CISSP Cheat Sheet Domain 3
CISSP Cheat Sheet Domain 3
CISSP Cheat Sheet Domain 3
Security Models and Concepts Security Models System Evaluation and Assurance Levels Hardware architecture
Security architecture frameworks - Provides access rights including discretionary access control Evaluates operating systems, application and systems. But not Simultaneous running of
Trusted Computer Multitasking
A 2D model considering interrogations such as what, where MATRIX to subjects for different objects. network part. Consider only about confidentiality. Operational two or more tasks.
System Evaluation
Zachman Framework and when with, etc. With various views such as planner, owner, (Access control model) - Read, write and execute access defined in ACL as matrix assurance requirements for TCSEC are: System Architecture, Simultaneous running of
Criteria Multi programming
designer etc. columns and rows as capability lists. System Integrity, Covert Channel analysis, Trusted Facility two or more programs
(TCSEC)
-A subject cannot read data at a higher security level. (A.K.A Management and Trusted recovery.
Sherwood Applied CPU consists or more
simple security rule) A collection of criteria based on the Bell-LaPadula model used Multi-processing
Business Security To facilitate communication between stakeholders than one processor
Architecture (SABSA) - Subject in a defined security level cannot write to a lower Orange Book to grade or rate the security offered by a computer system
Processing Types
security level unless it is a trusted subject. (A.K.A *-property product.
Information Technology One security level at a
BELL-LAPADULA (star property) rule Red Book Similar to the Orange Book but addresses network security. Single State
Infrastructure Library Set of best practices for IT service management time.
(Confidentiality model) - Access matrix specifies discretionary access control.
(ITIL) Green Book Password Management.
- subject with read and write access should write and read at Multiple security levels at
Evaluates operating systems, application and systems. But not Multi State
Security architecture documentation the same security level (A.K.A Strong star rule :) Trusted Computer a time.
network part. Consider only about confidentiality. Operational
Establish security controls published by Standardization (ISO) - Tranquility prevents security level of subjects change between System Evaluation Software built in to in the
ISO/IEC 27000 Series assurance requirements for TCSEC are: System Architecture, Firmware
and the Electrotechnical Commission (IEC) levels. Criteria ROM.
System Integrity, Covert Channel analysis, Trusted Facility
Control Objectives for - Cannot read data from a lower integrity level (A.K.A The (TCSEC) Base Input Output Set of instructions used to
Define goals and requirements for security controls and the Management and Trusted recovery.
Information and Related simple integrity axiom) System (BIOS) load OS by the computer.
mapping of IT security controls to business objectives. Consider all 3 CIA (integrity and availability as well as
Technology (CobiT) - Cannot write data to an object at a higher integrity level. ITSEC
confidentiality
Types of security models BIBA (A.K.A the * (star) integrity axiom) Mobile Security
(Integrity model) - Cannot invoke service at higher integrity. (A.K.A The TCSEC Explanation
Check each of the possible system state and ensure the proper Device Encryption • Remote wiping • Remote lock out
invocation property) D Minimal protection
State Machine Models security relationship between objects and subjects in each • Internal locks (voice, face recognition, pattern, pin,
- Consider preventing information flow from a low security level
state. DAC; Discretionary Protection (identification, authentication, password) • Application installation control • Asset
to a high security level. C1
Allocate each security subject a security label defining the resource protection) tracking (IMIE) • Mobile Device Management •
User: An active agent Removable storage (SD CARD, Micro SD etc.)
highest and lowest boundaries of the subject’s access to the C2 DAC; Controlled access protection
Multilevel Lattice Models • Transformation Procedure (TP): An abstract operation, such
system. Enforce controls to all objects by dividing them into
as read, writes, and modify, implemented through B1 MAC; Labeled security (process isolation, devices) IoT & Internet Security
levels known as lattices.
Programming B2 MAC; Structured protection
Network Segmentation (Isolation) • Logical Isolation
Arrange tables known as matrix which includes subjects and • Constrained Data Item (CDI): An item that can be manipulated B3 MAC; security domain (VLAN) • Physical isolation (Network segments) •
Matrix Based Models objects defining what actions subjects can take upon another only through a TP A MAC; verified protection Application firewalls • Firmware updates
object. • Unconstrained Data Item (UDI): An item that can be
CLARK WILSON Common criteria assurance levels
Consider the state of the system at a point in time for a
Noninterference Models subject, it consider preventing the actions that take place at
(Integrity model)
manipulated by a user via read and write operations
EAL0 Inadequate assurance
Physical Security
- Enforces separation of duty
one level which can alter the state of another level. - Requires auditing EAL1 Functionality tested Internal vs external threat and mitigation
Try to avoid the flow of information from one entity to another - Commercial use EAL2 Structurally tested Hurricanes, tornadoes, earthquakes
Information Flow Models Natural threats
which can violate the security policy. - Data item whose integrity need to be preserved should be EAL3 Methodically tested and checked floods, tsunami, fire, etc
Read and Write are allowed or restricted using a specific audited EAL4 Methodically designed, tested and reviewed Politically
Confinement - An integrity verification procedure (IVP) -scans data items and motivated Bombs, terrorist actions, etc
memory location, e.g. Sandboxing. EAL5 Semi-formally designed and tested
confirms their integrity against external threats EAL6 Semi-formally verified, designed and tested threats
Data in Use Scoping & tailoring
Information is restricted to flow in the directions that are EAL7 Formally verified, designed and tested Power/utility General infrastructure damage
Security Modes Information flow model permitted by the security policy. Thus flow of information from
ITSEC security evaluation criteria - required levels
supply threats (electricity telecom, water, gas, etc)
one security level to another. (Bell & Biba). Man Made
Use a single classification level. All objects can access all D + E0 Minimum Protection Sabotage, vandalism, fraud, theft
- Use a dynamic access control based on objects previous threats
Dedicated Security Mode subjects, but users they must sign an NDA and approved prior C1 + E1 Discretionary Protection (DAC)
actions. Liquids, heat, gases, viruses,
to access on need-to-know basis C2 + E2 Controlled Access Protection (Media cleansing for reusability) Major sources
- Subject can write to an object if, and only if, the subject bacteria, movement: (earthquakes),
All users get the same access level but all of them do not get Brewer and Nash B1 + E3 Labelled Security (Labelling of data) to check
System High Security cannot read another object in a different dataset. radiation, etc
the need-to-know clearance for all the information in the (A.K.A Chinese wall B2 + E4 Structured Domain (Addresses Covert channel)
Mode - Prevents conflict of interests among objects.
system. model) Natural threat control measures
Citation B3 + E5 Security Domain (Isolation)
In addition to system high security level all the users should https://ipspecialist.net/fundamental-concepts-of-security-mod Hurricanes, Move or check location, frequency of
A + E6 Verified Protection (B3 + Dev Cycle)
Compartmented Security Tornadoes, occurrence, and impact. Allocate
have need-to-know clearance and an NDA, and formal approval els-how-they-work/ Common criteria protection profile components
Mode Earthquakes budget.
for all access required information. Lipner Model Commercial mode (Confidentiality and Integrity,) -BLP + Biba Descriptive Elements • Rationale • Functional Requirements • Development assurance
Use two classification levels as System Evaluation and Raised flooring server rooms and
Multilevel Security Mode Graham-Denning Model Rule 1: Transfer Access, Rule 2: Grant Access, Rule 3: Delete requirements • Evaluation assurance requirements Floods
Assurance Levels offices to keep computer devices .
Objects, subjects and 8 Access, Rule 4: Read Object, Rule 5: Create Object, Rule 6: Certification & Accreditation
rules destroy Object, Rule 7: Create Subject, Rule 8: Destroy Electrical UPS, Onsite generators
Evaluation of security and technical/non-technical features to ensure
Virtualization Harrison-Ruzzo-Ullman Restricts operations able to perform on an object to a defined
Certification
if it meets specified requirements to achieve accreditation.
Fix temperature sensors inside
Guest operating systems run on virtual machines and hypervisors run on one or more Model set to preserve integrity. server rooms , Communications -
Declare that an IT system is approved to operate in predefined
host physical machines.
Accreditation Temperature Redundant internet links, mobile
conditions defined as a set of safety measures at given risk level.
Virtualization security Web Security NIACAP Accreditation Process
communication links as a back up to
Trojan infected VMs, misconfigured hypervisor cable internet.
threats Open-source application security project. OWASP creates Phase 1: Definition • Phase 2: Verification • Phase 3: Validation • Phase 4: Post Man-Made Threats
Software as A Service (SaaS), Infrastructure As A Service OWASP guidelines, testing procedures, and tools to use with web Accreditation
Cloud computing models Avoid areas where explosions can
(IaaS), Platform As A Service (PaaS) security.
Accreditation Types Explosions occur Eg. Mining, Military training
Account hijack, malware infections, data breach, loss of data Injection / SQL Injection, Broken Authentication, Sensitive Data
Cloud computing threats Type Accreditation Evaluates a system distributed in different locations. etc.
and integrity Exposure, XML External Entity, Broken Access Control, Security
OWASP Top 10 Misconfiguration, Cross-Site Scripting (XSS), Insecure System Accreditation Evaluates an application system. Minimum 2 hour fire rating for walls,
Fire
Memory Protection Deserialization, Using Components with Known Vulnerabilities, Site Accreditation Evaluates the system at a specific location. Fire alarms, Fire extinguishers.
Insufficient Logging and Monitoring Deploy perimeter security, double
Register Directly access inbuilt CPU memory to access CPU and ALU. Vandalism
Stack Memory Segment Used by processors for intercommunication.
Attackers try to exploit by allowing user input to modify the Symmetric vs. Asymmetric Encryption locks, security camera etc.
back-end/server of the web application or execute harmful Use measures to avoid physical
Monolithic Operating SQL Injections: Use a private key which is a secret key between two parties.
All of the code working in kernel mode/system. code which includes special characters inside SQL codes Fraud/Theft access to critical systems. Eg.
System Architecture Each party needs a unique and separate private key.
results in deleting database tables etc. Fingerprint scanning for doors.
Symmetric Algorithms Number of keys = x(x-1)/2 where x is the number of users. Eg.
Memory Addressing Identification of memory locations by the processor. SQL Injection prevention: Validate the inputs and parameters. DES, AES, IDEA, Skipjack, Blowfish, Twofish, RC4/5/6, and
Register Addressing CPU access registry to get information. Cross-Site Scripting Attacks carryout by inputting invalidated scripts inside CAST.
Site Selection
Immediate Addressing Part of an instruction during information supply to CPU. (XSS) webpages. Stream Based Symmetric Encryption done bitwise and use keystream generators Eg. Deter Criminal Activity - Delay
Physical
Direct Addressing Actual address of the memory location is used by CPU. Attackers use POST/GET requests of the http web pages with Cipher RC4. Intruders - Detect Intruders - Assess
security goals
Indirect Addressing Same as direct addressing but not the actual memory location. HTML forms to carry out malicious activity with user accounts. Situation - Respond to Intrusion
Encryption done by dividing the message into fixed-length
Block Symmetric Cipher Visibility - External Entities -
Base + Offset Addressing Value stored in registry is used as based value by the CPU. Cross-Request Forgery Prevention can be done by authorization user accounts to carry blocks Eg. IDEA, Blowfish and, RC5/6. Site selection
the actions. Eg. using a Random string in the form, and store it Accessibility - Construction - Internal
*Citation CISSP SUMMARY BY Maarten De Frankrijker Use public and private key where both parties know the public issues
on the server. Compartments
and the private key known by the owner .Public key encrypts
Cryptographic Terminology Cryptography Asymmetric Algorithms
the message, and private key decrypts the message. 2x is total • Middle of the building (Middle
number of keys where x is number of users. Eg. Diffie-Hellman, floor)
Encryption Convert data from plaintext to cipher text. • Single access door or entry point
• P - Privacy (Confidentiality) RSA, El Gamal, ECC, Knapsack, DSA, and Zero Knowledge
Decryption Convert from ciphertext to plaintext. • A – Authentication Proof. Server room • Fire detection and suppression
Key A value used in encryption conversion process. Cryptography Goals • I - Integrity security systems
Symmetric Algorithms Asymmetric Algorithms Hybrid Cryptography
(P.A.I.N.) • N - Non-Repudiation. • Raised flooring
Synchronous Encryption or decryption happens simultaneously. Use of both Symmetric and
Use of private key which is a Use of public and private key • Redundant power supplies
Encryption or decryption requests done subsequently or after a • Key space = 2n. (n is number of key bits) Asymmetric encryption. Eg.
Asynchronous secret key pairs • Solid /Unbreakable doors
waiting period. • Confidentiality SSL/TLS
8 feet and taller with razor wire.
Symmetric Single private key use for encryption and decryption. • Integrity Provide integrity. One way Fences and
Provides confidentiality but Provides confidentiality, Remote controlled underground
Key pair use for encrypting and decrypting. (One private and • Proof of origin function divides a message Gates
Asymmetrical Use of Cryptography not authentication or integrity, authentication, and concealed gates.
one public key) • Non-repudiation or a data file into a smaller
nonrepudiation nonrepudiation Perimeter Infrared Sensors - Electromechanical
• Protect data at rest fixed length chunks.
Use to verify authentication and message integrity of the Intrusion Systems - Acoustical Systems -
Digital Signature sender. The message use as an input to a hash functions for • Protect data in transit One key encrypts and One key encrypts and other Encrypted with the private
Detection CCTV - Smart cards -
validating user authentication. decrypts key decrypts key of the sender.
Codes vs. Ciphers Systems Fingerprint/retina scanning
A one-way function, convert message to a hash value used to Message Authentication
Continuous Lighting - Standby
Hash verify message integrity by comparing sender and receiver Substitution cipher, Transposition cipher, Caesar Cipher, Larger key size. Bulk Code (MAC) used to encrypt Lighting
Classical Ciphers Small blocks and key sizes Lighting - Movable Lighting -
values. Concealment. encryptions the hash function with a Systems
Emergency Lighting
Modern Ciphers Block cipher, Stream cipher, Steganography, Combination. symmetric key.
Digital Certificate An electronic document that authenticate certification owner. Offsite media storage - redundant
Cipher converts Plaintext to another written text to hide original Allows for more trade-offs Media storage
Plaintext Simple text message. Concealment Cipher Faster and less complex. Not backups and storage
text. Slower. More scalable. between speed, complexity,
Normal text converted to special format where it is unreadable scalable Faraday Cage to avoid
Ciphertext and scalability.
without reconversion using keys. Uses a key to substitute letters or blocks of letters with electromagnetic emissions - White
Substitution Ciphers different letters or block of letters. I.e. One-time pad, Hash Functions and Digital
The set of components used for encryption. Includes Electricity noise results in signal interference -
Cryptosystem stenography. Certificates
algorithm, key and key management functions. Out-of-band key exchange In-band key exchange Control Zone: Faraday cage + White
Hashing use message
Reorder or scramble the letters of the original message where noise
Breaking decrypting ciphertext without knowledge of digests.
Cryptanalysis Transposition Ciphers the key used to decide the positions to which the letters are Use anti-static spray, mats and
cryptosystem used.
moved.
Cryptographic Algorithm Procedure of enciphers plaintext and deciphers cipher text. Key Escrow and Recovery Static wristbands when handling electrical
Electricity equipment - Monitor and maintain
Cryptography
The science of hiding the communication messages from Common Algorithms Secret key is divided into two parts and handover to a third party.
humidity levels.
unauthorized recipients.
Cryptology Cryptography + Cryptanalysis
Symmetric/ PKI HVAC control
Heat - High Humidity - Low Humidity
Algorithm Asymmetric Key length Based on Structure levels
Decipher Convert the message as readable. confidentiality, message integrity, authentication, and nonrepudiation
64 bit cipher block size and 56 bit key • 100F can damage storage media
Encipher Convert the message as unreadable or meaningless. Receiver’s Public Key-Encrypt message
128-bit with 8 bits parity. such as tape drives.
One-time pad (OTP) Encipher all of the characters with separate unique keys. DES Symmetric 64 bit Lucifer • 16 rounds of transposition and Sender Private Key-Decrypt message • 175 F can cause computer and
Different encryption keys generate the same plaintext algorithm substitution Sender Private Key-Digitally sign electrical equipment damage.
Key Clustering • 350 F can result in fires due to
message. (ECB, CBC, CFB, OFB, CTR) Sender’s Public Key - Verify Signature
Key Space Every possible key value for a specific algorithm. 3 * 56 bit keys paper based products.
3 DES or
A mathematical function used in encryption and decryption of TDES Symmetric 56 bit*3 DES
• Slower than DES but higher security PKI Structure HVAC
• HVAC: UPS, and surge protectors
Algorithm (DES EE3, DES EDE3 ,DES EEE2, DES to prevent electric surcharge.
data; A.K.A. cipher. (Triple DES) Certificates Provides authorization between the parties verified by CA. Guidelines
EDE2) • Noise: Electromagnetic
Cryptology The science of encryption. Authority performing verification of identities and provides Interference (EMI), Radio Frequency
Use 3 different bit size keys Certificate Authority
Rearranging the plaintext to hide the original message; A.K.A. certificates. Interference
Transposition 128,192 or Rijndael Examples Bitlocker, Microsoft EFS
Permutation. AES Symmetric Registration Authority Help CA with verification. Temperatures, Humidity
256 bit algorithm Fast, secure 10,12, and 14
Exchanging or repeating characters (1 byte) in a message with Certification Path • Computer Rooms should have 15°
Substitution transformation rounds Certificate validity from top level.
another message. Validation C - 23°C temperature and 40 - 60%
64 bit cipher blocks (Humidity)
Key of a random set of non-repeating characters. A.K.A. One Certification Revocation
Vernam each block divide to 16 smaller Valid certificates list • Static Voltage
time pad. List
blocks • 40v can damage Circuits, 1000v
Confusion Changing a key value during each circle of the encryption. IDEA symmetric 128 bit Online Certificate status
Each block undergo 8 rounds of Used to check certificate validity online Flickering monitors, 1500v can
Diffusion Changing the location of the plaintext inside the cipher text. transformation protocol (OCSP) Voltage levels
cause loss of stored data, 2000v can
When any change in the key or plaintext significantly change Example PGP Cross-Certification Create a trust relationship between two CA’s control
Avalanche Effect cause System shut down or reboot,
the ciphertext. Skipjack Symmetric 80 bit 64 bit Block cipher 17000 v can cause complete
Split Knowledge Segregation of Duties and Dual Control.
Blowfish Symmetric 32-448bit 64 bit Block cipher
Digital Signatures electronic circuit damage.
Work factor The time and resources needed to break the encryption. • Sender’s private key used to encrypt hash value Fire proof Safety lockers - Access
128, 192, Equipment
Arbitrary number to provide randomness to cryptographic TwoFish Symmetric 128 bit blocks • Provides authentication, nonrepudiation, and integrity control for locking mechanisms
Nonce 256 safety
function. • Public key cryptography used to generate digital signatures such as keys and passwords.
Example SSL and WEP • Users register public keys with a certification authority (CA).
Dividing plaintext into blocks and assign similar encryption Maintain raised floor and proper
Block Cipher RC4 Symmetric 40-2048 • Stream cipher • Digital signature is generated by the user’s public key and validity period according to
algorithm and key. Water leakage drainage systems. Use of barriers
• 256 Rounds of transformation the certificate issuer and digital signature algorithm identifier.
Encrypt bit wise - one bit at a time with corresponding digit of such as sand bags
Stream Cipher 255 rounds transformation
the keystream. RC5 Symmetric 2048 Fire retardant materials - Fire
• 32, 64 & 128 bit block sizes Digital Certificate - Steps suppression - Hot Aisle/Cold Aisle
Dumpster Diving Unauthorized access a trash to find confidential information. Fire safety
CAST 128 Enrollment - Verification - Revocation Containment - Fire triangle (Oxygen -
Phishing Sending spoofed messages as originate from a trusted source. (40 to 128
64 bit block 12 transformation rounds Heat - Fuel) - Water, CO2, Halon
Social Engineering Mislead a person to provide confidential information. bit)
A moderate level hacker that uses readily found code from the
CAST Symmetric
CAST 256
128 bit block 48 rounds Cryptography Applications & Secure Protocols Fire extinguishers
Script kiddie transformation
internet. (128 to 256 Class Type Suppression
• BitLocker: Windows full volume encryption feature (Vista
bit)
Hardware -BitLocker and onward)
Requirements for Hashing Message Digest No confidentiality, authentication, or truecrypt • truecrypt: freeware utility for on-the-fly encryption A
Common Water , SODA
Diffie - combustible acid
Variable length input - easy to compute - one way function - digital signatures - fixed Asymmetric non-repudiation (discontinued)
Hellman
length output • Secure key transfer
CO2, HALON,
Uses 1024 keys A hardware chip installed on a motherboard used to manage B Liquid
SODA acid
MD Hash Algorithms • Public key and one-way function for Hardware-Trusted Symmetric and asymmetric keys, hashes, and digital
encryption and digital signature Platform Module (TPM) certificates. TPM protect passwords, encrypt drives, and
MD2 128-bit hash, 18 rounds of computations
verification manage digital permissions. C Electrical CO2, HALON
MD4 128-bit hash. 3 rounds of computations, 512 bits block sizes
RSA Asymmetric 4096 bit • Private key and one-way function for
128-bit hash. 4 rounds of computations, 512 bits block sizes, decryption and digital signature Encrypts entire packet components except Data Link Control
MD5 Link encryption D Metal Dry Powder
Merkle–Damgård construction generation information.
MD6 Variable, 0<d≤512 bits, Merkle tree structure • Used for encryption, key exchange End to end encryption Packet routing, headers, and addresses not encrypted.
and digital signatures Water based
Phased out, collision found with a complexity of 2^33.6 (approx
SHA-0 Privacy (Encrypt), Authentication (Digital signature), Integrity, suppression Wet pipes - Dry Pipe - Deluge
1 hr on standard PC) Retired by NIST Diffie - Used for encryption, key exchange
(Hash) and Non-repudiation (Digital signature) Email (Secure systems
160-bit MD, 80 rounds of computations, 512 bits block sizes, Elgamal Asymmetric Any key size Hellman and digital signatures
SHA-1 Merkle–Damgård construction (not considered safe against algorithm • Slower Email (PGP) MIME (S/MIME): Encryption for confidentiality, Hashing for • HI VIS clothes
well funded attackers) integrity, Public key certificates for authentication, and Personnel • Safety garments /Boots
Elliptic Used for encryption, key exchange
Message Digests for nonrepudiation. safety • Design and Deploy an Occupant
224, 256, 384, or 512 bits, 64 or 80 rounds of computations, Curve and digital signatures
Asymmetric Any key size Emergency Plan (OEP)
SHA-2 512 or 1024 bits block sizes, Merkle–Damgård construction Cryptosyste • Speed and efficiency and better Web application SSL/TLS. SSL encryption, authentication and integrity.
with Davies–Meyer compression function m (ECC) security
Cross-Certification Create a trust relationship between two CA’s • Programmable multiple control
Cryptographic Attacks (Privacy, authentication, Integrity, Non Repudiation).
locks
• Electronic Access Control - Digital
Use eavesdropping or packet sniffing to find or gain access to IPSEC Tunnel mode encrypt whole packet (Secure). Transport mode
Passive Attacks Algebraic Attack Uses known words to find out the keys scanning, Sensors
information. encrypt payload (Faster) Internal
• Door entry cards and badges for
Attacker tries different methods such as message or file modification Frequency Attacker assumes substitution and transposition ciphers use repeated Security
Active Attacks staff
Authentication Header (AH): Authentication, Integrity, Non
attempting to break encryption keys, algorithm. Analysis patterns in ciphertext. • Motion Detectors- Infrared, Heat
repudiation. Encapsulated Security Payload (ESP): Privacy,
Ciphertext-Only An attacker uses multiple encrypted texts to find out the key used for Assumes figuring out two messages with the same hash value is IPSEC components Based, Wave Pattern, Photoelectric,
Birthday Attack Authentication, and Integrity. Security Association (SA):
Attack encryption. easier than message with its own hash value Passive audio motion
Distinct Identifier of a secure connection.
Known Plaintext An attacker uses plain text and cipher text to find out the key used for
Dictionary Attacks Uses all the words in the dictionary to find out correct key
Attack encryption using reverse engineering or brute force encryption. Internet Security Association Key Management Protocol Create, distribute, transmission,
ISAKMP
Chosen Plaintext An attacker sends a message to another user expecting the user will Authentication, use to create and manage SA, key generation. storage - Automatic integration to
Replay Attacks Attacker sends the same data repeatedly to trick the receiver. Key application for key distribution,
Attack forward that message as cipher text.
Key exchange used by IPsec .Consists of OAKLEY and management storage, and handling. Backup keys
Social Engineering An attacker attempts to trick users into giving their attacker try to
Analytic Attack An attacker uses known weaknesses of the algorithm Internet Key Exchange Internet Security Association and Key Management Protocol should be stored secure by
Attack impersonate another user to obtain the cryptographic key used.
(IKE) (ISAKMP). IKE use Pre-Shared keys, certificates, and public key designated person only.
Brute Force Try all possible patterns and combinations to find correct key. Statistical Attack An attacker uses known statistical weaknesses of the algorithm authentication.
Differential Calculate the execution times and power required by the cryptographic Pilot testing for all the backups and
Factoring Attack By using the solutions of factoring large numbers in RSA
Cryptanalysis device. A.K.A. Side-Channel attacks Wired Equivalent Privacy (WEP): 64 & 128 bit encryption. Wi-Fi safety systems to check the
Testing
Linear Reverse Wireless encryption Protected Access (WPA): Uses TKIP. More secure than WEP working condition and to find any
Uses linear approximation Use a cryptographic device to decrypt the key WPA2: Uses AES. More secure than WEP and WPA. faults.
Cryptanalysis Engineering