[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 65
  • Last Modified:

CISSP Examination: Can someone give me a breakdown of different encryption methods I would need to know?

I'm interested in learning about encryption methods that are relevant to industry today. AES-256 vs. 3DES vs. DES vs. SSL/TLS vs PPTP vs. IPSec vs. OTHERS.

What is the difference, what are obvious ways to identify each, and what are the main uses of each? Please break down into quick notes on each, which can assist myself and others to absorb the material quickly. I have been reading wiki pages and I would like this information condensed and ELI5'd.

Thanks,
Tanner
0
Tanner Briggs
Asked:
Tanner Briggs
  • 3
3 Solutions
 
btanExec ConsultantCommented:
In short, the difference is the strength of each algorithm and he application use case for them. For e.g,.
  • 3DES and DES are symmetric and the 3DES is stronger and DES is no more recommended, in fact, the stronger one is AES
  • SSL/TLS includes are both for Key exchange/Auth/Encryption - see the Openssl link to see the list of cipher applicable
  • PPTP vs. IPSec - these are for VPN purposes and the link has comparison to help in understanding. IPsec can support higher keylength used for greater security. (http://www.giganews.com/vyprvpn/compare-vpn-protocols.html)

Some useful website to help beef the understanding are
- Learn cryptography (https://learncryptography.com/) has flash and basic on the coverage
- Key length (https://www.keylength.com/en/4/)  shows the strength in cipher (how long it can withstand brute forcing)
- OWASP guide to crypto (https://www.owasp.org/index.php/Guide_to_Cryptography)

Large part for you to focus is the use case of what cipher (symmetric & asymmetric, hashes) is applicable for key exchange, encryption, authentication etc in a cipher suite. For e.g. if you see this string such as "TLS_RSA_WITH_RC4_128_SHA", what does each means - good reference is the Openssl list https://www.openssl.org/docs/manmaster/apps/ciphers.html

Those cipher common application include:
 -Remote access such as IPsec VPN
 -Certificate based authentication
 -Securing confidential or sensitive information
 -Obtaining non-repudiation using digital certificates
 -Online orders and payments
 -Email and messaging security such as S/MIME
0
 
Rich RumbleSecurity SamuraiCommented:
You don't need to know that much about the ciphers and algorythms themselves, but you do need to know about their features and concepts. Key exchange, perfect fwd secrecy, integrity, authentication ,non-repudiation, message authentication, digital signatures etc. You will also need to learn about hash and algorithm limitations, but I don't remember much about that on the test.
A good start are my two articles here:
https://www.experts-exchange.com/articles/12134/Choosing-the-right-encryption-for-your-needs.html
https://www.experts-exchange.com/articles/12386/How-secure-are-passwords.html
-rich
0
 
btanExec ConsultantCommented:
Agree with RichRumble. We are not cryptographer but we need to know what are the best practices as likely it is more of compliance to make sure strong cipher is adopted and not leave the "hole" open to attacks. The best practices as shared in my previous post is to share the application of those crypto as part of the security posture. For e.g. in website adoption of SSL, the online free service (https://www.ssllabs.com/ssltest/) to examine the cipher on use for key exchange, PFS, encryption and certificate used can be done for health check and compliance requirement.
0
 
btanExec ConsultantCommented:
concept and information explained
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now