Project report, knowledge test, scenarios, professional discussion.

ASSESSMENT 2: Knowledge Test

Knowledge Test Links

Craigs super reading list link – EPA – Craigs-Classroom – Page 7

Craigs exam prep/flashcards/questions/reading – Contents Page (craigs-classroom.com)

Cryptographic standards/legal guidelines –https://csrc.nist.gov/Projects/Cryptographic-Standards-and-Guidelines

Cryptography/Encryption – https://github.com/Samsar4/CEH-v10-Study-Guide/blob/master/modules/16-Cryptography.md

Online Courses

Cryptography Course – https://crypto.stanford.edu/~dabo/courses/OnlineCrypto/

ELMS – CompTIA Network+ N10-007: Networking Devices

ELMS – CompTIA Security+ SY0-501: Cryptography

https://www.netacad.com/courses/cybersecurity

https://www.netacad.com/courses/networking

Knowledge Test Additional Slides & Resources

https://ntrain.co.uk/cybertechnologist/doku.php?id=start

username: cyberapprentice

password: cyberAppie2023

Knowledge Test Mocks & Resources

PUT FILES HERE and EDIT OSI MODEL BUTTON

Knowledge Test Topic Checklist

01: OSI and TCP/IP Models, Data, Protocols and How They Relate to Each Other

OSI Model (Open Systems Interconnection)

Layer 1: Physical Layer – Physical medium for data transmission (e.g., cables, switches).

Layer 2: Data Link Layer – Handles error detection and frames (e.g., MAC addresses, switches).

Layer 3: Network Layer – Determines data paths (e.g., IP addresses, routers).

Layer 4: Transport Layer – Ensures complete data transfer (e.g., TCP, UDP).

Layer 5: Session Layer – Manages sessions between applications.

Layer 6: Presentation Layer – Translates data formats (e.g., encryption, decryption).

Layer 7: Application Layer – Interfaces with the end user (e.g., HTTP, FTP).

TCP/IP Model (Transmission Control Protocol/Internet Protocol)

Layer 1: Network Interface (Link) Layer – Combines OSI’s Physical and Data Link layers.

Layer 2: Internet Layer – Corresponds to OSI’s Network layer (e.g., IP).

Layer 3: Transport Layer – Same as OSI’s Transport layer (e.g., TCP, UDP).

Layer 4: Application Layer – Combines OSI’s Session, Presentation, and Application layers (e.g., HTTP, FTP, SMTP).

Data and Protocols Relationship

Data flows through layers in both models, with each layer adding its own header (encapsulation).

Protocols define rules for data communication (e.g., TCP for reliable transmission, IP for addressing).

02: The Purpose of Networking Protocols

Definition: Networking protocols are rules and conventions for communication between network devices.

Purpose:

Ensure Data Integrity: Check data for errors and ensure it reaches its destination correctly.

Facilitate Communication: Enable devices to recognize and communicate with each other.

Manage Network Traffic: Control data flow to prevent congestion.

Provide Security: Encrypt data and authenticate devices to protect against unauthorized access.

Summary Table of Protocols

OSI Model Layer NumberOSI Layer NameProtocols
Layer 7ApplicationHTTP, HTTPS, FTP, SFTP, SMTP, POP3, IMAP, DNS, DHCP, TELNET, SSH, SNMP, RDP, LDAP, NTP, Syslog
Layer 6PresentationSSL/TLS
Layer 5SessionNetBIOS
Layer 4TransportTCP, UDP
Layer 3NetworkIP (IPv4, IPv6), ICMP, ARP, IPsec
Layer 2Data LinkEthernet, Wi-Fi (IEEE 802.11), PPP, Frame Relay, ATM
Layer 1PhysicalPhysical medium (cables, hubs, bits etc.)
TCP/IP Model LayerProtocols
ApplicationHTTP, HTTPS, FTP, SFTP, SMTP, POP3, IMAP, DNS, DHCP, TELNET, SSH, SNMP, RDP, LDAP, NTP, Syslog
TransportTCP, UDP
InternetIP (IPv4, IPv6), ICMP, ARP, IPsec
Network Interface (Link)Ethernet, Wi-Fi (IEEE 802.11), PPP, Frame Relay, ATM

03: Network Topologies

Bus Topology: Single central cable (bus) with terminators at each end. Simple but prone to collisions.

Star Topology: Devices connected to a central hub. Easy to manage but dependent on the central hub.

Ring Topology: Devices connected in a circular fashion. Data travels in one direction, reducing collisions but adding latency.

Mesh Topology: Devices interconnected with multiple paths. Highly reliable and redundant.

Hybrid Topology: Combination of two or more topologies, tailored to specific needs and environments.

04: Terminology and Concepts of Cryptography

Plaintext: Readable data before encryption.

Ciphertext: Encrypted data, unreadable without decryption.

Encryption: Process of converting plaintext to ciphertext using an algorithm and key.

Decryption: Converting ciphertext back to plaintext using a key.

Key: Secret value used in the encryption/decryption process.

Symmetric Encryption: Same key used for both encryption and decryption (e.g., AES).

Asymmetric Encryption: Uses a pair of keys, public for encryption and private for decryption (e.g., RSA).

05: Common Cryptography Techniques in Use

Symmetric Encryption Techniques:

AES (Advanced Encryption Standard): Widely used due to its strength and efficiency.

DES (Data Encryption Standard): Older, less secure, replaced by AES.

3DES: Enhanced version of DES with three encryption steps.

Asymmetric Encryption Techniques:

RSA (Rivest-Shamir-Adleman): Common for secure data transmission.

ECC (Elliptic Curve Cryptography): Efficient and strong, used in mobile devices.

Hash Functions:

MD5 (Message Digest Algorithm 5): Creates 128-bit hash values, less secure.

SHA-1 (Secure Hash Algorithm 1): Produces 160-bit hash values, now deprecated.

SHA-256: Part of the SHA-2 family, generates 256-bit hash values, widely used.

Digital Signatures: Provide authenticity and integrity (e.g., signed using RSA or DSA).

06: Importance of Effective Cryptography Key Management and Main Techniques Used

Importance of Key Management:

Security: Poor key management can lead to unauthorized access.

Data Integrity: Ensures that data has not been tampered with.

Compliance: Meets regulatory requirements for data protection.

Key Management Techniques:

Key Generation: Creating strong keys using secure algorithms.

Key Distribution: Securely sharing keys between parties (e.g., using asymmetric encryption to share symmetric keys).

Key Storage: Keeping keys secure in hardware security modules (HSMs) or encrypted databases.

Key Rotation: Regularly changing keys to limit the impact of a compromised key.

Key Revocation: Disabling compromised keys to prevent their use.

Key Backup and Recovery: Ensuring keys can be restored in case of loss.

07: Legal, Regulatory and Export Issues Specific to Use of Cryptography

Legal and Regulatory Issues:

GDPR (General Data Protection Regulation): Requires encryption to protect personal data.

HIPAA (Health Insurance Portability and Accountability Act): Mandates encryption for health data.

PCI DSS (Payment Card Industry Data Security Standard): Requires encryption of payment information.

Export Control Issues:

Wassenaar Arrangement: An agreement between 42 countries that controls the export of cryptographic technology.

U.S. Export Regulations: Controlled by the Bureau of Industry and Security (BIS) under the Export Administration Regulations (EAR). Some cryptographic products require export licenses.