Securing enterprise networks relies on a strategy called defense in depth. One very important part of defense in depth is protecting data in many different states, primarily at rest, in transit, and in use. When confidentiality is required, we can apply encryption to sensitive data to ensure we can protect that data. In some cases, we must be able to verify the integrity of the data using hashing and signing.

Cryptography can be a daunting subject area for IT professionals, with algorithms consisting of highly complex mathematical ciphers. The job of IT professionals and management is to ask the right questions and ensure the correct standards and protocols have been enabled. Regulatory authorities may have very strict requirements when using cryptographic ciphers to protect data that an enterprise will store, process, and transmit. It is the job of security professionals to ensure the correct configuration and deployment...

Hashing algorithms are primarily used to validate the integrity of data, though they can also be used to prove that you know something, such as a password secret. Hashing is a one-way process (it is unfeasible to reverse a hash) and does not provide confidentiality for the data. It is important to understand that the original data is not changed in any way. Think of hashing as a way to create a unique digital checksum for a particular document, file, or data payload. Hashing is used for File Integrity Monitoring (FIM), where we can detect if a protected operating system file has been altered. Hashing can be used in digital forensics to capture a unique checksum of a copy image, to match it with the original (this is useful to do before analysts begin the forensic investigation). For security professionals, it is important to understand what would be considered strong and what would represent weak implementations of hashing algorithms. Strong or resilient...

Symmetric encryption provides confidentiality by provisioning bulk encryption. It is highly efficient at encrypting data at rest and data in transit. Due to the relatively small key sizes that are used, it is very fast (in comparison to asymmetric encryption). Symmetric encryption uses a single key to encrypt (or lock) the data and the same key is used to decrypt (unlock) the data.

Symmetric algorithms are divided into two main categories: block and stream ciphers.

Block ciphers

These ciphers are used to encrypt data in blocks, typically 64 or 128 bits. They offer the most robust security but lack the outright speed that's offered by stream ciphers. The following are some examples of block ciphers:

• Triple Digital Encryption Standard (3DES): 3DES replaced the original Data Encryption Standard (DES), which was designed and adopted in the 1970s. DES offered a key size of only 64 bits (56 bits for the key itself). In...

Asymmetric encryption has two main goals – one is to support a secure key exchange/agreement process, while the other is to support non-repudiation through the use of digital signatures. It is not used for bulk encryption as the key sizes (compared to symmetric encryption) are large. This would mean that it could be thousands of times slower to encrypt large amounts of data. Asymmetric encryption uses a key pair that is mathematically related; there is a public key and a private key. You can think of the public key as your bank details that you can share with a customer (who wants to make a payment). Your private key is used to securely access your funds. In this analogy, your bank card + pin + CVC code would be your private key. You would not share your private key with anyone.

Rivest, Shamir, and Adleman (RSA)

RSA is used for secure key exchange and digital signatures. It was developed and published in 1977, so it is one...

Hashing, symmetric, and asymmetric encryption are building blocks that are used to support applications and protocols that need to secure how data is stored and transmitted. Many processes will use a cipher suite, drawing on the strengths of the different types of encryption. We depend on these protocols to protect users when we're accessing online banking, remotely accessing the workplace, protecting information systems when they must be administered across a network, and ensuring that emails that are sent and received can be trusted. We will look at some of these common protocols in the following subsections.

Secure Sockets Layer (SSL)/Transport Layer Security (TLS)

SSL/TLS is used to encrypt many application layer protocols, such as HTTP, SMTP, IMAP, LDAP, and many more. It provides confidentiality (through encryption) and integrity (through HMAC). It uses hybrid cryptography through a suite of protocols. SSL is no longer used as it...

To maintain a strong security posture, organizations must be willing to adopt new technologies and be aware of these technologies to protect the organization. Increases in computing power may allow adversaries to gain access to data that's protected using weak encryption algorithms. Newer technologies will allow for innovative solutions to address cybersecurity requirements.

Quantum computing

Quantum computing is designed to solve complex problems more efficiently than existing supercomputers. Supercomputers harness the traditional processing capabilities of compute nodes hosting thousands of CPU and GPU cores. Solving a problem using quantum processing may be thousands of times faster than using the existing computing models. A regular computer (or supercomputer) processes 0s and 1s and generates answers to problems using 0s and 1s – this is a solid approach and works well to solve many different computational problems...

In this chapter, we learned about the protocols and technologies that are used to protect data in many different states, primarily at rest, in transit, and in use. We gained an understanding of hashing algorithms, primarily to support integrity. These hashing algorithms include SHA, SHA-2, SHA-3, MD, and RIPE. We also looked at message integrity using HMAC and AEAD.

We then studied the options for ensuring confidentiality using symmetric encryption, including block ciphers such as AES and 3DES. We also identified cipher block modes, including GCM, ECB, CBC, CTR, and OFB. We then looked at common stream ciphers such as ChaCha and Salsa20, where real-time applications must be considered.

After that, we looked at asymmetric encryption, which is used for S/MIME, digital signatures, and key exchange. These asymmetric algorithms include ECC, ECHDE, RSA, and DSA.

We now understand how to deploy secure protocols, including SSL, TLS, S/MIME, IPSec, and SSH.

We also gained...

Answer the following questions to test your knowledge of this chapter:

1. Recent log analysis has revealed that archived documents have been tampered with, even though the hash-matching database shows that the values have not changed. What could have caused this?
   1. A weak symmetric cipher
   2. Hash collision
   3. An asymmetric algorithm with a small key size
   4. A poor choice of block cipher
2. Recent log analysis has revealed that archived documents have been tampered with. To mitigate this vulnerability, which of the following should not be used?
   1. RACE-320
   2. MD5
   3. SHA-384
   4. SHA3-256
3. Developers are creating a File Integrity Monitoring (FIM) solution to market to government agencies. What would be a good choice, considering FIPS compliance?
   1. RACE-256
   2. MD5
   3. SHA-512
   4. ECC
4. Google engineers are configuring security for a new regional data center. They are looking to implement SSL/TLS for customer-facing application servers. What would be a good choice, considering the need for speed and security?
   1. ChaCha256...

1. B
2. B
3. C
4. A
5. B
6. B
7. C
8. B
9. A
10. C
11. C
12. B
13. B
14. D
15. B
16. C
17. A and C
18. C
19. B
20. A