Encryption

Encryption provides confidentiality and prevents unauthorized disclosure of data. Encrypted data is in a ciphertext format that is unreadable. Attackers can’t read encrypted traffic sent over a network or encrypted data stored on a system. In contrast, if data is sent in clear text, an attacker can capture and read the data using a protocol analyzer.

Data-at-rest refers to any data stored on media and it’s common to encrypt sensitive data. For example, it’s possible to encrypt individual fields in a database (such as the fields holding customer credit card data), individual files, folders, or a full disk.

Are you ready to become Security+ certified?

SY0-601 Study PackageHere's what you'll getWhat people are saying

Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.

Get an online study package that helps you:

Study using multiple materials online
Use them to complement Darril Gibson’s CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide book or any other study guide you’re using
Ensure you’re ready for the exam no matter what study guide you’re using

SY0-601 Full Study Package is available here.

Package includes hundreds of multiple-choice practice test questions, performance-based questions, audio, and flashcards.

Over 385 Realistic SY0-601 Security+ Practice Test Questions

All questions include explanations so you’ll know why the correct answers are correct, and why the incorrect answers are incorrect. These questions are derived from and organized by chapters in the CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide. See a demo here.

Extra Test Bank of Practice Test Questions

Questions are added occasionally. You can see what has been added recently here.

Performance-based Questions

Performance-based questions including at least 10 questions. These questions show you what you can expect in the live exam. They include drag and drop, matching, sorting, and fill in the blank questions.

Online Flashcard Set

771 Online Security+ Glossary Flashcards
255 Online Security+ Acronyms Flashcards
217 Online Security+ Remember This Slide from the popular CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide

Check out the demo here.

Audio – SY0-601 Security+ Remember This Audio Files

Learn by Listening.

Over one hour of audio repeating the Remember This blocks from the popular CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. (MP3 downloads.)

Audio – SY0-601 Security+ Question and Answer Audio Files

Learn by Listening.

Over five hours of audio repeating questions and answers from the 11 chapters in the popular CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. (MP3 downloads.)

Bonus #1
The same set of questions organized by domain including questions in the CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide plus extra practice test questions.

Bonus #2
Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. Over one hour and 45 minutes of additional audio.

Bonus #3
Access to all of the online content that is available for free to anyone that purchases the CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide. This includes labs, extra practice test questions, and supplementary materials.

Bonus #4
Extended access. Access the study materials for a total of 60 days because sometimes life happens

Bonus #5
10% off Voucher. Access to a coupon code that will give you 10% off your exam voucher. At the current price of $370 USD for the Security+ voucher, this can save you $37.

Get the SY0-601 Full Study Package here.

“I re-took it at an in-person testing center, and due to NOT being
constantly distracted by a paranoid schizophrenic proctor, I was able to pass the thing.

Your textbook was instrumental in achieving that, couldn’t have done it without your work. Thank you.”

“I just wanted to say thank you for providing your knowledge via your textbook geared towards passing the Security+ (SY0-601). I just passed my exam on the first try!

Thanks again.”

“Today I took and passed my SY0-601 Exam.

Score 771/900

This is my 4rth COMPTIA exam and I nearly had the same score on each test. Roughly on each test I got 85%.

I have used your web services/books for A+, Network+ and Security+
“

“I wish to inform you that I passed the sec plus certification (sy0-501)on my second attempt. Your material was very useful and it constituted 80% of the material I used in preparing for the exam.”

Data-in-transit refers to any data sent over a network and it’s common to encrypt sensitive data-in-transit. For example, e-commerce web sites commonly use Hypertext Transfer Protocol Secure (HTTPS) sessions to encrypt transactions that include credit card data. If attackers intercept the transmissions, they only see ciphertext.

Data-in-use refers to data being used by a computer. Because the computer needs to process the data, it is not encrypted while in use. If the data is encrypted, an application will decrypt it and store it in memory while in use. If the application changes the data, it will encrypt it again before saving it. Additionally, applications usually take extra steps to purge memory of sensitive data after processing it.

The two primary encryption methods are symmetric and asymmetric. Symmetric encryption encrypts and decrypts data with the same key. Asymmetric encryption encrypts and decrypts data using a matched key pair of a public key and a private key.

These encryption methods include two elements:

The algorithm performs mathematical calculations on data. The algorithm is always the same.
The key is a number that provides variability for the encryption. It is either kept private and/or changed frequently.

Some key points related to encryption are:

Encryption scrambles, or ciphers, data to make it unreadable if intercepted.
Encryption normally includes an algorithm and a key.
Symmetric encryption uses the same key to encrypt and decrypt data.
Asymmetric encryption uses two keys (public and private) created as a matched pair.
Asymmetric encryption requires a Public Key Infrastructure (PKI) to issue certificates.
Anything encrypted with the public key can only be decrypted with the matching private key.
Anything encrypted with the private key can only be decrypted with the matching public key.

Symmetric Encryption

Symmetric encryption uses the same key to encrypt and decrypt data. In other words, if you encrypt data with a key of three, you decrypt it with the same key of three. Symmetric encryption is also called secret-key encryption or session-key encryption.

As a simple example, when I was a child, a friend and I used to pass encoded messages back and forth to each other. Our algorithm was:

Encryption algorithm. Move X spaces forward to encrypt.
Decryption algorithm. Move X spaces backward to decrypt.

On the way to school, we would identify the key (X) we would use that day. For example, we may have used the key of three one day. If I wanted to encrypt a message, I would move each character three spaces forward, and he would decrypt the message by moving three spaces backward.

Imagine the message “PASS” needs to be sent:

Three characters past “P” is “S”—Start at P (Q, R, S)
Three characters past “A” is “D”—Start at A (B, C, D)
Three characters past “S” is “V”—Start at S (T, U, V)
Three characters past “S” is “V”—Start at S (T, U, V)

The encrypted message is SDVV. My friend decrypted it by moving backward three spaces and learned that “PASS” was the original message.

We were using a simple substitution cipher. A substitution cipher replaces plaintext with ciphertext using a fixed system. In the example, “PASS” is the plaintext, “SDVV” is the ciphertext, and the fixed system is three letters.

Asymmetric Encryption

Asymmetric encryption uses two keys in a matched pair to encrypt and decrypt data—a public key and a private key. There are several important points to remember with these keys:

If the public key encrypts information, only the matching private key can decrypt the same information.
If the private key encrypts information, only the matching public key can decrypt the same information.
Private keys are always kept private and never shared.
Public keys are freely shared by embedding them in a shared certificate.

Some of the more advanced topics related to asymmetric encryption become harder to understand if you don’t understand the relationship of matched public and private key pairs. However, because you can’t actually see these keys, the concepts are hard to grasp for some people. Although asymmetric encryption is very strong, it is also very resource intensive. It takes a significant amount of processing power to encrypt and decrypt data, especially when compared with symmetric encryption. Most cryptographic protocols that use asymmetric encryption only use it for key exchange. Key exchange is any cryptographic method used to share cryptographic keys between two entities. In this context, asymmetric encryption uses key exchange to share a symmetric key. The cryptographic protocol then uses the symmetric encryption to encrypt and decrypt data because symmetric encryption is much more efficient.