digital certs continued, transport encryption, and cryptographic attacks
Studied by 0 people
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/33
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
34 Terms
certification revocation list (CRL)
includes serial number of revoked certificates
online certificate status protocol (OCSP)
provides real time certificate status verification
certificate stapling
reduces the CA’s burden
OCSP stapling (or TLS Certificate Status Request extension) allows a web server to proactively obtain a digitally signed and time-stamped OCSP response and send it to the client as part of the TLS handshake process
self signed certificate
issued by an internal CA
certificate chaining
allows the use of intermediate CAs
Offline CA
protects sensitive root keys. The root certificate of a CA is a very sensitive object. Therefore, the private key associated with this certificate is normally not kept on a system that is connected to a network. Instead, it's stored in an offline CA that is used only to sign the certificates of intermediate CAs belonging to the same organization.
certificate subject
owner of the public key
such as servers, devices, individuals, developers
object information identifier (OID)
used to uniquely identify each element of a digital certificate. These object identifiers can help you trace back the origin of a digital certificate and its components.
certificate pinning
ties a certificate to a subject for a period of time
root certificate
core certificates at the heart of a certificate authority, used as a very first cert or root of trust in chain certificates
wildcard certificates
able to match many different subjects
-commonly used for load balancers
domain validation
verifies domain ownership, has lowest trust level
organizational validation
medium trust, verifies business name
extended validation
highest level of trust, requires extensive investigation
distinguished encoding rules (DER)
binary certifcate format
PEM certificates
ASCII text equivalents of DER certificates
What technology allows web servers to attach an OCSP validation to the certificate they send to users?
certificate stapling
Harold works for a certificate authority and wants to ensure that his organization is able to revoke digital certificates that it creates. What is the most effective method of revoking digital certificates?
online certificate status protocol
Which one of these file extensions is always associated with certificates stored in binary form?
PFX
Bob would like to digitally sign a message that he is sending to Alice. What key should he use to create the digital signature?
bob’s private key
transport layer security (TLS)
encrypts network communications. depends upon pairings of encryption and hash functions known as cipher suites
Secure Sockets Layer (SSL)
insecure predecessor to TLS
IPsec
internet protocol security
Encapsulating Security Payload (ESP)
provides confidentiality and integrity protection for packet payloads
Authentication Headers (AH)
provides integrity protection for packet headers and payloads
Security Associations (SA)
identifies cryptographic algorithms
Site to Site VPNs (Tunnel Mode)
encrypted tunnels connecting two networks together in a manner that is transparent to users
End User VPNs (transport mode)
provides encrypted remote network access for individual systems
HTTPS
adds TLS to web browsing
RTP based VoIP services should use the ______ instead
Secure Real Time Transport Protocol (SRTP)
Network Time Protocol (NTP)
synchronizes system clocks
secure version is NTPsec
email protocol
protocol | unencrypted | encrypted |
POP | 110 | 995 |
IMAP | 143 | 993 |
SMTP | 25 | 465 |
Encrypt email messages and attachments with the _____ protocol
S/MIME
Securing Network Protocols
use DNSSEC to add digital signature to DNS
limit authorized DHCP servers
LDAPS offers a secure version to LDAP