Chapter 6

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Certificate life cycle

1. Creation 2. suspension 3. revocation 4. expiration

Certificate Revocation list (CRL)

a list of certificate serial numbers that have been revoked.

Certificate Repository (CR)

a publicly accessible centralized directory of digital certificates used to view the status of digital certificates.

Authentication Header Protocol (AH)

authenticates that packets received were sent from their source.

IPsec areas of protection?

authentication confidentiality key management

Transport mode is used when?

device must see source and destination addresses to route a packet.

Transport mode

encrypts only data portion (payload) of each packet, and leaves the header unencrypted.

Internet Security Association and Key (ISAKMP/Oakley)

generates the key and authenticates user utilizing tools such as digital certificates.

M-of-N control

key is divided into specific number of parts, parts are distributed to other people (with an overlap so that multiple people have the same part) know as N group. If recovery is necessary then a smaller part of N group meets (M group) and agrees that it needs to be recovered.

Recovery

key recovery agent (KRA), or M-of-N control are two methods of recovery.

Cipher suit

named combination of the encryption, authentication, and message authentication code (MAC) algorithms used with SSL and TLS.

Online certificate status protocol (OCSP)

performs a real time certificate status check.

Key Escrow

process by which 3rd parties manage keys.

Strong key length?

4096 length = best 2048 length = ok length < 2048 = not secure

Define a passport

A document provided by a trusted 3rd party

Managing PKI

A method to managing multiple public keys consistently.

Registration authority (RA)

A subordinate entity designed to handle specific CA tasks such as processing certificate requests and authenticating users.

Digital certificate

A technology that used to associate a user's identity to a public key and that has been digitally signed by a trusted third party.

Certificate authority

A trusted third party who is responsible for issuing digital certificates

Transport Layer Security (TLS)

Another cryptographic transport algorithm. TLS is much more secure than SSL

Local registration authorities (LRA's)

Another for of RA designed to help lessen congestion

IPsec is transparent to?

Applications Users Software

Hierarchical trust model

Assigns a single hierarchy with one master CA called the root.

Extended Validation SSL Certificate (EV SSL) requirements are?

CA must pass independent audit verifying that is follows EV standards. Legal existence of the owner must be verified. Website if the registered owner and has exclusive control of the domain name Authorizing individuals applying for a certificate must be verified by CA, and valid signature from an officer of the company must be provided

Distribution trust model

Multiple CA's signing DC's. This prevents total loss if one private key is stolen since there are still many CA's left.

Hypertext Transport Protocol Secure (HTTPS)

Common use of TLS and SSL to secure communications between a browser and a web server.

Public Key infrastructure (PKI)

Digital certificate managment

Secure Shell (SSH)

Encrypted alternative to Telnet protocol used to access remote computers.

Tunnel mode

Encrypts both data and header.

What do Server digital certificates do (SDC)?

Ensure authenticity of web server Ensure authenticity of cryptographic connection to web server

Duties of a CA

Generate, issue, and distribute public key certificates. Distribute CA certificates. Generate and publish certificate status information. Provide a means for subscribers to request revocation. Revoke public key certificates. Maintain the security, availability, and continuity of certificate issuance signing functions.

Suspension

Key suspension is set for a specific amount of time.

Certificate practice statement (CPS)

More technical document than a (CP) describing the management of certificates.

X.509 Digital Certificates

Most widely accepted format for digital certificates, and internationally recognized.

Tunnel mode is used more with?

Network to network

Bridge Trust model

No single CA, but on CA that facilitates interconnection to all other CA's.

Server digital certificates (SDC)

Often this is a web server to client

Secure Sockets Layer (SSL)

One of the most common cryptographic transport algorithms.

What information does a digital certificate contain?

Owners name or alias, Owners public key, name of the issuer, digital signature of the issuer, serial number of the digital certificate, and the expiration date of the public key.

Public key cryptography standards (PKCS)

PKI standards defined by RSA corporation.

Duties of an RA

Receive, authenticate, and process certificate revocation requests. Identify and authenticate subscribers. Obtain a public key from the subscriber. Verify that the subscriber processes the asymmetric private key corresponding to the public key submitted for certification. (mainly they verify the identity of an individual)

3 most common categories of Digital Certificates (DC)

Personal DC's Server DC's software publisher DC's

Digital signature

Proof utilizing asymmetric cryptography, that the senders personal key was used to encrypt the digest.

Certificate Policy (CP)

Published set of governing rules for a PKI

Personal digital certificates (PDC)

RA assigns directly to individual

Destruction

Removes all private and public keys along with user's identification information in the CA.

Certificate Revocation

Removing certificate rights.

Renewal

Some existing keys can be renewed.

Revocation

Sometimes keys need to be revoked. (these cannot be reinstated)

Encapsulating security payload (ESP)

Supports authentication of sender and encryption of data

IPsec supports which two encryption modes?

Transport mode, and Tunnel mode.

Third party trust

Trust is mutual because they trust the third party moderator

OCSP stapling

Web servers send queries to the OSCP responder at regular intervals to receive signed time-stamped responses. This is to help with real time verification congestion.

Certificate repository

a digital certificate manager

Expiration

some keys have expiration dates

Certificate signing request (CSR)

specially formatted encrypted message that validates the information that the CA requires to issue a digital certificate.

IP Security (IPsec)

suit for securing Internet Protocol (IP) communications.

Software publisher digital certificates

these are provided by software publishers to verify their programs are secure and un tampered with.

Trust model

they type of true relationship that can exist between individuals or entities.


Set pelajaran terkait

Entrepreneurial Small Business Chapter 1

View Set

Essentials of Anatomy & Physiology, Chapter 8, Nervous System

View Set

Chapter 39: Oxygenation and Perfusion

View Set

Factoring Polynomials Completely Assignment

View Set