SY0-501 Section 2.9 given a scenario; select the appropriate control to meet the goals of security.
Confidentiality One of the major reasons to implement a cryptographic system is to ensure the confidentiality of the information being used. Confidentiality may be intended to prevent the unauthorized dis- closure of information in a local network or to prevent the unauthorized disclosure of information across a network. A cryptographic system must do this effectively in order to be of value. The need to keep records secure from internal disclosure may be just as great as the need to keep records secure from outside attacks. The effectiveness of a cryptographic…
One of the major reasons to implement a cryptographic system is to ensure the confidentiality of the information being used. Confidentiality may be intended to prevent the unauthorized dis- closure of information in a local network or to prevent the unauthorized disclosure of information across a network. A cryptographic system must do this effectively in order to be of value.
The need to keep records secure from internal disclosure may be just as great as the need to keep records secure from outside attacks. The effectiveness of a cryptographic system in preventing unauthorized decryption is referred to as its strength: A strong cryptographic system is difficult to crack. Strength is also referred to as the algorithm’s work factor: The work factor describes an estimate of the amount of time and effort that would be needed to break a system.
The system may be considered weak if it allows weak keys, has defects in its design, or is easily decrypted. Many systems available today are more than adequate for business and personal use, but they are inadequate for sensitive military or governmental applications.
Cipher suites, for example, work with SSL/TLS to combine authentication, encryption, and message authentication. Most vendors allow you to set cipher suite preferences on a server to determine the level of strength required by client connections. With Sybase, for example, you set the cipher suite preference to Weak, Strong, FIPS, or All. If you choose Strong, you are limiting the choices to only encryption algorithms that use keys of 64 bits or more. Choosing Weak adds all the encryption algorithms that are less than 64 bits, while choosing FIPS requires encryptions, hash and key exchange algorithms to be FIPS- compliant (AES, 3DES, DES, and SHA1). Apache offers similar choices but instead of the words Strong and Weak, the names are changed to High, Medium, and Low.
The second major reason for implementing a cryptographic system involves providing assurance that a message wasn’t modified during transmission. Modification may render a message unintelligible or, even worse, inaccurate. Imagine the consequences if record alterations weren’t discovered in medical records involving drug prescriptions. If a message is tampered with, the encryption system should have a mechanism to indicate that the message has been corrupted or altered.
Integrity can be accomplished by adding information such as redundant data that can be used as part of the decryption process. Figure 2.8 provides a simple example of how integrity can be validated in a message. Notice that data about the message’s length and the number of vowels in the message are included in the message.
Figure 2.8: A simple integrity-checking process for an encrypted message
These two additions to the message provide a two-way check on the integrity of the message. In this case, the message has somehow become corrupted or invalidated. The original message had 12 characters; the decrypted message has 13 characters. Of course, the processes used in a real system are much more complicated. The addition of this information could be considered a signature of some sort.
A common method of verifying integrity involves adding a message authentication code (MAC) to the message. The MAC is derived from the message and a shared secret key. This process ensures the integrity of the message. The MAC would be encrypted with the message, adding another layer of integrity checking. From the MAC, you would know that the message came from the originator and that the contents haven’t been altered. Figure 2.9 illustrates the MAC value being calculated from the message and included with the message.
The receiver also calculates the MAC value and compares it to the value sent in the message. If the values are equal, the message can be assumed to be intact and genuine.
HMAC (Hash-Based Message Authentication Code) uses a hashing algorithm along with a symmetric key.
A digital signature is similar in function to a standard signature on a document. It validates the integrity of the message and the sender. The message is encrypted using the encryption system, and a second piece of information, the digital signature, is added to the message. Figure 2.10 illustrates this concept.
Let’s say that the sender in Figure 2.10 wants to send a message to the receiver. It’s important that this message not be altered. The sender uses the private key to create a digital signature. The message is, in effect, signed with the private key. The sender then sends the message to the receiver. The receiver uses the public key attached to the message to validate the digital signature. If the values match, the receiver knows the message is authentic.
The receiver uses a key provided by the sender—the public key—to decrypt the message. Most digital signature implementations also use a hash to verify that the message has not been altered, intentionally or accidently, in transit.
The receiver compares the signature area referred to as a message digest in the message with the calculated value. If the values match, the message hasn’t been tampered with and the originator is verified as the person they claim to be. This process provides message integrity, nonrepudiation, and authentication.
Nonrepudiation prevents one party from denying actions they carried out. To use an analogy, imagine coming home to find your house’s picture window broken. All three of your kids say they didn’t do it, and the babysitter says it must have been broken when she arrived. All the parties who could be guilty are “repudiating” the fact that they did it, and it’s their word against common sense. Now, imagine that you had a nanny-cam running and were able to review the video and see who actually broke it. The video cancels out their saying that they knew nothing about the broken window and offers “nonrepudiation” of the facts.
In the electronic world, a similar type of proof can be achieved in a two-key system. The problem is that anyone can claim to be a legitimate sender, and if they have access to this type of system, they can send you a public key. So although you have received the message, you would have no way of verifying that the sender is really who they say they are, and you need nonrepudiation to verify that the sender is who they say they are.
Third-party organizations called certificate authorities (CAs) manage public keys and issue certificates verifying the validity of a sender’s message. The verifying aspect serves as nonrepudiation; a respected third party vouches for the individual. The goal of any effective cryptography system must include nonrepudiation. However, the implementation is a little more difficult than the concept.
Security is a priority for every administrator, but it cannot be the only priority: security cannot forsake all others. One of the other priorities that CompTIA wants you to be familiar with for this exam is safety. Some of the topics relate to the safety of the data or physical environment, while others are associated with safety of the individuals you work with.
In the order the topics appear in the objectives, these are as follows:
Fencing A fence can keep out unwanted entities—vehicles, people, etc.—and funnel those leaving to an easy to manage exit point where you can manage them easier.
Locks Locks are a lot like passwords—they need to be easy enough to work that those who are authorized can effectively navigate them but strong enough to keep those who are not authorized out. As a general rule, the strength of locks and the costs of them are closely related. Be sure to lock up not only the server room but also the wiring closets and physical hardware that could wander off.
CCTV Closed Circuit TV (CCTV) surveillance can help lessen the success of unauthorized access attempts. To be successfully used in prosecution, the recording equipment used with the cameras should be of good quality. To deter attempts, employees—and all others— should be made aware of the presence of the cameras.
Escape Plans With all the fencing, locks, and blinding lighting that is installed in the office, it is highly recommended that escape plans be in place and understood by all. Someone (a designated safety officer) should be responsible for keeping the plan current and making certain all employees are aware of it.
Drills To make certain not only that employees know the escape plan(s) but that it also works, drills should be conducted on a regular basis. The safety office in charge of the escape plans should also be responsible for the drills and make modifications as conditions change or problems arise.
Escape Routes The aforementioned escape plan and drills should direct the employees to safety via an escape route. Alternate routes should be identified in the event that the primary escape route is blocked.
Testing Controls Technical, Management, and Operational. Since there is reliance by at least two of these types on individuals, regularly test to verify that they are working properly and responses are appropriate.
Keep safety as one of your priorities as an administrator. Hope that you never have to respond to an emergency situation, but take comfort in knowing that your employees know how to respond should the need arise.