SANS SEC 301 FINAL PAPER UPDATED QUESTIONS AND
ANSWERS GRADED A+
✔✔(1) An umbrella term for security in the user's machine (client machine).
(2) Diagnosing the status of a user's computer or mobile device when it connects to the
network. Also called, "network access protection" (NAP), the security software is
deployed in both the client and server side. It determines if the operating system, Web
browser and other applications are up-to-date. It also checks the status of the antivirus,
firewall and other security components. If a device is deemed non-compliant, it is either
updated, or access to the network is declined. See network access control, lock down
and vSentry. - ✔✔endpoint security
✔✔An endpoint security architecture from Bromium (www.bromium.com), introduced in
2012. Residing in the user's machine, and based on the Xen virtual machine software,
vSentry creates a micro virtual machine (micro-VM) for each user task such as opening
an e-mail attachment or Web page.
Throughout the day, hundreds of micro-VMs may be created in real time, and like
traditional VMs, each micro-VM is an isolated entity. Suspicious activity is blocked within
the micro-VM, and when the task is completed, it is dissolved. If a virus does manage to
activate, it cannot cross over and infect other applications or processes in the computer.
In addition, Bromium's Live Attack Visualization & Analysis (LAVA) reports malicious
activity so that the organization's security can be tightened. See endpoint security and
virtual machine. - ✔✔vSentry
✔✔(1) The name given to various programming language interpreters. See Java Virtual
Machine and Python.
(2) One instance of an operating system along with one or more applications running in
an isolated partition within the computer. It enables different operating systems to run in
the same computer at the same time.
Virtual machines (VMs) are also widely used to run multiple instances of the same
operating system, each running the same set or a different set of applications. The
separate VM instances prevent applications from interfering with each other. If one app
crashes, it does not affect the programs in the other VMs. This approach differs from a
dual-boot or multiboot environment, in which the user has to choose only one OS at
startup (see dual-boot). All virtual machines in the same computer run simultaneously.
VMs Are Like Machines Within the Machine
Each virtual machine functions as if it owned the entire - ✔✔virtual machine
✔✔A device used in network access control. It stores the usernames and passwords
that identify the clients logging in, or it may hold the algorithms for token access (see
,authentication token). For access to specific network resources, the server may itself
store user permissions and company policies or provide access to directories that
contain the information.
RADIUS is the most widely used protocol for authentication servers. TACACS+ is a
Cisco-developed product that has also been popular. The authentication server may be
a stand-alone system or software that resides in an Ethernet switch, wireless access
point (AP) or network access server (NAS). See AAA server, RADIUS and 802.1x. -
✔✔authentication server
✔✔An IEEE standard for network access control. Used predominantly in Wi-Fi wireless
networks, 802.1X keeps the network port disconnected until authentication is
completed. Depending on the results, the port is either made available to the user, or
the user is denied access to the network.
Supplicant - Authenticator - Server
The client desiring access to a network is called the "supplicant." The device that
provides the network port to the client is the "authenticator." In a wireless network, the
authenticator is in the access point (AP). In a dial-up network, the authenticator is in the
network access server (NAS). The device that contains usernames and passwords and
authorizes the user is the "authentication server." In small networks, the authentication
server can be located in the same unit as the authenticator.
EAP Over LAN (EAPOL)
802.1X uses the Extensible Authentication Protocol (EAP) for passing authenticatio -
✔✔802.1X
✔✔The combination of authentication server and authenticator, which may be separate
devices or both reside in the same unit such as an access point or network access
server. The authentication server contains a database of user names, passwords and
policies, and the authenticator physically allows or blocks access. See 802.1X. -
✔✔authentication system
✔✔In an authentication system, supplicant refers to the client machine that wants to
gain access to the network. See 802.1x. - ✔✔supplicant
✔✔The device in an authentication system that physically allows or blocks access to the
network. It is typically an access point in a wireless system or a network access server
(NAS) in a dial-up system. See 802.1X and authentication. - ✔✔authenticator
✔✔In cryptography, it is the creation, distribution and maintenance of a secret key. It
determines how secret keys are generated and made available to both parties; for
example, public key systems are widely used for such an exchange. If session keys are
used, key management is responsible for generating them and determining when they
, should be renewed. See QKD, elliptic curve cryptography, Diffie-Hellman, cryptography,
session key and security protocol. - ✔✔key management
✔✔A temporary key used to encrypt data for only the current session. The use of
session keys keeps the secret keys even more secret because they are not used
directly to encrypt the data. The secret keys are used to derive the session keys using
various methods that combine random numbers from either the client or server or both.
See key management and security protocol. - ✔✔session key
✔✔A formula used to turn ordinary data, or "plaintext," into a secret code known as
"ciphertext." Each algorithm uses a string of bits known as a "key" to perform the
calculations. The larger the key (the more bits), the greater the number of potential
patterns can be created, thus making it harder to break the code and descramble the
contents.
Most encryption algorithms use the block cipher method, which codes fixed blocks of
input that are typically from 64 to 128 bits in length. Some use the stream method,
which works with the continuous stream of input.
The dialog box below from the ScramDisk encryption program shows the various
algorithms offered to encrypt data on your hard disk. The free, open source, legacy
version of ScramDisk is available at www.samsimpson.com. The accompanying
descriptions and performance comparisons from the ScramDisk documentation manual
are provided because they provide a brief and clea - ✔✔encryption algorithm
✔✔ScramDisk encrypts data on the hard disk, and this dialog box allows for the
selection of the encryption algorithm. "Mouse entropy" is the amount of randomness
introduced into the creation of the key. The more the mouse is moved around in a
random pattern, the more randomness. - ✔✔ScramDisk Encryption
✔✔This is far better than DES; it uses three applications of the DES cipher in EDE
(Encipher-Decipher-Encipher) mode with totally independent keys. Outer-CBC is used.
This algorithm is thought to be very secure (major banks use it to protect valuable
transactions), but it is also very, very slow. - ✔✔3DES
✔✔Blowfish is a high security encryption alogorithm designed by Bruce Schneier, the
author of Applied Cryptography and owner of the company Counterpane. It is very fast,
is considered secure and is resistant to linear and differential analysis. This is my
personal cipher of choice. - ✔✔Blowfish
✔✔Data Encryption Standard was designed in the early 1970s by IBM with input from
NSA. It is OK, but a single key can be broken in three days by the Electronic Frontier
Foundation, a poorly funded organization. This algorithm was provided for
completeness. - ✔✔DES
ANSWERS GRADED A+
✔✔(1) An umbrella term for security in the user's machine (client machine).
(2) Diagnosing the status of a user's computer or mobile device when it connects to the
network. Also called, "network access protection" (NAP), the security software is
deployed in both the client and server side. It determines if the operating system, Web
browser and other applications are up-to-date. It also checks the status of the antivirus,
firewall and other security components. If a device is deemed non-compliant, it is either
updated, or access to the network is declined. See network access control, lock down
and vSentry. - ✔✔endpoint security
✔✔An endpoint security architecture from Bromium (www.bromium.com), introduced in
2012. Residing in the user's machine, and based on the Xen virtual machine software,
vSentry creates a micro virtual machine (micro-VM) for each user task such as opening
an e-mail attachment or Web page.
Throughout the day, hundreds of micro-VMs may be created in real time, and like
traditional VMs, each micro-VM is an isolated entity. Suspicious activity is blocked within
the micro-VM, and when the task is completed, it is dissolved. If a virus does manage to
activate, it cannot cross over and infect other applications or processes in the computer.
In addition, Bromium's Live Attack Visualization & Analysis (LAVA) reports malicious
activity so that the organization's security can be tightened. See endpoint security and
virtual machine. - ✔✔vSentry
✔✔(1) The name given to various programming language interpreters. See Java Virtual
Machine and Python.
(2) One instance of an operating system along with one or more applications running in
an isolated partition within the computer. It enables different operating systems to run in
the same computer at the same time.
Virtual machines (VMs) are also widely used to run multiple instances of the same
operating system, each running the same set or a different set of applications. The
separate VM instances prevent applications from interfering with each other. If one app
crashes, it does not affect the programs in the other VMs. This approach differs from a
dual-boot or multiboot environment, in which the user has to choose only one OS at
startup (see dual-boot). All virtual machines in the same computer run simultaneously.
VMs Are Like Machines Within the Machine
Each virtual machine functions as if it owned the entire - ✔✔virtual machine
✔✔A device used in network access control. It stores the usernames and passwords
that identify the clients logging in, or it may hold the algorithms for token access (see
,authentication token). For access to specific network resources, the server may itself
store user permissions and company policies or provide access to directories that
contain the information.
RADIUS is the most widely used protocol for authentication servers. TACACS+ is a
Cisco-developed product that has also been popular. The authentication server may be
a stand-alone system or software that resides in an Ethernet switch, wireless access
point (AP) or network access server (NAS). See AAA server, RADIUS and 802.1x. -
✔✔authentication server
✔✔An IEEE standard for network access control. Used predominantly in Wi-Fi wireless
networks, 802.1X keeps the network port disconnected until authentication is
completed. Depending on the results, the port is either made available to the user, or
the user is denied access to the network.
Supplicant - Authenticator - Server
The client desiring access to a network is called the "supplicant." The device that
provides the network port to the client is the "authenticator." In a wireless network, the
authenticator is in the access point (AP). In a dial-up network, the authenticator is in the
network access server (NAS). The device that contains usernames and passwords and
authorizes the user is the "authentication server." In small networks, the authentication
server can be located in the same unit as the authenticator.
EAP Over LAN (EAPOL)
802.1X uses the Extensible Authentication Protocol (EAP) for passing authenticatio -
✔✔802.1X
✔✔The combination of authentication server and authenticator, which may be separate
devices or both reside in the same unit such as an access point or network access
server. The authentication server contains a database of user names, passwords and
policies, and the authenticator physically allows or blocks access. See 802.1X. -
✔✔authentication system
✔✔In an authentication system, supplicant refers to the client machine that wants to
gain access to the network. See 802.1x. - ✔✔supplicant
✔✔The device in an authentication system that physically allows or blocks access to the
network. It is typically an access point in a wireless system or a network access server
(NAS) in a dial-up system. See 802.1X and authentication. - ✔✔authenticator
✔✔In cryptography, it is the creation, distribution and maintenance of a secret key. It
determines how secret keys are generated and made available to both parties; for
example, public key systems are widely used for such an exchange. If session keys are
used, key management is responsible for generating them and determining when they
, should be renewed. See QKD, elliptic curve cryptography, Diffie-Hellman, cryptography,
session key and security protocol. - ✔✔key management
✔✔A temporary key used to encrypt data for only the current session. The use of
session keys keeps the secret keys even more secret because they are not used
directly to encrypt the data. The secret keys are used to derive the session keys using
various methods that combine random numbers from either the client or server or both.
See key management and security protocol. - ✔✔session key
✔✔A formula used to turn ordinary data, or "plaintext," into a secret code known as
"ciphertext." Each algorithm uses a string of bits known as a "key" to perform the
calculations. The larger the key (the more bits), the greater the number of potential
patterns can be created, thus making it harder to break the code and descramble the
contents.
Most encryption algorithms use the block cipher method, which codes fixed blocks of
input that are typically from 64 to 128 bits in length. Some use the stream method,
which works with the continuous stream of input.
The dialog box below from the ScramDisk encryption program shows the various
algorithms offered to encrypt data on your hard disk. The free, open source, legacy
version of ScramDisk is available at www.samsimpson.com. The accompanying
descriptions and performance comparisons from the ScramDisk documentation manual
are provided because they provide a brief and clea - ✔✔encryption algorithm
✔✔ScramDisk encrypts data on the hard disk, and this dialog box allows for the
selection of the encryption algorithm. "Mouse entropy" is the amount of randomness
introduced into the creation of the key. The more the mouse is moved around in a
random pattern, the more randomness. - ✔✔ScramDisk Encryption
✔✔This is far better than DES; it uses three applications of the DES cipher in EDE
(Encipher-Decipher-Encipher) mode with totally independent keys. Outer-CBC is used.
This algorithm is thought to be very secure (major banks use it to protect valuable
transactions), but it is also very, very slow. - ✔✔3DES
✔✔Blowfish is a high security encryption alogorithm designed by Bruce Schneier, the
author of Applied Cryptography and owner of the company Counterpane. It is very fast,
is considered secure and is resistant to linear and differential analysis. This is my
personal cipher of choice. - ✔✔Blowfish
✔✔Data Encryption Standard was designed in the early 1970s by IBM with input from
NSA. It is OK, but a single key can be broken in three days by the Electronic Frontier
Foundation, a poorly funded organization. This algorithm was provided for
completeness. - ✔✔DES
