| A | B |
|---|
| PKI | Public Key Infrastructure |
| PKI Based on | public/private key sryptosystems, digital signatures, digital certificates and certificate authorities (CAs) |
| Digital Signatures | generated by asymetric algorithms whicfh can be used to time stamp documents |
| Digital Certificates and Certificate Authorities | used to certify that a public key belongs to a particular person..or thrusting a thrid party key? |
| Hybrid Crytography Systems | Diffie-Hellman Key Exchange method |
| Diffie-Hellman Key Exchange | method to allow a secure method of agreeing on a private key without the expense of sending the key through another method |
| Protocols for Secure Communications | SSL (Secure Socket Layer) protocol, (S-HTTP) Secure Hyper Text Transfer Protocol, Securing E-Mail, Securing TCP/IP with IPSec, Scuring TCP/IP with PGP |
| 6 Types of Attacks on Cryptosystems | Cipher Attacks, Known Plain Text Attack, Man in the Middle Attack, Correlation Attack, Dictionary Attack, Timing Attack |
| Cipher Attacks | they search for enough information when any code can be broken |
| Known-Plaintext Attack | obtain a copy of both plain text and ciphertex versions and they use them to reverse engineer the encryption algorithm |
| Man in the Middle Attack | inserts attacking system between comminicating systems and pretend to be the send and receiver |
| Correlation Attack | advanced statistical analysis combined with brute force methods to deertermine the unkown key |
| Dictionary Attack | encrypts a large amount of plaintext and compares it to the4 siphertext that was created with the same encryption algorithm |
| Timing Attack | another statistical analysis attack type that also incorporates typing patterns |
| Key in defending from Attacks | Management of People |
| Simplified Threat Categories | Unintentional and Intentional |
| Unintentional Threat Category | Act of Human Error, Forces of Nature, Deviation in QoS, Tech Hardware failures, Tech Software failures, Tech obsolescence |
| Intentional Threat Category | Compromises to Intellectual Poperty, Deliberate acts of: espionage or trespass.....information extortion....sabotage or vandelism.....theft.....deliberate software attacks....deviations in QoS |
| Physical Security - Defintion | an important as logical security and requires a layered, policy driven approach |
| Three Layers of Physical Security | General Management, IT Management and Professionals, and Information Security Management and Professionals |
| Secure Facility - defintion | a physical location engineered with controls designed to minimize risk of attacks from physical threats |
| Most serious threat to safety of people who work in an oganization is | Fire |
| 2 Categories of Fire Detection | Manual (human) ande Automatic |
| 3 Basic Types of Fire Detection Systems | Thermal, Smoke, and Flame |
| Types of Portable Fire Suppression | Class A, Class B, Class C, Class D |
| Class A Fire Extinguisher | Ordinary Combustibles |
| Class B Fire Extinguisher | Flammable Liquids |
| Class C Fire Extinguisher | Electrical Equipment |
| Class D Fire Extinguisher | Combustible Metals |
| Todays Extinguishers | Can be used with more than one type of fire |
