informationNumber Theory and RSA Public-Key Encryption
Number Theory and RSA Public-Key Encryption Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University E-mail: natarajan.meghanathan@jsums.edu CIA Triad: Three Fundamental
More informationCourse overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)
Overview This course is intended for those wishing to qualify with CompTIA Security+. CompTIA's Security+ Certification is a foundation-level certificate designed for IT administrators with 2 years' experience
More informationSecurity Policies and Procedures Principles and Practices
Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability
More informationGlenda Whitbeck Global Computing Security Architect Spirit AeroSystems
Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems History 2000 B.C. Egyptian Hieroglyphics Atbash - Hebrew Original alphabet mapped to different letter Type of Substitution Cipher
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More information06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security
1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security Dr. L. Christofi 1 0. Overview As the knowledge of computer networking and protocols has become more widespread, so the threat of
More informationIntroduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell
Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell 1 Cryptography Merriam-Webster Online Dictionary: 1. secret writing 2. the enciphering and deciphering
More informationProtecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures MIS5206 Week 11 Identity and Access Control Week 10 continued Cryptography, Public Key Encryption and
More informationEncryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Overview Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message
More informationVPN Overview. VPN Types
VPN Types A virtual private network (VPN) connection establishes a secure tunnel between endpoints over a public network such as the Internet. This chapter applies to Site-to-site VPNs on Firepower Threat
More informationWireless Attacks and Countermeasures
Wireless Attacks and Countermeasures Wireless Network Technology Wireless network refers to any type of computer network which is wireless, and is commonly associated with a network whose interconnections
More informationCSC 774 Network Security
CSC 774 Network Security Topic 2. Review of Cryptographic Techniques CSC 774 Dr. Peng Ning 1 Outline Encryption/Decryption Digital signatures Hash functions Pseudo random functions Key exchange/agreement/distribution
More informationFRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months
FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months MODULE: INTRODUCTION TO INFORMATION SECURITY INFORMATION SECURITY ESSENTIAL TERMINOLOGIES
More informationGoogle Cloud Platform: Customer Responsibility Matrix. December 2018
Google Cloud Platform: Customer Responsibility Matrix December 2018 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect
More informationIBM i Version 7.2. Security Cryptography IBM
IBM i Version 7.2 Security ryptography IBM IBM i Version 7.2 Security ryptography IBM Note Before using this information and the product it supports, read the information in Notices on page 275. This
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationCS 111. Operating Systems Peter Reiher
Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources Operating Systems Peter Reiher Page 1 Outline Basic concepts in computer security Design principles for security
More informationIntruders, Human Identification and Authentication, Web Authentication
Intruders, Human Identification and Authentication, Web Authentication David Sanchez Universitat Pompeu Fabra 06-06-2006 Lecture Overview Intruders and Intrusion Detection Systems Human Identification
More informationInformation Security in Corporation
Information Security in Corporation System Vulnerability and Abuse Software Vulnerability Commercial software contains flaws that create security vulnerabilities. Hidden bugs (program code defects) Zero
More informationTECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES
TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES Contents Introduction... 3 The Technical and Organizational Data Security Measures... 3 Access Control of Processing Areas (Physical)... 3 Access Control
More informationMODULE NO.28: Password Cracking
SUBJECT Paper No. and Title Module No. and Title Module Tag PAPER No. 16: Digital Forensics MODULE No. 28: Password Cracking FSC_P16_M28 TABLE OF CONTENTS 1. Learning Outcomes 2. Introduction 3. Nature
More informationتاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم
بنام خدا تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم امنیت بخشی به سیستمهای فناوری اطالعات Securing Information Systems 1 Learning Objectives Describe the business value of security and control.
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationComputer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University
Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two
More information5 Tips to Fortify your Wireless Network
Article ID: 5035 5 Tips to Fortify your Wireless Network Objective Although Wi-Fi networks are convenient for you and your employees, there may be unwanted clients using up the bandwidth you pay for. In
More informationDistributed Systems. Lecture 14: Security. Distributed Systems 1
06-06798 Distributed Systems Lecture 14: Security Distributed Systems 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationISC2. Exam Questions CISSP. Certified Information Systems Security Professional (CISSP) Version:Demo
ISC2 Exam Questions CISSP Certified Information Systems Security Professional (CISSP) Version:Demo 1. How can a forensic specialist exclude from examination a large percentage of operating system files
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationDistributed Systems. Lecture 14: Security. 5 March,
06-06798 Distributed Systems Lecture 14: Security 5 March, 2002 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationIT443 Network Security Administration Spring Gabriel Ghinita University of Massachusetts at Boston
IT443 Network Security Administration Spring 2018 Gabriel Ghinita University of Massachusetts at Boston Contact Information Instructor: Dr. Gabriel Ghinita Email: Gabriel.Ghinita@umb.edu (preferred contact)
More informationTop-Down Network Design
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer 1 Network Security Design The steps for security design are: 1. Identify
More informationSecurity Policy (EN) v1.3
Security Policy (EN) v1.3 Author: Erik Klein Langenhorst Date: Sept 21, 2017 Classificatie: 2 Intended for stakeholders only Security Policy (EN) v1.5 Pagina 1 van 9 Version History Version Date Name Changes
More informationLecture III : Communication Security Mechanisms
Lecture III : Communication Security Mechanisms Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University 2 X.800 : Security
More informationPass, No Record: An Android Password Manager
Pass, No Record: An Android Password Manager Alex Konradi, Samuel Yeom December 4, 2015 Abstract Pass, No Record is an Android password manager that allows users to securely retrieve passwords from a server
More informationLevel 3 Principles of ICT Systems and Data Security ( / )
Level 3 Principles of ICT Systems and Data Security (7540-040/7630-345) Systems and Principles Assignment guide for Candidates Assignment A www.cityandguilds.com September 2017 Version 2.0 About City &
More informationTransport Level Security
2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,
More informationGoogle Cloud Platform: Customer Responsibility Matrix. April 2017
Google Cloud Platform: Customer Responsibility Matrix April 2017 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect Cardholder
More informationIntroduction to Security
Introduction to Security Avinanta Tarigan Universitas Gunadarma 1 Avinanta Tarigan Introduction to Security Layout Problems General Security Cryptography & Protocol reviewed 2 Avinanta Tarigan Introduction
More information