?
Solved

CISSP Examination: Can someone give me a breakdown of different encryption methods I would need to know?

Posted on 2016-08-22
4
Medium Priority
?
53 Views
Last Modified: 2016-09-12
I'm interested in learning about encryption methods that are relevant to industry today. AES-256 vs. 3DES vs. DES vs. SSL/TLS vs PPTP vs. IPSec vs. OTHERS.

What is the difference, what are obvious ways to identify each, and what are the main uses of each? Please break down into quick notes on each, which can assist myself and others to absorb the material quickly. I have been reading wiki pages and I would like this information condensed and ELI5'd.

Thanks,
Tanner
0
Comment
Question by:Tanner Briggs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 64

Accepted Solution

by:
btan earned 1200 total points (awarded by participants)
ID: 41766343
In short, the difference is the strength of each algorithm and he application use case for them. For e.g,.
  • 3DES and DES are symmetric and the 3DES is stronger and DES is no more recommended, in fact, the stronger one is AES
  • SSL/TLS includes are both for Key exchange/Auth/Encryption - see the Openssl link to see the list of cipher applicable
  • PPTP vs. IPSec - these are for VPN purposes and the link has comparison to help in understanding. IPsec can support higher keylength used for greater security. (http://www.giganews.com/vyprvpn/compare-vpn-protocols.html)

Some useful website to help beef the understanding are
- Learn cryptography (https://learncryptography.com/) has flash and basic on the coverage
- Key length (https://www.keylength.com/en/4/)  shows the strength in cipher (how long it can withstand brute forcing)
- OWASP guide to crypto (https://www.owasp.org/index.php/Guide_to_Cryptography)

Large part for you to focus is the use case of what cipher (symmetric & asymmetric, hashes) is applicable for key exchange, encryption, authentication etc in a cipher suite. For e.g. if you see this string such as "TLS_RSA_WITH_RC4_128_SHA", what does each means - good reference is the Openssl list https://www.openssl.org/docs/manmaster/apps/ciphers.html

Those cipher common application include:
 -Remote access such as IPsec VPN
 -Certificate based authentication
 -Securing confidential or sensitive information
 -Obtaining non-repudiation using digital certificates
 -Online orders and payments
 -Email and messaging security such as S/MIME
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 800 total points (awarded by participants)
ID: 41768554
You don't need to know that much about the ciphers and algorythms themselves, but you do need to know about their features and concepts. Key exchange, perfect fwd secrecy, integrity, authentication ,non-repudiation, message authentication, digital signatures etc. You will also need to learn about hash and algorithm limitations, but I don't remember much about that on the test.
A good start are my two articles here:
https://www.experts-exchange.com/articles/12134/Choosing-the-right-encryption-for-your-needs.html
https://www.experts-exchange.com/articles/12386/How-secure-are-passwords.html
-rich
0
 
LVL 64

Assisted Solution

by:btan
btan earned 1200 total points (awarded by participants)
ID: 41768694
Agree with RichRumble. We are not cryptographer but we need to know what are the best practices as likely it is more of compliance to make sure strong cipher is adopted and not leave the "hole" open to attacks. The best practices as shared in my previous post is to share the application of those crypto as part of the security posture. For e.g. in website adoption of SSL, the online free service (https://www.ssllabs.com/ssltest/) to examine the cipher on use for key exchange, PFS, encryption and certificate used can be done for health check and compliance requirement.
0
 
LVL 64

Expert Comment

by:btan
ID: 41793898
concept and information explained
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
In this article, we’ll look at how to deploy ProxySQL.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question