Page 333 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 333

looking through old, irrelevant information.




               Data Protection Methods

               One of the primary methods of protecting the confidentiality of data is

               encryption. Chapter 6, “Cryptography and Symmetric Key
               Algorithms,” and Chapter 7, “PKI and Cryptographic Applications,”
               cover cryptographic algorithms in more depth. However, it’s worth
               pointing out the differences between algorithms used for data at rest
               and data in transit.

               As an introduction, encryption converts cleartext data into scrambled

               ciphertext. Anyone can read the data when it is in cleartext format.
               However, when strong encryption algorithms are used, it is almost
               impossible to read the scrambled ciphertext.


               Protecting Data with Symmetric Encryption

               Symmetric encryption uses the same key to encrypt and decrypt data.
               In other words, if an algorithm encrypted data with a key of 123, it
               would decrypt it with the same key of 123. Symmetric algorithms don’t
               use the same key for different data. For example, if it encrypted one set

               of data using a key of 123, it might encrypt the next set of data with a
               key of 456. The important point here is that a file encrypted using a
               key of 123 can only be decrypted using the same key of 123. In
               practice, the key size is much larger. For example, AES uses key sizes
               of 128 bits or 192 bits and AES 256 uses a key size of 256 bits.

               The following list identifies some of the commonly used symmetric
               encryption algorithms. Although many of these algorithms are used in

               applications to encrypt data at rest, some of them are also used in
               transport encryption algorithms discussed in the next section.
               Additionally, this is by no means a complete list of encryption
               algorithms, but Chapter 6 covers more of them.

               Advanced Encryption Standard The Advanced Encryption
               Standard (AES) is one of the most popular symmetric encryption
               algorithms. NIST selected it as a standard replacement for the older

               Data Encryption Standard (DES) in 2001. Since then, developers have
   328   329   330   331   332   333   334   335   336   337   338