- CISSP in 21 Days Second Edition
- CISSP in 21 Days Second Edition
- Credits
- About the Author
- About the Reviewer
- www.PacktPub.com
- Preface
- 1. Day 1 – Security and Risk Management - Security, Compliance, and Policies
- 2. Day 2 – Security and Risk Management - Risk Management, Business Continuity, and Security Education
- 3. Day 3 – Asset Security - Information and Asset Classification
- 4. Day 4 – Asset Security - Data Security Controls and Handling
- 5. Day 5 – Exam Cram and Practice Questions
- 6. Day 6 – Security Engineering - Security Design, Practices, Models, and Vulnerability Mitigation
- 7. Day 7 – Security Engineering - Cryptography
- 8. Day 8 – Communication and Network Security - Network Security
- An overview of communication and network security
- Network architecture, protocols, and technologies
- Open System Interconnect (OSI) model
- OSI layers and security
- Application layer protocols and security
- Presentation layer protocols and security
- Summary
- Sample questions
- 9. Day 9 – Communication and Network Security - Communication Security
- An overview of communication security
- Security in communication channels
- Attacks on communication networks
- Preventing or mitigating communication network attacks
- Summary
- Sample questions
- 10. Day 10 – Exam Cram and Practice Questions
- 11. Day 11 – Identity and Access Management - Identity Management
- 12. Day 12 – Identity and Access Management - Access Management, Provisioning, and Attacks
- 13. Day 13 – Security Assessment and Testing - Designing, Performing Security Assessment, and Tests
- An overview of security assessment and testing
- Security assessment and test strategies
- Security controls
- Summary
- Sample questions
- 14. Day 14 – Security Assessment and Testing - Controlling, Analyzing, Auditing, and Reporting
- 15. Day 15 – Exam Cram and Practice Questions
- 16. Day 16 – Security Operations - Foundational Concepts
- An overview of operations security
- The physical security design
- Physical and operations security controls
- Operations/facility security
- Protecting and securing equipment
- Computer investigations
- Summary
- Sample questions
- 17. Day 17 – Security Operations - Incident Management and Disaster Recovery
- 18. Day 18 – Software Development Security - Security in Software Development Life Cycle
- 19. Day 19 – Software Development Security - Assessing effectiveness of Software Security
- 20. Day 20 – Exam Cram and Practice Questions
- 21. Day 21 – Exam Cram and Mock Test
Cryptanalytic attacks mean compromising keys by way of decipherment to find out the keys. The goal of cryptanalysis is to decipher the private or secret key. The amount of information provided to the analyst as well as the type of information provided determines the type of attacks possible.
The following six are the possible attack scenarios. Candidates are advised to understand the key differences between the different types of attacks:
- The cipher text only attack: This refers to the availability of the cipher text (encrypted text) to the cryptanalyst. With large cipher text data, it maybe possible to decipher the cipher text by analyzing the pattern.
- The known-plain text attack: When a cryptanalyst obtains cipher text as well as the corresponding plain text, then this type of attack is known as the known-plaintext attack. In this scenario, even if the data is small, it is possible to understand the algorithm.
- The chosen-plain text attack: This refers to the availability of corresponding cipher text to the block of plain text chosen by the analyst.
- The adaptive-chosen-plain text attack: If the cryptanalyst can choose the samples of plain text based on the results of previous encryptions in a dynamic passion, then this type of cryptanalytic attack is known as an adaptive-chosen-plain text attack.
- The chosen-cipher text attack: This is a type of attack used to obtain the plain text by choosing a sample of cipher text.
- The adaptive-chosen-cipher text attack: This is similar to the chosen cipher text, but the samples of cipher text are dynamically selected by the cryptanalyst; and the selection can be based on the previous results as well.
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.