Show Menu

Cybersecurity & Encryption Overview Cheat Sheet by

General Cybersecurity and Encryption terms explained

Symmetric encryption algorithms

When encrypting and decrypting data, symmetric encryption algorithms employ the same secret key.
DES (Data Encryption Standard) is a block cipher that works with 64-bit data blocks and a 56-bit key. Due to its short key size, it is no longer regarded as secure for the majority of applic­ations.
3DES (Triple Data Encryption Standard) is a block cipher that employs two or three separate keys to apply DES three times to each block of data. Although slower, it offers more protection than DES.
AES (Advanced Encryption Standard) is a block cipher that works with data blocks of 128 bits and has key sizes that can range from 128, 192, or 256 bits. It is regarded as secure and is now the most extens­ively used symmetric encryption algorithm.
Blowfish: A block cipher that uses 64-bit data blocks and keys up to 448 bits in size. Although it is quick and has a long history of use, it is no longer regarded as secure for several purposes.
Block cipher that uses a 128-bit key and 64-bit data blocks is called IDEA (Inter­nat­ional Data Encryption Algori­thm). Its small block size means that it is no longer extens­ively utilized.
RC2 (Rivest Cipher 2) is a block cipher that works with data blocks that are 64 bits in size and uses keys up to 128 bits in size. Despite being frequently used in the past, it is today viewed as insecure.
RC4 (Rivest Cipher 4) is a stream cipher that supports keys up to 2048 bits in length. Although it was popular and quick, it is now viewed as being unsafe.
RC5 (Rivest Cipher 5) is a block cipher that works with variab­le-­length data blocks and keys up to 2048 bits in size. It is rarely employed.
RC6 (Rivest Cipher 6) is a block cipher that works with variab­le-­length data blocks and keys up to 2048 bits in size. It is rarely employed.
A block cipher that uses 64-bit data blocks and keys up to 128 bits in size is called CAST (Carlisle Adams and Stafford Tavares). It is rarely employed.
MARS (Multi­ple­-Al­gorithm Rijndael Substi­tution) is a block cipher that works with data blocks that are 128 bits in size and has a 128-bit key. For usage in high-s­ecurity settings, IBM created it.
Serpent: A block cipher that uses 128-bit data blocks and keys up to 256 bits in size. Although it is slower than other algori­thms, it is regarded as secure.
Twofish: A block cipher that works with data blocks of 128 bits and has key sizes up to 256 bits. Although it is slower than other algori­thms, it is regarded as secure.
As a network authen­tic­ation protocol, Kerberos uses encryption to safeguard authen­tic­ation messages. It is not an encryption method.
SSL Cipher: The Secure Sockets Layer (SSL) protocol offers secure internet commun­ica­tion. AES, RC4, and 3DES are just a few of the encryption algorithms it uses. The SSL connec­tion's setup determines the particular cipher that is employed.

Spoofing attack

IP spoofing
a technique used by attackers to disguise their true identity and location by sending data packets to a target system from a spoofed (fake) source IP address.
Email spoofing:
when an attacker sends an email with a fake "­Fro­m" address to make the receiver believe it is coming from a reliable source. This can be used to launch phishing attacks, distribute malware, or steal confid­ential data.
DNS spoofing:
When a hacker modifies DNS (Domain Name System) records, traffic is redirected to a false website or a malicious IP address.
Caller ID Spoofing:
An attacker can pose as a legitimate caller and deceive the recipient into giving up personal inform­ation or sending money by using a spoof caller ID.
MAC Address Spoofing:
An attacker modifies their device's Media Access Control (MAC) address to pretend to be another device on the network and obtain access to resources that are restri­cted.

Man in the middle attack

WiFi hijacking:
Hardware tool that hackers employ to launch man-in­-th­e-m­iddle assaults on wireless networks, called a pineapple.
SSL Stripping:
a type of man-in­-th­e-m­iddle attack that converts HTTPS-­enc­rypted commun­ication to HTTP, enabling the attacker to intercept or alter the commun­ica­tion.
Banking Trojans:
Malware that eavesdrops on users' commun­ica­tions with their banks in order to obtain login inform­ation and carry out fraudulent transa­ctions.
Email hijacking:
A cybera­ttack in which the perpet­rator intercepts emails transm­itted between two parties and changes their contents. Scams involving corporate email compromise (BEC) frequently employ this approach.


The SSL protocol is composed of two parts:
the SSL Handshake Protocol, which creates the secure channel and verifies the server's identity.
The SSL Applic­ation Data Protocol is used to exchange data over a secure channel using encryption with a shared secret key establ­ished during the handshake.
Steps of handshake protocol:
The client uses the supported encryption techniques and the SSL version to send a greeting to the server.
The chosen SSL version and encryption algorithm are sent in the server's hello message.
To verify its identity, the server delivers its digital certif­icate.
After confirming the server's digital certif­icate, the client sends a message to say the handshake has been succes­sful.
All subsequent commun­ication between the client and server is encrypted using the shared secret key and the encryption technique that was previously agreed upon.

Asymmetric encryption (non-r­epu­dia­tion)

Asymmetric encryption, commonly referred to as "­"­pub­lic-key encryp­tio­n,", uses two mathem­ati­cally related keys: a public key for data encryption and a private key for data decryp­tion. While the private key needs to be kept a secret, the public key can be shared with anybody.
RSA is a commonly used algorithm for secure data transfer, digital signat­ures, and data at rest encryp­tion. It is named after its three creators, Rivest, Shamir, and Adleman.
Diffie­-He­llman: A method for securely exchanging keys between two parties without requiring that they first divulge a secret key.
Elliptic Curve Crypto­graphy (ECC): A more recent encryption technique that generates keys, performs encryption and decryp­tion, and uses elliptic curves as the key generation mechanism.
With the help of the DSA (Digital Signature Algorithm), it is possible to create digital signatures that can be verified without disclosing the secret key.
ElGamal: A public-key crypto­graphic system that is suitable for both digital signatures and encryp­tion.
PGP (Pretty Good Privacy) is an encryption tool that offers secure data storage and commun­ication by combining symmetric and asymmetric encryption methods.


Username and Password
To access a system, applic­ation, or network, users must input a special username and password.
Two-Factor Authen­tic­ation
Users must enter two distinct forms of identi­fic­ation to gain access, such as a password and a special code created by an authen­tic­ation app or texted to them.
Biometric authen­tic­ation
is frequently employed in mobile devices and other systems, uses distin­ctive physical traits like finger­prints or face recogn­ition to confirm a user's identi­fic­ation.
Smart Card Authen­tic­ation
To confirm the user's identi­fic­ation, a physical card with a microp­roc­essor chip is put into a reader.
Certif­ica­te-­based Authen­tic­ation
Digital certif­icates, which contain inform­ation like public keys or digital signat­ures, are issued by a trusted authority and are used to confirm the identi­fic­ation of people or devices.
Token-­Based Authen­tic­ation
A token, such as a USB key or smart card, is used to hold authen­tic­ation creden­tials that can be used to confirm a user's identity.
Kerberos Authen­tic­ation
Kerberos is a network authen­tic­ation protocol that employs tickets to authen­ticate users and provide them access to network resources.
OAuth is an open standard for authen­tic­ation that enables users to authorize access to their accounts or data without disclosing their username and password.
XML-based SAML authen­tic­ation
a standard for transf­erring authen­tic­ation and author­ization inform­ation between parties. SAML stands for Security Assertion Markup Language.
Remote Authen­tic­ation Dial-In User Service (RADIUS)
a networking protocol that offers centra­lized authen­tic­ation, author­iza­tion, and accounting for network access.

Remote access

Local area networks (LANs) employ the 802.11 wireless networking standard.
A virtual private network, or VPN, establ­ishes a safe, encrypted connection over the internet to enable network access from a distance.
Dial-Up Network A technique called networking is used to link a computer to the internet over a phone connec­tion.
Remote Access ID and User Service A networking protocol called Dial-In User Service offers centra­lized network access authen­tic­ation, author­iza­tion, and accoun­ting.
TACACS: Terminal Access Controller Access Control System is a protocol used in networked computing systems for remote authen­tic­ation and author­iza­tion.
TACACS+: An improved version of TACACS with more security features.
Secure Sockets Layer, or SSL, is a protocol that enables secure internet commun­ica­tion.
To guarantee secure commun­ication across IP networks, a protocol suite called IPSec—Internet Protocol Securi­ty—is utilized.
A protocol called Remote Desktop Protocol (RDP) is used to grant remote access to a Window­s-r­unning machine or server.
Trojans that allow an attacker to enter a victim's computer or network without author­ization are known as remote access trojans (RATs).
Point-­to-­Point Tunneling Protocol (PPTP) is a network protocol that enables users to connect remotely via the internet to a network.
SSH is a network protocol that enables secure remote access to a server or computer over an unsafe network.

Access control

A central author­ity­-co­ntr­olled set of predet­ermined rules govern access. It is frequently employed in official and military settings.
Access is controlled by the resource owner; commonly used in homes and small companies.
Access is determined by the user's role, and it's frequently employed in big busine­sses.

Key management and certif­icate life cycle

Key Genera­tion:
The entity requesting a digital certif­icate generates a public key pair.
Identity Submis­sion:
The entity informs a Certif­icate Authority (CA) of its identity.
The CA registers the request after verifying the identity details.
Using its own private key, the CA generates a digital certif­icate including the entity's public key and other identi­fying inform­ation
The CA gives the certif­icate to the organi­zation or makes it accessible to the general public.
The entity may establish secure commun­ica­tions with other entities and self-a­uth­ent­icate using the certif­icate.
The certif­icate may expire or be revoked if it has been compro­mised. It also has a time limit.
A fresh key pair and certif­icate may be created as needed.
In the event that a private key is misplaced or stolen, a recovery procedure can be started to reclaim access to the certif­icate.
For future reference and auditing needs, certif­icates and the keys that go with them are securely kept.
A physical device that streng­thens encryption by generating keys, creating and verifying digital signat­ures, and encrypting / decrypting data.

Key management vs PKI management

Key management
PKI management
the secure creation, distri­bution, archival, and deletion of crypto­graphic keys is a concern
concerned with the produc­tion, distri­bution, and mainte­nance of digital certif­icates and related keys
Messages are encrypted and decrypted using keys, which are also used to authen­ticate users and create secure connec­tions.
Digital certif­icates are employed to confirm the parties to a transa­ction's identi­fic­ation and to guarantee the veracity and integrity of the data being commun­icated.
Key management is concerned with handling crypto­graphic keys safely.
Establ­ishing trust and ensuring secure commun­ication between parties is the main goal of PKI manage­ment.
makes sure that keys are correctly utilized and safegu­arded from unauth­orized access or abuse
involves revoking digital certif­icates that are either hacked or have lost their validity.


Kerberos is a network authen­tic­ation protocol that offers safe client­/server applic­ation authen­tic­ation over insecure networks using symmetric key crypto­graphy and a reliable third-­party Key Distri­bution Center (KDC). Widely used in business networks, it is protected against replay attacks, eavesd­rop­ping, and man-in­-th­e-m­iddle attacks.


A quick and secure hashing algorithm that generates hash values of various sizes.
A group of hashing algorithms that includes RIPEMD­-160, a 160-bit hash value generator.
A powerful hash function that generates 512-bit hash values.
A group of crypto­graphic hashing algorithms created by the NSA. The most used (256-bit hash) is SHA-256. An older version, SHA-1, is currently insecure.
The most recent member of the SHA family, SHA-3, generates hash values of various sizes and is thought to be more secure than its foreru­nners.
A hash function that generates 192-bit hash values and is renowned for its quickness and effect­ive­ness.
Ron Rivest's hash function family. A 128-bit hash value is generated by MD5, whereas 160-bit and 128-bit hash values are generated by MD2 and MD4, respec­tively.

DOS attack

Ping flood attack:
The attacker floods the victim's IP address with ping queries, overlo­ading the victim's network and causing it to slow down or crash.
SYN flood attack:
The attacker floods the victim's server with SYN requests, exhausting its resources and making it crash or stop respon­ding.
Smurf attack:
The victim's network may be overrun by a flood of responses as a result of the attacker sending numerous ICMP echo queries to IP broadcast addresses.
UDP flood attack:
The attacker floods the victim's network with UDP packets, eating up all of its resources and causing it to slow down or crash.
HTTP flood attack:
The attacker bombards a target website with numerous HTTP requests, utilizing up all of its resources and making it unresp­onsive.
DNS flood attacks:
The victim's DNS servers are crashed or rendered unavai­lable as a result of the attacker sending a lot of DNS requests to them.
Attacks using NTP Amplif­ica­tion:
The attacker takes advantage of weak NTP servers to increase the amount of traffic transm­itted to the victim.
Attacks by Slowloris:
involve opening several connec­tions to the victim's server and sending fragmented HTTP requests, which drain server resources and cause the server to become unusable.


No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          Security+ 601 Exam Cheat Sheet

          More Cheat Sheets by DaveLee

          Internet of Things (IoT) Overview & Security Cheat Sheet
          Blockchain Key Terminologies list - Cheat Sheet