- Network+ Certification
- Network+ : Introductions and Resources
- Network+ : Network Models
- Network+: Cabling
- Network+ : Topologies
- Network+ : Ethernet Basics
- Network+ : Contemporary Ethernet
- Network+ : Installing a Physical Network
- Network+ : Booting and Getting On the Network
- Network+ : TCP/IP Basics
- Network+ : Subnetting
- Network+: Routing Protocols
- Network+ : Routing and Firewalls
- Network+ : TCP/IP Ports and Applications
- Network+ : Network Naming and Sharing Resources
- Network+ : Secure Networking
- Network+ : Advanced Networking Devices
- Network+ : IPv6
- Network+ : Remote Connectivity
- Network+ : WiFi
- Network+ : Virtualization
- Network+ : Mobile Networking
- Network+ : Building a Real-World Network
- Network+ : Managing Risk
- Network+ : Protecting Your Network
- Network+ : Network Monitoring
- Network+ : Network Troubleshooting
Encoding and Decoding
Encoding provides casual obfuscation, but anyone can decode the data.
Hashing provides a way to prove Integrity.
For instance, MD5 and SHA hashes are typically provided for downloadable files like ISOs. Once you’ve downloaded the file, you can calculate the hash(es) to ensure you’ve gotten a bit-for-bit perfect download.
SHA1, SHA2, SHA256 etc.
https://gchq.github.io/CyberChef/ –> Scroll down to “Hashing”
Hashing is critical to Authentication. You can’t store passwords; somebody sneaky will get them, for sure. But you can store the hash of a password, then when somebody logs in your system calculates the hash of that password, compares it to the stored hash, and if they match voila! You get Authenticated.
Encryption provides actual Confidentiality, by making your data unreadable by others.
Cyphers: the actual Algorythms
Stream vs Block Cyphers
Symmetric Cyphers using Shared Secrets
Asymmetric Cyphers using a Public Key and a Private Key
Nonrepudiation makes it impossible for someone who has said something to say, “I didn’t say that!” This is useful in, for instance, real estate transactions.
Asymmetric encryption is used for Nonrepudiation. I encrypt a document with my Private Key, and send it (the document, not the key!) to my Realtor. He easily gets my Public Key via PKI, and it easily decrypts my offer letter. Nobody in the universe but me (in theory) has my Private Key, so anything encrypted with it must have come from me. I can’t repudiate it; this operation has provided Nonrepudiation.
The only thing that’s wrong with the scenario above is that while I’ve provided Nonrepudiation, I haven’t provided an Integrity check (always think of a hash in these cases).
So let’s do this:
- Calculate the SHA1 hash of my Last Will and Testament.docx.
- Encrypt the resulting hash with my Private Key. This is a Digital Signature!
- Send an email to my lawyer, paste the Digital Signature into the text of the email, and attach my Will to the email.
- My lawyer gets my Will and calculates the SHA1 hash.
- My lawyer decrypts my Digital Signature and sees that the hash matches the one he just calculated for my Will.
- Bravo! The document is intact (has Integrity) and legal (because Digital Signatures are binding).
Authorization is the only element on this list that doesn’t involve cryptography. It’s all about permissions: what shares you’re authorized to she, what documents you can change, what you can create or delete.
What Meyers doesn’t mention yet is that Authorization is part of another triad/list beloved by CompTIA, the AAA:
Audit (or Accountability)
Also know these common models for Access Control:
See, told you Meyers was going to talk about this! Here are the major standards. Notice the discussion of AAA starting on page 370.
CHAP / MS-CHAP / MS-CHAPv2
RADIUS / Diameter
Encrypting Data Traffic
SSL / TLS
Everything below TLS 1.2 (“TLS 2”) is deprecated and not to be used, period.
Secure TCP/IP Applications
Uses SSL / TLS (meaning actually TLS).
Secure, encrypted copy between any two endpoints. You could be on Server A and “skip” a file from Server B to Server C, as long as you have credentials on all systems.
Uses SSH encryption and the SSH port (22).
Troubles with v1 and v2. Use v3.
Network Time Protocol (port 123)