(SY0-501) Security+ Notes

(SY0-501) Security+ Notes

Mark December 30, 2020

Below are some notes I made to help prepare me for the SY0-501 exam which I passed on the 30th December 2020 …

RC4 – is a streaming cipher algorithm that encodes plain text bit by bit.

Bycrypt Algorithm – is based on the blowfish cipher and is a key stretching tech that helps strenghten the password by using a password hashing function and then salting the password.

CASB (Cloud Access Secuirty Broker) – can be deployed in three different ways –

  • Forward proxy model, the user needs to install self-signed certs to access the cloud resources via the proxy.
  • Reverse proxy model, the CASB first authentucates the user and then passes it to the identity and access management to service for further authentication.
  • API model, CASB is directly connected to the api of the cloud service to monitor the usage of the cloud resources.

Examples of hashing algorithms – MD5, SHA1 and SHA2

MD5 (Message Direct Algorithm 5) – is a complex hashing algorithm that produces a 128bit hash. Although it is more complex to MD2, it does not have a strong collision resistance, making this algorithm an unpopular recommendation.

Obfuscation – Obscuring the intended meaning or intentionally making something difficult to understand.

Cryptographic Concepts –

  • Entropy – Randomness collected by system, example mouse movement.
  • Confusion – Each part of the character of the ciphertext should depend on several ports of the key
  • Diffusion – Dissipating the statistical structure of the plain text over the bulk of the ciphertext.

Key Stretching –

  • Bcrypt – Based on Blowfish algorithm, a key dervation function used for passwords, adds additional “salt function” to guard against rainbow table attacks

Perfect Forward Secrecy

  • Session keys that are derived from a set of long-term keys, yet discreet in nature.
  • If one of the long term keys is compromised it doesn’t compromise the session key or the data it protects
    • Keys used to protect data are not used to derive any additional keys.
    • If the key used to protect data was derived from some other keying material, the material must not be used to derive and additional keys.

Security Through Obscurity – attempts to create security by hiding the implementation.

Common Use Cases for cryptosystems …

  • Low power Devices – Elliptical Curve Cryptography (ECC) uses low power consumption, making it well suited for providing security for mobile devices
  • Low Latency – Symmetric key cryptography provides quick (Low latency) and uses the same key for encryption and decryption (some times called “secret keys”)
  • High Resilience – Cryptosystems that are made public, allowing the community at large to test, vet and discover vulnerabilities.

What does it give us?

Supporting Confidentiality – Encryption in and of itself ensures confidentiality.

Supporting integrity – Hashing ensures integrity, especially with weaker algorithms like symmetric key cryptograhy. Hybrid cryptography uses symmetric and hashing to provide speed, confidentiality and integrity.

Supporting Obfuscation – Obfuscation, or hiding how something works, is the basis of cryptography. Creating ciphertext that is extremely hard to reverse engineer or crack.

Supporting Authentication – Hashing is used to authentication a piece of data, ensuring nothing has changed during transmission. Two hashes can be compared to determine if the files or data is the same.

Supporting Non-Repudiation – Public key infrastructure (PKI) provides for non-repudiation through the use of public/private keys. Assuming a user keeps his private key secure, data encrypted via that private key could only originate from that user.

Resource vs. Security Constraints – Application developers are challenged with balancing security and available resources (time, money and talent) to ensure applications are as secure as possible without undue burden to the organization.

PGP – Pretty Good Privacy is concept of the “web of trust” (WoT).

  • Combines several algorithms – hashing, data compression, symmetric-key cryptography, Public-key cryptography, Public-key cryptograhy.

GPG – GNU Privacy Guard – Free to implement of the OpenPGP standard, Command tool,

  • Compatible with PGP
  • Supports RSA, DES, 3DES, Blowfish, TwoFish and many others.
  • Supports many graphical front ends

Hashing Algorithms

MD5 – 128-bit

SHA – SHA1 160bit, SHA256 and SHA512

RIPEMD – RACE integrity Primitives Evaluation Message Digest, 128, 160, 256 and 320-bit versons.

HMAC – Hash-based message authentication code, uses hashing function plus secret key, Hashing function that verifies integrity and authentication.

Cipher Modes

Counter Mode (CTR) – Random 64-bit block as first initialization Vector (IV), Increments a specified number for each subsequent block of plaintext.

Galois/Counter Mode (GCM) – Used with Symmetric key block ciphers. Very efficient, low latency that adds data integrity.