Domain 2 · 2.5 Mitigation Techniques

2.5.3 Patching, Encryption & Monitoring

17 min

Securing systems and data requires a layered approach involving the systematic deployment of software updates, the mathematical protection of information, and the continuous oversight of environmental changes.

Systems Patching and Maintenance Maintaining the integrity of a host requires ensuring that all software is up to date to close known vulnerabilities. - Patch Management: The automated or manual process of identifying, testing, and deploying updates to software and firmware. - Vulnerability Response: Reducing the window of opportunity for attackers by applying security patches immediately after a flaw is discovered (Zero-day mitigation). - Automation: Using centralized consoles to ensure consistency across the enterprise, preventing human error during deployment.

Cryptographic Fundamentals Encryption is a reversible process used to ensure data confidentiality by transforming information into an unreadable state. - Plaintext vs. Ciphertext: Humans and machines can easily read plaintext; however, encryption transforms this into ciphertext, which appears as a random jumble of data. - Authenticated Encryption (AE): A method that provides both confidentiality and authenticity. Standard encryption alone can be vulnerable to chosen ciphertext attacks; modes like GCM (Galois/Counter Mode) or the use of HMACs verify that data has not been tampered with. - Homomorphic Encryption: A specialized cryptosystem that allows for the processing and manipulation of data while it is still encrypted. This is vital for cloud computing, allowing researchers to run analytical scans on sensitive records (like medical data) without ever seeing the raw plaintext.

Cryptographic Limitations and Constraints No encryption scheme is unbreakable; security is instead measured by the difficulty of the "work factor" required to crack it. - Longevity and NIST: The National Institute of Standards and Technology (NIST) rates the lifespan of cryptosystems based on current computing power. - Computational Overhead: Asymmetric encryption is more resource-heavy and slower than symmetric encryption. Systems with resource constraints (like IoT devices) must balance security strength against processing power. - Entropy and Predictability: Strong encryption relies on high entropy (randomness). Low entropy leads to predictability, allowing attackers to find patterns. - Weak Keys: Smaller key sizes or reused keys increase the likelihood of a successful brute-force or mathematical attack.

Quick Recall - Obfuscation: The primary goal of encryption; making data unreadable to unauthorized parties. - Moving Target: Security strength changes as technology advances; what is secure today may not be in five years. - GCM: A common trigger word for Authenticated Encryption. - Cloud Privacy: The primary use case for Homomorphic Encryption. - Symmetric vs. Asymmetric: Symmetric is faster and handles large files; Asymmetric is slower with higher overhead.