Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
23 Cards in this Set
- Front
- Back
|
What 3 things do security administrators need to insure?
|
Confidentiality
Integrity Authentication |
|
|
What are the Encryption technologies Check Point Security Gateways support?
|
Symmetric and Asymmetric
Deffie-Hellman Key Management Digital Signatures |
|
|
What is Symmetric Encryption?
|
The same key is used to encrypt and decrypt the data.
|
|
|
What is Asymmetric Encryption?
|
Users have a private key and a public key that is provided to the recipient, The sender encrypts the information using the private key and the recipient decrypts the information using the public key.
|
|
|
What is Deffie-Hellman?
|
Public Private key pair encrytion where the sender and the receiver exchange public keys those keys are then used with the private key of each to create a common session key that is used to encrypt and decrypt data.
|
|
|
Check Point uses what to ensure that a packet has not been tampered with?
|
The message is sent through a hashing algorithm. The hash files is added to the packet and then sent to the recipient. The recipient runs the message through the same hashing algorithm and then compares the results. If they match then the data has not been tampered with. If they do not match then the data was either tampered with or corrupted during transmission.
|
|
|
What is used to authenticate where a packet came from?
|
A digital Signature
|
|
|
What provides digital Signatures?
|
Certificate Authority
|
|
|
What is RSA?
|
A Public key crypto system used by the Security Gateways to create and verify digital signatures.
|
|
|
What encryption Scheme do Security Gateways support?
|
IKE ( Internet Key Exchange)
|
|
|
What are the 4 Encryption Algorithms supported by Check Point Security Gateways and what are the key lengths?
|
DES - 56bit key
3DES - 168bit key AES - 128bit to 256bit key CAST Cipher - 40bit to 128bit key |
|
|
What is the first step on IKE Phase 1 and what is decided during this step?
|
Security Association (SA)
Encryption algorithm Hashing algorithm authentication method Diffie-Hellman Group |
|
|
What happens in IKE Phase 2?
|
IPSec protocol is decided
Hashing Algorithm is decided |
|
|
What are the IPSec protocols that are excepted?
|
ESP
AH ESP+AH |
|
|
What are the Hashing Algorithms Supported?
|
MD5 and SHA1
|
|
|
What is Tunnel-Mode Encryption?
|
A packet is encapsulated and then adding its own encryption protocol header to the packet
|
|
|
What three things have to be completed for Gateways to use Certificates?
|
1) Determine what certificate to use.
2) Define the CA to the Security Gateway 3) Generate the Certificate |
|
|
Security Gateways support what 3 x.509 digital certificate PKI Implimentations?
|
OPSEC PKI vendors
Entrust Technologies internal CA on a check point security management server |
|
|
What is Local Certificate Authority?
|
The Certificate Authority (CA) and the Certificate Revocation List (CRL) repository are local servers managed by the security Admin.
|
|
|
What is Certificate Authority via the internet?
|
Both the Certificate Authority (CA) and the Certificate Revocation List (CRL) HTTP server are accessed through the internet.
|
|
|
What is a Internal Certificate Authority?
|
Is a fully featured internal authentication server that is installed on a Check Point Security Management Server
|
|
|
What three ways can a user obtain a certificate?
|
1) Through a file on an FTP server
2) By registering with a CA on the web and then downloading the Certificate and private key 3) User creates a Certificate Registration Request file. and emails it to the CA. |
|
|
What two modes does VPN-1 supply for IKE Phase 1 between gateways?
|
Main mode
Aggressive mode |
