A one-page reference. Reread before an exam or before moving on. Dense by design. Builds on Chapter 4's
primitives (AES, RSA, ECC, hashing, signatures, PKI, CA, X.509) — review those first if shaky.
Access to the storage (lost disk, copied DB, exposed bucket)
Encrypt the storage: FDE, DB encryption, tokenization
Key management — separate the key from the data
(In use)
Memory access while processing
Confidential computing / TEEs (advanced)
Out of scope here
One datum passes through both states many times; protecting one says nothing about the other. Most
real breaches: data encrypted in transit, then written to disk/log/bucket in the clear.
The TLS 1.3 handshake (RFC 8446) — memorize the flow
Forward secrecy = a future theft of the server's long-term key cannot decrypt past recorded sessions.
Comes from the ephemeral ("E") key exchange. Defeats harvest-now, decrypt-later.
Cipher/protocol red flags — DISABLE these
Flag
Why
Attack name
SSLv2/v3, TLS 1.0/1.1
Obsolete, downgradeable
POODLE, BEAST
RC4
Broken stream cipher (biases)
—
3DES
64-bit block, birthday attack
Sweet32
Export-grade
Deliberately weak relics
FREAK, Logjam
Static RSA (TLS_RSA_WITH_*)
No forward secrecy
ROBOT
CBC mode (older TLS)
Padding oracles
Lucky 13, BEAST
MD5 / SHA-1 integrity
Collisions / weak
—
Offering a strong cipher does not cancel a weak one — an attacker downgrades to the weak one. Remove
the weak option; audit what servers offer, not what your browser negotiates.
VPNs (data in transit, whole-tunnel)
Option
Layer
Best for
Notes
IPsec
L3 (network)
Site-to-site
Interoperable, mature; complex; tunnel vs transport mode; IKE for keys
WireGuard
L3
Remote access, cloud-to-cloud
Modern, simple, small codebase; no algorithm negotiation (no downgrade); peers = public keys
TLS/SSL VPN
L4+
Remote access
Traverses firewalls (looks like HTTPS); easy MFA/identity integration
A VPN protects data in transit between the two endpoints ONLY — not at rest, not past the far end.
The VPN gateway is a top-tier target: patch it, require MFA, monitor auth, least-privilege
access. "On the VPN" ≠ "trusted."
Encryption at rest
Control
Protects against
Does NOT protect against
Full-disk encryption (BitLocker/LUKS, TPM-backed)
Theft of a powered-off device
Running/logged-in system, malware, live attacker
DB Transparent Data Encryption (TDE)
Theft of DB files / backup / disk
Authorized query (incl. SQL injection running as app)
Column/field encryption
Insider with DB query access
Higher complexity; loses indexing/query on those fields
Application-layer encryption
Anything below the app (keys live outside DB)
Strongest separation; most operationally demanding
Tokenization
Removes sensitive data from most systems → PCI scope reduction
The token vault itself must be heavily guarded
Encryption ≠ tokenization. Encryption keeps the data present and reversible wherever the key reaches;
tokenization replaces it with a meaningless surrogate, real value confined to a separate vault.
For data at rest, the decision is always where the key lives, not which cipher.
Certificate & key lifecycle
generate key → CSR → CA validates → issuance → deploy → MONITOR → RENEW → revoke → retire
└─ where most failures live ─┘
Concept
One-line definition
Renewal
Reissue before expiry; automate (ACME). Unrenewed cert = self-inflicted outage
Revocation (CRL/OCSP)
Invalidate before expiry; least reliable part of PKI (often fails open) → push lifetimes shorter
Certificate Transparency (CT)
Public append-only logs of all issued certs; monitor to detect mis-issuance for your domains (also your best inventory)
Certificate pinning
App refuses any cert but the expected one — rejects even a valid CA-signed wrong cert; defeats MITM/mis-issuance; brittle if you rotate keys without updating pins
mTLS
Both sides present certificates; machine-to-machine auth (services, APIs, devices)
HSM
Tamper-resistant hardware; private key never leaves in plaintext; guards crown-jewel keys (internal CA, payment, tokenization masters)
Key management
Generate (strong entropy) → store separated → restrict use → rotate (scheduled + on compromise) → destroy cleanly
"When to use what" decision aids
Protect a web connection → TLS 1.2/1.3, forward-secret AEAD cipher, valid cert, HSTS.
Protect a whole network link → VPN: IPsec (site-to-site) / WireGuard or TLS-VPN (remote access) + MFA.
Protect a lost laptop → full-disk encryption (TPM+PIN for high-value/take-home).
Protect a DB from file theft → TDE; from an insider with query access → column/app-layer encryption.
Get card data out of scope → tokenization.
Authenticate a machine/service → mTLS.
Protect the crown-jewel key itself → HSM.
Never have a cert expire on you → inventory + expiry monitoring (alert at 30/14/7 days) + automated renewal.