Professional Documents
Culture Documents
1/38
looks like a speed gun. They tell you that you have been speeding and that it
will result in penalty points on your license if it goes to court, or you can pay
an onthe-spot fine of $40. You pay the fine and they give you a receipt. This
type of attack is effective as the victim was not expecting this to happen, and
most people in that situation panic and pay the fine.
Hoaxes
When it comes to security, make sure you educate your users about e-mail
hoaxes. E-mail hoaxes are e-mail messages that users receive giving a false
story and asking the user to take some type of action. For example, the hoax
could say a certain file is causing a serious flaw in the operating system.
The e-mail could tell the reader they should delete the file, but in reality
there is nothing wrong with the file, and it may be needed for information
on important features of the operating system.
If you receive an e-mail that makes certain claims you are unsure of,
check out the Hoax Slayer web site at www.hoax-slayer.net/, and see if the
e-mail is reported as a hoax
A. Command injection
B. Password attack
For me A
Jamming/interference As mentioned earlier, you could experience
interference on the wireless network from components such as
cordless phones. This is a security issue because interference can
make the wireless network go down, a violation of availability
(remember the CIA discussions in Chapter 2).
2/38
Another term you should know that is associated with war driving is war
chalking. In war chalking, when someone discovers a wireless network,
they chalk a symbol outside the building notifying the rest of the wardriving
community that a wireless network is inside
Telnet: A protocol that was first used in 1973 to run remote commands on
devices, such as routers. Unfortunately the session is in clear text and therefore
not secure. If you want to know whether port 25 is opening on a mail server
called Mail1, you could run telnet Mail1 25. It is no longer used as it is
3/38
unsecure
but may be tested.
Secure Shell (SSH): Invented in 1991 to replace Telnet so that it could run
commands securely; it is commonly used when you want to perform remote
access onto routers.
Remote Desktop Protocol (RDP): A Microsoft product that allows you to run a
secure remote access session on a Windows desktop or server. When you set up
a
remote access using RDP, the service obtaining the session needs to allow
access
for incoming remote sessions and then place the users into the remote desktop
users group. If these two actions are not taken, it will not work. As most routers
are CISCO products, RDP cannot be used to remote into a router.
Remote Access Server (RAS): A legacy server that allows remote access via a
modem and telephone line and therefore is very rarely used.
Virtual Private Network (VPN): Used to create a secure tunnel from home or a
remote location into your work. The most common protocol is L2TP/IPSec,
which
is used in tunnel mode across the internet. If you have a legacy system pre-
2000,
you would use an SSL VPN that requires an SSL certificate
The winserver.exe file is a remote access Trojan (RAT). All of the other executable
names displayed by netstat are valid.
I think it is a Backdoor, she had to click several security warnings. I read that a
backdoor can be used to install additional malware (Adware, Spyware, Ransomware,
etc). In this case, she gets popups (adware), her pc is slow (rootkit), cant open files
(cryptomal) seems to be the case? Please correct me if I am wrong.
4/38
2^0 = 1 = /32 = 255.255.255.255 ==> 256-255 = 1
2^1 = 2 = /31 = 255.255.255.254 ==> 256-254 = 2
2^2 = 4 = /30 = 255.255.255.252 ==> 256-252 = 4
2^3 = 8 = /29 = 255.255.255.248 ==> 256-248 = 8
2^4 = 16 = /28 = 255.255.255.240 ==> 256-240 = 16
2^5 = 32 = /27 = 255.255.255.224 ==> 256-244 = 32
2^6 = 64 = /26 = 255.255.255.192 ==> 256-192 = 64
2^7 = 128 = /25 = 255.255.255.128 ==> 256-128 = 128
2^8 = 256 = /24 = 255.255.255.0 ==> 256-0 = 256
Pharming is the term used for leading someone to the wrong site by modifying
DNS or the hosts file
5/38
wireless access point (WAP)
which of the following encryption technologies is MOST likely to be
configured when connecting to WPA2-PSK?
AES
Which of the following technologies BEST supports the deployment of
DNSSEC
at the organization?
PKI
SCP
The Secure Copy Protocol (SCP) is responsible for copying files from a
remote server to the local system over a secure connection, ensuring that
data in transit is kept confidential. A number of SCP products use an SSH
connection to ensure the security of the secure copy operation.
6/38
agentless and is installed for a single use
RADIUS clients: RADIUS clients are VPN servers, RAS server, and the
802.1x
authentication switch. Every RADIUS client needs the secret key that is
sometimes called the session key to join the RADIUS environment. RADIUS
communicates over the UDP port 1812. It is also known as non-proprietary.
7/38
B. Ipconfig
•C. Tracert
both show gatway information
8/38
nbtstat
nbtstat is used to troubleshoot
NetBIOS over TCP/IP, while the
netstat command by itself will show
only current connections and not listening ports.
Intrusion-prevention system
There are two types of Intrusion-Prevention Systems (IPS), the first is the
Network
Intrusion Prevention System (NIPS), which can only operate on your network
and cannot
9/38
work inside a host. The second is called the Host Intrusion Prevention System
(HIPS), and
it operates inside a host machine and cannot operate on the network.
NIPS is an internal network device whose role is to prevent access to the
network, and it is
placed on the perimeter of your network behind your firewall. Think of NIPS
as Rambo
with a big gun whose job it is to shoot the bad guys.
Intrusion-detection system
The Intrusion-Detection System (IDS) is the same as the IPS; there is the
HIDS, which only
works on a host, and the NIDS, which only works on the network. Think of the
IDS as
Sherlock Holmes, the famous detective; his job is to find different traffic
patterns on the
network and then inform Rambo, the NIPS, who will then remove them from
the network.
Exam tip: NIPS has the capability to detect as well as protect if there are
no NIDS on your network. To protect a virtual machine from attack, you
will install a HIPS.
Modes of detection
There are three modes of detection used by the NIPS/NIDS. For the purpose of
the exam,
you must know them thoroughly:
Signature-based: Works off a known database of known exploits and cannot
identify new patterns. If the database is not up to date, they will not operate
efficiently.
Anomaly-based: Starts off the same as the signature-based with the known
database but they have the ability to identify new variants.
Modes of operation
There are different modes of operation for the sensors of the NIPS/NIDS:
Inline: The NIPS will be placed on or very near to the firewall as an additional
layer of security; when the NIPS has been set up in inline mode, the flow of
traffic goes through the NIPS. This is known as in-band.
10/38
Passive: The traffic does not go through the NIPS; this mode is normally used
by
the NIDS as it detects changes in traffic patterns in the local network. This is
known as out-of-band.
When sensors are placed inside the network, they can only detect traffic once it
is inside
your network and has passed through your firewall. If you wish to detect
attacks before
they come into your network, the sensor must be placed on the external
network to the
firewall
NTP
The Network Time Protocol (NTP) is used to synchronize the clocks of PCs
on a network or the Internet. This is accomplished by configuring a server
to be the time server, which then is the server from which all other PCs on
the network synchronize their time.
11/38
BYOD The “bring your own device” model encourages users to
connect to the corporate network with their personal mobile devices
for work purposes. While the benefit is that the organization can
avoid the cost of purchasing the mobile devices, you will need to be
clear on the policy and if the organization will push settings down to
the devices. To learn more about the security concerns of BYOD,
check out the section titled “BYOD Security Concerns,” later in this
chapter.
COPE A “corporate-owned, personally enabled” (COPE) model can
work better from a security standpoint than a BYOD model because
it is hard for companies to control a device when they do not own the
device. With COPE, the company supplies the device to the user, so
it is managed by the IT department, but the company allows and
promotes personal usage of the device as well.
CYOD A “choose your own device” model involves the
organization providing users with a list of approved devices and
allowing each user to choose which device they would like to use.
Corporate-owned With a “corporate-owned device” model, the
company fully manages the devices and employees must follow
company policy when using the devices.
VDI Virtual desktop infrastructure is a model where the user uses a
thin client to connect to their desktop environment running in a data
center. With VDI you can introduce the mobile device as the thin
client so that the user can access their desktop environment from
anywhere. The benefit is that the resources are not on the mobile
device—it simply connects to a virtual desktop within the company.
12/38
Systems Hardening to Reduce the “Attack Surface”
The “attack surface” is the combination of all the potential flaws and backdoors
in technology that can be exploited by hackers. These vulnerabilities can occur
in multiple ways, including:
•Default and hardcoded passwords
•Passwords and other credentials stored in plain text files
•Unpatched software and firmware vulnerabilities
•Poorly configured BIOS, firewalls, ports, servers, switches, routers, or
other parts of the infrastructure
•Unencrypted network traffic or data at rest
•Lack of privileged access
DNSSEC
Evaluates MX record lookup,
Can perform authenticated requests for A and AAA records
Uses RRSIG
Explanation:
DNS Security Extensions (DNSSEC) provides, among other things,
cryptographic authenticity of responses using Resource Record Signatures
(RRSIG) and authenticated denial of existence using Next-Secure (NSEC) and
Hashed-NSEC records (NSEC3).
13/38
•Database hardening
•Network hardening
Also
ensure that you are familiar with your Internet service agreement
(ISA) and ensure that you are comfortable with any data limits and
the guaranteed uptime of the Internet connection. This is critical if
you are taking advantage of cloud services, as you need Internet
connectivity to access any services or data in the cloud
Understanding HVAC
Heating, Ventilation, and Air Conditioning (HVAC) is a system to provide
14/38
or reduce heat, humidity, and outdoor air. The goal of the HVAC system is
to provide climate control to help maintain quality conditions in the
workplace.
The HVAC controls the temperature and the humidity within the
building. This helps computer systems run optimally. The temperature in
the building should be around 70 to 74 degrees Fahrenheit. If the
temperature gets too warm, it could cause the systems to overheat and shut
down. The humidity levels should be between 40 and 60 percent.
If you have humidity levels less than 40 percent, then you could experience a
lot
of electrostatic discharge (ESD). ESD can destroy computer components
and computer chips. Humidity levels above 60 percent can corrode
computer components.
When working with environmental systems such as HVAC, some
common components include environment monitoring, hot and cold aisles,
and temperature and humidity controls. The following list describes each of
these components:
Hot and cold aisles To keep the systems cool in a data center, the
racks are configured in a hot/cold aisles configuration. This
configuration involves breaking the racks into rows with the fronts of
the racks facing each other to create cold aisles, and the backs
creating the hot aisles (hot air goes out the back of the racks). The
HVAC airflow would be designed to take the warm air from the hot
aisle and exhaust it outside, away from the data center, while
bringing in new cool air in the cold aisle from the front of the racks.
15/38
IT infrastructure: These include telephone switches at the network end to cell
phones at the consumer end; dedicated routers and network bridges to route
data; and HVAC systems that use networked thermostats to control temperature
and CCTV security systems
Smart devices/IoT: Smart devices, such as a smart TV, can connect to a home
network and gain access to the internet. IoT comprises small devices, such as
ATM cash machines, small robots, and wearable technologies, that can use an
IP
address and connect to internet-capable devices. We must ensure that we
change
the default usernames and passwords for these devices to prevent someone
hacking them. From a security point of view, supporting IoT items is a
nightmare
because of the diversity of the devices:
Figure 3: IoT devices
Home automation: A home automation system will control lighting, climate,
entertainment systems, alarm systems, and appliances.
Wearable technology: The use of wearable technology has increased in recent
years from monitoring health and performance to sending texts and receiving
calls on your watch.
System On a Chip (SoC): An integrated circuit (https://en.wikipedia.org/
wiki/Integrated_circuit) that integrates all components of a computer or other
electronic systems. Wearable technology and most embedded systems may
include a SoC
16/38
System sprawl/undocumented assets System sprawl refers to
when an organization adds more and more servers or systems to the
network without properly documenting their maintenance
requirements, or perhaps even their existence. Eventually, systems
are forgotten about and as a result become vulnerable because they
are not maintained
Which of the following technologies employ the use of SAML? (Select two.)
A. Single sign-on
B. Federation
Sponsored guest
The sponsor approved guest access provides access to the guest user only if it is
approved by the Guest Sponsorer. The Sponsorer validates the guest user
before giving the required access. This feature provides additional security by
providing access only to valid guest users. The Sponsor takes the responsibility
for the actions of the Guest and thus it brings accountability for the network
usage and enhances the security of the network.
17/38
Authentication Factors
Something you know: Password, PIN, birth date
Something you are: Iris, retina, fingerprint, palm, voice
Something you do: Swipe, gait, signature
Somewhere you are: Location, London, Poland
Single factor: All from the same group
Dual factor: From more than one group
New magnetic locks were ordered for an entire building. In accordance with
company policy, employee safety is the top priority.
In case of a fire where electricity is cut, which of the following should be taken
into consideration when installing the new locks?
Fail safe
Fail safe The lock unlocks when power is removed
Fail secure: The lock unlocks when power is applied
discretionary access control (DAC) Access control when the person who
created the file or folder is the owner and is responsible for securing those
files and folders.
mandatory access control (MAC) Access to resources is based on the
employee’s clearance level and the data classification label assigned to the
resource.
Role based access control
Rule-based access control
18/38
portables. Vous utilisez ainsi votre téléphone comme un modem, et ce procédé
est possible nativement depuis la version 2.2 d'Android.
Sideloading is a term used mostly on the Internet, similar to "upload" and
"download", but in reference to the process of transferring files between two
local devices, in particular between a computer and a mobile device such as
a mobile phone, smartphone, PDA, tablet, portable media player or e-reader.
Sideloading typically refers to media file transfer to a mobile
device via USB, Bluetooth, WiFi or by writing to a memory card for insertion
into the mobile device.
19/38
accounting for many types of environments, such as wireless, RAS, or
VPNs.
Something you have includes smart card, USB token, hardware/software token,
and your phone that generates SMS codes or any other code.
Remember this
Enterprise mode requires an 802.1x server. EAP-FAST
supports certificates. PEAP and EAP-TTLS require a certificate on
the 802.1x server. EAP-TLS also uses TLS, but it requires
certificates on both the 802.1x server and each of the clients.
acceptable use
policy (AUP)
Session Initiated Protocol (SIP): Allows people from all over the internet, and
those with VoIP, to communicate using their computers, tablets, and
smartphones. An example would be of a secretary who could receive a Skype
call for the boss: SIP allows them to put the caller on hold, speak to their boss,
and, if needs be, put the person through.
Real Time Protocol (RTP): Once SIP has established the session, RTP transfers
20/38
the videoconferencing traffic.
VLAN: Voice traffic being placed in a VLAN segments it from the rest of the
network.
fall safe for humanity health fall secure for Data protection
Due care is the concept of doing the right thing. When it relates to
security, due care is about implementing the correct security controls to
ensure the protection of the organization’s assets. Examples include the
creation of the security policy, performing regular backups, and performing
regular virus scans. The key thing to note with due care is that you are
implementing an action.
Due diligence is about identifying your risk so that you know what
security controls to put in place (due care). Due diligence involves
performing regular assessments and analyzing the assessment results to
identify security issues in the environment.
Privacy officer The privacy officer, also known as the chief privacy
officer (CPO), is responsible for developing policies that address
employee personal data and customer personal data. The privacy
policy should specify how personal data is to be handled and stored
21/38
within the organization.
A captive portal is a Web page that the user of a public-access network is obliged to
view and interact with before access is granted. Captive portals are typically used by
business centers, airports, hotel lobbies, coffee shops, and other venues that offer
free Wi-Fi hot spots for Internet users.
Iris An iris scanner scans the colored part of your eye that surrounds
the pupil and compares it with the system-stored image.
>>> Physical scan
6 STEPS OF INCIDENT RESPONSE
Preparation
Detection & Identification
Containment
Remediation & Eradication
Recovery
Lessons Learned (Documentation)
22/38
incident. For example, if it is a virus, we want it totally removed.
5. Recovery: In the recovery phase, we are getting the company back to an
operational state, hopefully within the RPO. For example, imaging
machines and
restoring data within one day.
6. Lessons learned: Lessons learned is a detective phase where we pull
together all
of the facts and plan to prevent a re-occurrence in the future. Failure to
carry this
out will lead to a re-occurrence. The incident response process is shown
here:
Recovery Point Object (RPO): RPO is how much time a company can last
without its data before it affects operations. This is also known as acceptable
downtime; if a company agrees that it can be without data for three hours, then
the RPO is three hours. If the IT systems in a company suffer a loss of service
at 13:00 hours, then the RPO would be 16:00 hours. Any repair beyond that
time would have an adverse impact on the business.
Recovery Time Object (RTO): RTO is the time that the company has been
returned to an operational state. In the RPO scenario, we would like the RTO to
be before 16:00 hours. If the RTO is beyond 16:00 hours, then once again it has
an adverse impact on the business.
23/38
Mean Time to Repair (MTTR): MTTR is the average amount of time it takes to
repair a system. If my car broke down at 14:00 hours and it was repaired at
16:00
hours the MTTR would be two hours.
annual loss
expectancy ALE = SLE × ARO
24/38
from the service provider; it is based on metrics within a specific time frame.
The
agreement can be either a fix or a response over a certain period of time.
Also ensure that you are familiar with your Internet service agreement
(ISA) and ensure that you are comfortable with any data limits and
the guaranteed uptime of the Internet connection. This is critical if
you are taking advantage of cloud services, as you need Internet
connectivity to access any services or data in the cloud
25/38
Banner grabbing: Banner grabbing is a technique used to gain information
about a remote server and is often used as part of a fingerprinting attack. This
could be where you are looking for details on remote systems such as a web
server. If you are looking for the patch level of a web server, we would use
banner grabbing to collect this information.
Which of the following encryption methods does PKI typically use to securely
project keys?
Digital signatures
Password attacks
Dictionary attack, Brute force attack
Cryptographic attacks
Birthday , Digital signatures Rainbow tables Collision attack
26/38
passwords, making them more difficult to crack. They should have introduced
both complex passwords and key stretching to make passwords more secure.
Diffusion is ensuring that the repeating of characters in the plain text will
not help someone decipher the cipher text (data after it is encrypted).
Transposition is a feature that provides diffusion.
IPSec
b. Tunnel mode
d. Transport mode
27/38
Internet Key Exchange use UDP 500, SSL use 443, SSH 22, 8080 used for
proxy server or other device
Key escrow: The key escrow holds the private keys for third parties and
stores
them in a Hardware Security Module (HSM).
Data Recovery Agent (DRA): If a user cannot access their data because their
private key is corrupted, the DRA will recover the data. The DRA needs to get
the private key from the key escrow.
28/38
that applications will check the CRL to verify that a certifiate being
used has not been revoked.
Another method that systems and applications can use to verify whether
a certificate has been revoked relies on the Online Certificate Status
Protocol (OCSP). OCSP is an Internet protocol that uses HTTP to
communicate with the CA and check the status of a certificate. OCSP is
designed as an alternative to the CRL
For the Security+ exam, know that M of N control is ensuring
that a minimum number of persons are required in order to
recover a key. For example, you may require two out of three
authorized persons to perform key recovery.
Key Escrow
Key escrow is the process of handing cryptography keys over to a third
party who can use the cryptography keys to decrypt information within your
organization at any point in time. For example, you may be required to give
cryptography keys to a government agency or to law enforcement for an
investigation.
The concept of key escrow is a controversial topic due to the obvious
security risks of having keys that can decrypt information within your
organization located outside the organization.
IPSec tunnel mode is the default mode. With tunnel mode, the entire original
IP packet is protected by IPSec. This means IPSec wraps the original packet,
encrypts it, adds a new IP header and sends it to the other side of the VPN
tunnel (IPSec peer).
29/38
Tunnel mode is most commonly used between gateways (Cisco routers or ASA
firewalls), or at an end-station to a gateway, the gateway acting as a proxy for
the hosts behind it.
IPSec Transport mode is used for end-to-end communications, for example, for
communication between a client and a server or between a workstation and a
gateway (if the gateway is being treated as a host). A good example would be
an encrypted Telnet or Remote Desktop session from a workstation to a server.
Peer review is the evaluation of work by one or more people with similar
competencies as the producers of the work
Modes of Operation
Block ciphers are offered in different modes, such as Electronic Code Book
(ECB), Cipher Block Chaining (CBC), and Output FeedBack (OFB). Table
12-1 lists some of the block cipher modes currently available.
For the Security+ exam, be familiar with the terms work factor,
one-time pad (OTP), and exclusive OR (XOR).
30/38
Pretty Good Privacy (PGP)
DH creates the keys used in the Internet Key Exchange (IKE); it uses UDP port
500 to set up the secure session for the L2TP/IPSec VPN. Once the secure
tunnel has been created, then the symmetric encrypted data flows down the
tunnel.
Rivest, Shamir, and Adelman (RSA): RSA is named after the three people
who
invented the algorithm. The keys were the first private and public key pairs,
and
they start at 1,024, 2046, 3,072 and 4,096 bits. They are used for encryption
and
31/38
digital signatures.
Digital Signature Algorithm (DSA): DSA keys are used for digital signatures;
they start at 512 bits, but their 1,024-bit and 2046-bit keys are faster than RSA
for
digital signatures.
Elliptic Curve Cryptography (ECC): ECC is a small, fast key that is used for
encryption in small mobile devices; however, AES-256 is used in military
mobile
telephones.
Ephemeral keys: Ephemeral keys are short-lived keys; they are used for a
single
session, and there are two of them:
- Diffie Hellman Ephemeral (DHE)
- Elliptic Curve Diffie Hellman Ephemeral (ECDHE)
Pretty Good Privacy (PGP): PGP is used between two users to set up an
asymmetric encryption and digital signatures. For PGP to operate, you need a
private and public key pair. The first stage in using PGP is to exchange the
keys.
It uses RSA keys.
Hardware root of trust: When we use certificates for FDE, they use a
hardware
root of trust that verifies that the keys match before the secure boot process
takes
place
Depending on the size of the organization, you can create one or more
subordinate CAs, also known as intermediate CAs. These CAs have their
own certificate—issued and digitally signed by the root CA—that they will
use to digitally sign any certificates that they create. You might use
subordinate CAs so that each office location has its own CA to issue
32/38
certificates for that location, for example
Registration Authority
The registration authority (RA) is an important part of a PKI, as it is
responsible for accepting certificate requests from clients and then
validating the entity requesting the certificate. The RA will follow the
process determined by the security policy to validate any employee or
device requesting a certificate. This typically involves the employee filling
out an application for a certificate and then presenting identification and a
reason for the request. Once the RA validates the request, it is passed to the
CA to create the certificate.
A small company may combine the roles of the RA and the CA,
but would still ensure that the request is validated before creating
the certificate.
Repository
The repository is the database that stores the certificates and public keys.
The repository should be available to all participants in the PKI structure so
that they can obtain the public keys when needed.
The repository is usually an LDAP-compliant directory, which allows
you to query the directory through LDAP. The database should be backed
up on a regular basis.
Hashing algorithms
A hashing algorithm takes the data from a document and generates a
hexadecimal value from that input. If you take the same data and hash it with
the same algorithm, it will generate the same hash. In the Security + exam, the
hashing algorithms are SHA-1, which is 160 bits, and MD5, which is 128 bits.
Hashing is a one-way function to ensure that the integrity of the data is intact.
MD5 fails the collision test too often, where two files will produce the same
hash. If you are going to rely on it to find and delete duplicate files, that's
an unacceptable level of risk that you'll delete a file that actually contains
unique data.
33/38
Concept: Traffic between network devices uses a simple network transport
protocol; the secure version is SMTPv3.
Wrong answers:
B. SNMP is not secure.
C. SCP copies files securely.
D. SFTP secures downloaded traffic from FTP sites.
34/38
A systems administrator is reviewing the following information from a
compromised server:
Given the above information, which of the following processes was MOST likely
exploited via a remote buffer overflow attack?
• A. Apache
• B. LSASS
• C. MySQL
• D. TFTP
Data Execution Prevention can prevent buffer overflow attacks so that rules out B
and D. C only has a connection with the loopback address (127.0.0.1) So that only
leave answer A.
Online Certificate Status Protocol (OCSP): Only when the CRL is going slow
will the OCSP come into play; it is much faster than the CRL and can take a load from
the CRL in a very busy environment.
35/38
Certificate architect: The certificate architect builds the CA, and if it is already
present, he will build the intermediary authority.
Certificate chaining: Certificates in computer security are digital certificates that are
verified using a chain of trust where the trust anchor for the digital certificate is the root
CA. This chain of trust is used to verify the validity of a certificate as it includes details
of the CRL.
A public salt does two things: makes it more time-consuming to crack a large list of
passwords, and makes it infeasible to use a rainbow table.
Kerberos
Only Kerberos that can do Mutual Auth and Delegation.
LDAPs
2. Submit the request. Once you have the request stored in a text
file, you are then ready to submit the request (contents of the text
file) to the CA. Again, you do this by navigating to the CA’s web
site.
36/38
3. Download the certificate. After submitting the request through
the web site, you need to download the resulting certificate to your
computer. You typically are provided a link at the end of the
“submit the request” phase to download the certificate.
Certificate stapling
OCSP est un protocole Internet permettant de vérifier la validité d'un certificat numérique
TLS en temps-réel auprès de l'autorité ayant émis le certificat.
OCSP is an Internet protocol that uses HTTP to
communicate with the CA and check the status of a certificate. OCSP is
designed as an alternative to the CRL. It should be noted that when using
OCSP, the revocation status can be communicated to clients using a feature
called stapling
37/38
Symmetric algorithm – modes of operation
Symmetric encryption involves a stream cipher that encrypts data one bit at a time;
this is easy to crack and is much slower than a block cipher. Block cipher mode takes
blocks of data depending on the key and encrypts that data in blocks—this makes the
encryption of a large amount of data much faster
38/38