Respond to the below two students discussion with 150 words minimum. The question they are responding to re below in bold just so you will know.
For this assignment, create a new message and address the following items in your response.
- Describe the five basic attacks on authentication systems.
- Outline the symmetric encryption process and explain the components involved in the process.
- Summarize the different situations in which people use file encryption software.
- Describe the different categories of asymmetric encryption algorithms and how they are used in practice.
Student one:
Describe the five basic attacks on authentication systems.
- Clone or borrow the credential – “Shoulder Surfing” Watching people type passwords
- Sniff the credential – Digital shoulder surfing, we collect packets via wireshark or similar packet sniffing software and look for passwords and tokens.
- Trial and error guessing – use statistics to help your guesses
- Denial of Service -overloading the system to lock the user out, preventing access into the system.
- Retrieve offline – You can bypass a lot of security if you can get an offline backup.
Outline the symmetric encryption process and explain the components involved in the process.
Symmetric encryption is where the same key is used for both encryption and decryption of the data. To start, the user decides to encrypt his data. He must decide on a key to decrypt the data. He then uses software that automatically encrypts the data using that key. Now the user feels comfortable sending the data out to user 2 who now has a problem. User 2 must somehow be aware of the key that User 1 created. Often, this key is sent through a different means than the encrypted data. If the encrypted data is sent via Email, then the key is shared via phone or text. Now having the key, User 2 can now decrypt the data.
Summarize the different situations in which people use file encryption software.
If at any point for any reason the data manager feels that the data risks being compromised, then encrypting the data is warranted. Any sensitive data being sent over the internet MUST be encrypted. Server, system, and profile backups need to be encrypted and secured off network to prevent attackers from gaining access and manipulating data.
Describe the different categories of asymmetric encryption algorithms and how they are used in practice.
Asymmetric encryption is where there is one key for encryption, and a separate key for decryption. The decryption key is a closely guarded secret and never shared with anyone ever. This key is called the private key. The key used for encrypting data is not kept secret and shared widely. This key is called the public key. The public now knows your encryption standard, and can encrypt any data they want using your standard. These keys are not reversible, so until you decrypt the data with your private key, the data is unreadable.
Die-Hoffman (DH): is a hybrid of asymmetric and symmetric encryption. The encryption is symmetric but they manage to share the key with each other without actually sending the key.
RSA: is the standard Asymmentric encryption system.
Reference:
Smith, R. E. (2016). Elementary information security, 2nd Edition. Subury, MA: Jones & Bartlett Learning.
-Arn
Student two:
- Describe the five basic attacks on authentication systems
The 5 basic authentication attacks are, Clone or borrow the credentials or token, Sniff the credential, Trial and error, Denial of service (DoS), and Retrieve from a backup.
Clone or borrow is an attack that is usually done by shoulder surfing or finding the login credentials and using those to log in.
Sniff the credentials is a method that captures the login credentials as it is being transmitted to the login process.
Trial and error is exactly what it is, trial and error. This attack is just trying different combination until the attacker gets one right to be able to log in.
The denial of service attack is were the attacker can damage the system which will block assess to the system by others.
Retrieve from a backup is being able to get the log in information from a backup on the hard drive and using the log in information to be able to access account.
- Outline the symmetric encryption process and explain the components involved in the process.
Symmetric encryption is a way to encrypt and decrypt using the same key. There are two categories for the symmetric encryption and that is the code and cypher. The code encryption uses words or phrases to hide a message within. For instance, the military uses code words for many things for instance “Oscar Mike” means “On The Move”.
Cypher encryption uses algorithms to encrypt data and only someone who has the PKI key and decrypt the message, for instance encrypting an email and only the receiver can open and decrypt the message.
- Summarize the different situations in which people use file encryption software.
You would want to encrypt your data if you care carrying an external HD, sending an email, or using a public workstation to name a few.
- Describe the different categories of asymmetric encryption algorithms and how they are used in practice.
There are two part to asymmetric encryption “public key and private key” both of these are needed to be able to encrypt a file or email. One-way asymmetric encryption is used is with email, you will use a private key and public key to encrypt the message and only those keys can decrypt the message.
Matt
