PEM- Confidentiality

key size of rijendal

Table Array.
Crimson Array
Scale Array.
Tape Array.

Internet Architecture Board (IAB) Ethics and the Internet (RFC 1087)

Necessary steps for a proper classification program:

1. Identify the custodian, and define their responsibilities.
2. Specify the evaluation criteria of how the information will be classified and
labeled.
3. Classify and label each resource. (The owner conducts this step, but a
supervisor should review it.)
4. Document any exceptions to the classification policy that are discovered, and
integrate them into the evaluation criteria.
5. Select the security controls that will be applied to each classification level
to provide the necessary level of protection.
6. Specify the procedures for declassifying resources and the procedures for
transferring custody of a resource to an external entity.
7. Create an enterprise-wide awareness program to instruct all personnel about the
classification system.

b2-cOVERT Storage channel, doesn't address covert timing channel

B3- Addersses covert timing channel

In network security, a screened subnet firewall is a variation of the dual-homed

gateway and screened host firewall. It can be used to separate components of the
firewall onto separate systems, thereby achieving greater throughput and
flexibility, although at some cost to simplicity. As each component system of the
screened subnet firewall needs to implement only a specific task, each system is
less complex to configure.

A screened subnet firewall is often used to establish a demilitarized zone (DMZ).

Below are few examples of Firewall implementations:

Screened host Firewall

Utilizing a packet filtering router and a bastion host, this approach implements a
basic network layer security and application server security.
An intruder in this configuration has to penetrate two separate system before the
security of the private network can be compromised
This firewall system is configured with the bastion host connected to the private
network with a packet filtering router between internet and the bastion host

Dual-homed Firewall

A firewall system that has two or more network interface, each of which is
connected to a different network
In a firewall configuration, a dual homed firewall system usually acts to block or
filter some or all of the traffic trying to pass between the network
A dual-homed firewall system is more restrictive form of screened-host firewall
system
Demilitarize Zone (DMZ) or screened-subnet firewall

Utilizing two packet filtering routers and a bastion host

This approach creates the most secure firewall system since it supports network and
application level security while defining a separate DMZ network
Typically, DMZs are configured to limit access from the internet and organization's
private network.

The following were incorrect answers:

The other types of firewall mentioned in the option do not utilize two packet
filtering routers and a bastion host.

The Security Parameter Index (SPI) is the unique identifier that enables the
sending host to reference the security parameter to apply in order to decrypt the
packet.

For you exam you should know the information below about the IPSec protocol:
The IP network layer packet security protocol establishes VPNs via transport and
tunnel mode encryption methods.

For the transport method, the data portion of each packet is encrypted, encryption
within IPSEC is referred to as the encapsulation security payload (ESP), it is ESP
that provides confidentiality over the process.

In the tunnel mode, the ESP payload and its header's are encrypted. To achieve
non-repudiation, an additional authentication header (AH) is applied.

In establishing IPSec sessions in either mode, Security Associations (SAs) are

established. SAs defines which security parameters should be applied between
communicating parties as encryption algorithms, key initialization vector, life
span of keys, etc. Within either ESP or AH header, respectively. An SAs is
established when a 32 bit security parameter index (SPI) field is defined within
the sending host. The SPI is unique identifier that enables the sending host to
reference the security parameter to apply, as specified, on the receiving host.

IPSec can be made more secure by using asymmetric encryption through the use of
Internet Security Association and Key Management Protocol/Oakley (ISAKMP/Oakley),
which allows automa

Message Switching

Message switching is a network switching technique in which data is routed in its

entirety from the source node to the destination node, one hope at a time. During
message routing, every intermediate switch in the network stores the whole message.
If the entire network's resources are engaged or the network becomes blocked, the
message-switched network stores and delays the message until ample resources become
available for effective transmission of the message.