Solved

CISSP Examination: Can someone give me a breakdown of different encryption methods I would need to know?

Posted on 2016-08-22
4
33 Views
Last Modified: 2016-09-12
I'm interested in learning about encryption methods that are relevant to industry today. AES-256 vs. 3DES vs. DES vs. SSL/TLS vs PPTP vs. IPSec vs. OTHERS.

What is the difference, what are obvious ways to identify each, and what are the main uses of each? Please break down into quick notes on each, which can assist myself and others to absorb the material quickly. I have been reading wiki pages and I would like this information condensed and ELI5'd.

Thanks,
Tanner
0
Comment
Question by:Tanner Briggs
  • 3
4 Comments
 
LVL 62

Accepted Solution

by:
btan earned 300 total points (awarded by participants)
ID: 41766343
In short, the difference is the strength of each algorithm and he application use case for them. For e.g,.
  • 3DES and DES are symmetric and the 3DES is stronger and DES is no more recommended, in fact, the stronger one is AES
  • SSL/TLS includes are both for Key exchange/Auth/Encryption - see the Openssl link to see the list of cipher applicable
  • PPTP vs. IPSec - these are for VPN purposes and the link has comparison to help in understanding. IPsec can support higher keylength used for greater security. (http://www.giganews.com/vyprvpn/compare-vpn-protocols.html)

Some useful website to help beef the understanding are
- Learn cryptography (https://learncryptography.com/) has flash and basic on the coverage
- Key length (https://www.keylength.com/en/4/)  shows the strength in cipher (how long it can withstand brute forcing)
- OWASP guide to crypto (https://www.owasp.org/index.php/Guide_to_Cryptography)

Large part for you to focus is the use case of what cipher (symmetric & asymmetric, hashes) is applicable for key exchange, encryption, authentication etc in a cipher suite. For e.g. if you see this string such as "TLS_RSA_WITH_RC4_128_SHA", what does each means - good reference is the Openssl list https://www.openssl.org/docs/manmaster/apps/ciphers.html

Those cipher common application include:
 -Remote access such as IPsec VPN
 -Certificate based authentication
 -Securing confidential or sensitive information
 -Obtaining non-repudiation using digital certificates
 -Online orders and payments
 -Email and messaging security such as S/MIME
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 200 total points (awarded by participants)
ID: 41768554
You don't need to know that much about the ciphers and algorythms themselves, but you do need to know about their features and concepts. Key exchange, perfect fwd secrecy, integrity, authentication ,non-repudiation, message authentication, digital signatures etc. You will also need to learn about hash and algorithm limitations, but I don't remember much about that on the test.
A good start are my two articles here:
https://www.experts-exchange.com/articles/12134/Choosing-the-right-encryption-for-your-needs.html
https://www.experts-exchange.com/articles/12386/How-secure-are-passwords.html
-rich
0
 
LVL 62

Assisted Solution

by:btan
btan earned 300 total points (awarded by participants)
ID: 41768694
Agree with RichRumble. We are not cryptographer but we need to know what are the best practices as likely it is more of compliance to make sure strong cipher is adopted and not leave the "hole" open to attacks. The best practices as shared in my previous post is to share the application of those crypto as part of the security posture. For e.g. in website adoption of SSL, the online free service (https://www.ssllabs.com/ssltest/) to examine the cipher on use for key exchange, PFS, encryption and certificate used can be done for health check and compliance requirement.
0
 
LVL 62

Expert Comment

by:btan
ID: 41793898
concept and information explained
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now