Solved

CISSP Examination: Can someone give me a breakdown of different encryption methods I would need to know?

Posted on 2016-08-22
4
35 Views
Last Modified: 2016-09-12
I'm interested in learning about encryption methods that are relevant to industry today. AES-256 vs. 3DES vs. DES vs. SSL/TLS vs PPTP vs. IPSec vs. OTHERS.

What is the difference, what are obvious ways to identify each, and what are the main uses of each? Please break down into quick notes on each, which can assist myself and others to absorb the material quickly. I have been reading wiki pages and I would like this information condensed and ELI5'd.

Thanks,
Tanner
0
Comment
Question by:Tanner Briggs
  • 3
4 Comments
 
LVL 62

Accepted Solution

by:
btan earned 300 total points (awarded by participants)
ID: 41766343
In short, the difference is the strength of each algorithm and he application use case for them. For e.g,.
  • 3DES and DES are symmetric and the 3DES is stronger and DES is no more recommended, in fact, the stronger one is AES
  • SSL/TLS includes are both for Key exchange/Auth/Encryption - see the Openssl link to see the list of cipher applicable
  • PPTP vs. IPSec - these are for VPN purposes and the link has comparison to help in understanding. IPsec can support higher keylength used for greater security. (http://www.giganews.com/vyprvpn/compare-vpn-protocols.html)

Some useful website to help beef the understanding are
- Learn cryptography (https://learncryptography.com/) has flash and basic on the coverage
- Key length (https://www.keylength.com/en/4/)  shows the strength in cipher (how long it can withstand brute forcing)
- OWASP guide to crypto (https://www.owasp.org/index.php/Guide_to_Cryptography)

Large part for you to focus is the use case of what cipher (symmetric & asymmetric, hashes) is applicable for key exchange, encryption, authentication etc in a cipher suite. For e.g. if you see this string such as "TLS_RSA_WITH_RC4_128_SHA", what does each means - good reference is the Openssl list https://www.openssl.org/docs/manmaster/apps/ciphers.html

Those cipher common application include:
 -Remote access such as IPsec VPN
 -Certificate based authentication
 -Securing confidential or sensitive information
 -Obtaining non-repudiation using digital certificates
 -Online orders and payments
 -Email and messaging security such as S/MIME
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 200 total points (awarded by participants)
ID: 41768554
You don't need to know that much about the ciphers and algorythms themselves, but you do need to know about their features and concepts. Key exchange, perfect fwd secrecy, integrity, authentication ,non-repudiation, message authentication, digital signatures etc. You will also need to learn about hash and algorithm limitations, but I don't remember much about that on the test.
A good start are my two articles here:
https://www.experts-exchange.com/articles/12134/Choosing-the-right-encryption-for-your-needs.html
https://www.experts-exchange.com/articles/12386/How-secure-are-passwords.html
-rich
0
 
LVL 62

Assisted Solution

by:btan
btan earned 300 total points (awarded by participants)
ID: 41768694
Agree with RichRumble. We are not cryptographer but we need to know what are the best practices as likely it is more of compliance to make sure strong cipher is adopted and not leave the "hole" open to attacks. The best practices as shared in my previous post is to share the application of those crypto as part of the security posture. For e.g. in website adoption of SSL, the online free service (https://www.ssllabs.com/ssltest/) to examine the cipher on use for key exchange, PFS, encryption and certificate used can be done for health check and compliance requirement.
0
 
LVL 62

Expert Comment

by:btan
ID: 41793898
concept and information explained
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
Ensuring effective and secure communication in the age of healthcare BYOD.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now