2 cissp ® Official Study Guide Eighth Edition

Chapter 12 ■ Secure Communications and Network Attacks Verify Integrity

Download 19,3 Mb.

Pdf ko'rish

bet	523/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 519 520 521 522 523 524 525 526 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

562
Chapter 12
■
Secure Communications and Network Attacks
Verify Integrity
To verify the integrity of a transmission, you can use a checksum called a hash total. A
hash function is performed on a message or a packet before it is sent over the communica-
tion pathway. The hash total obtained is added to the end of the message and is called the
message digest. Once the message is received, the hash function is performed by the desti-
nation system, and the result is compared to the original hash total. If the two hash totals
match, then there is a high level of certainty that the message has not been altered or cor-
rupted during transmission. Hash totals are similar to cyclic redundancy checks (CRCs) in
that they both act as integrity tools. In most secure transaction systems, hash functions are
used to guarantee communication integrity.
Checking the hash
Checking the hash value of files is always a good idea. This simple task can prevent the
use of corrupted files and prevent the accidental acceptance of maligned data. Several
intrusion detection systems (IDSs) and system integrity verification tools use hashing
as a means to check that files did not change over time. This is done by creating a hash
for every file on a drive, storing those hashes in a database, and then periodically recal-
culating hashes for files and checking the new hash against the historical one. If there is
ever any difference in the hashes, then you should investigate the file.
Another common use of hashes is to verify downloads. Many trusted internet download
sites provide MD5 and SHA hash totals for the files they offer. You can take advantage
of these hashes in at least two ways. First, you can use a download manager that auto-
matically checks the hashes for you upon download completion. Second, you can obtain
a hashing tool, such as md5sum or sha1sum, to generate your own hash values. Then
manually compare your generated value from the downloaded file against the claimed
hash value from the download site. This mechanism ensures that the file you ultimately
have on your system matches, to the last bit, the file from the download site.
Record sequence checking is similar to a hash total check; however, instead of verifying
content integrity, it verifies packet or message sequence integrity. Many communications
services employ record sequence checking to verify that no portions of a message were lost
and that all elements of the message are in their proper order.

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 519 520 521 522 523 524 525 526 ... 881