Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
30 Cards in this Set
- Front
- Back
What is public key infrastructure?
|
A collection of software comp0nents and operational policies that govern the distribution and use of public and private keys, using digital certificates.
|
|
What keys are contained in Public Key encryption?
|
Public and Private.
|
|
What is the rule for data encrypted with public keys and vice versa?
|
If you encrypt data with a public key, it cannot be unencrypted with that public key, nor can data enrypted with a private key be decrypted using that private key.
|
|
How can you be sure that your encrypted message cannot be opened by someone to whom you did not intend to send it?
|
The facat that your public key successfully decryptts a message encrypted with a private key proves who it comes from.
|
|
What is a hash (checksum)?
|
Most PKI systems create a hash from the message and then encrypt only the hash using the private key. The hash is a digital summary of the message created by removing redundant bits according to a specialized hash algorithm.
|
|
How can you be sure that anyone can't duplicate your public key and then distribute a public key using another person's name which will allo0w the impostor to reeive encrypted messages not intended for him?
|
Windows Server 2003 and other PKI systems use digital certificates.
|
|
What is a digital Certificate?
|
A document that verifiably associates a public key with a particular person or organization.
|
|
How do you obtain a public key?
|
You must obtain a certificate from an administrative called a Certification Authority (CA)
|
|
Who is a CA?
|
It can be a third-party company that is trusted to verify the identies of all parties to a transaction.
|
|
How do you obtain a CA?
|
Eitehr a manual process with the user explicitly requesting that a CA issue a certificate or an automatic one with an applicatin requesting and obtaining a certificate in the backkground as part of its normal function or
|
|
What is the process for using a CA?
|
The CA issues a public key and a private key as a matched pair. The private key is stored on the user's computer in encrypted form, and the public key is issued as part of acertificate.
|
|
What is a certificate?
|
It is essentially a carrier for the public key and related information. It facilitates the distribution of the key to the people who need it.
|
|
What is Version in a certificate?
|
Identifies the version of the x.509 standard used to format the certificate.
|
|
What is the Serial number attrbute of the certificate?
|
A value assigned by the CA that uniquely identifis the certificate.
|
|
What is a Signature algorithm identifier?
|
Specifies the algorithm that the CA used to calculate the certificate's digital Signature.
|
|
What is the Validy Period of a CA?
|
The period of time which the certificate is valid.
|
|
What is the subject name of a cA
|
Specifies the name of the entity for which the certificate is issued.
|
|
What are the 6 attributes of a cA?
|
Version, Serial Number, Signature Algorithm identifier, issuer name, valididty period, subject name
|
|
What is the most common occasion for encountering certificates?
|
When you download software from the internet and Microsoft Internet Ecployer displays a Security Warning dialog box which prompts you to confirm that you want to install the software.
|
|
What is the purpose of a cA?
|
It insures that the softwre downloads are from the manufacturer and was not tampered with along the way.
|
|
What decides whether to use a PKI or deploy your own CA?
|
Depends on whether the parties involved work for the same company or different ones. Inside - your own CA/ External - use commercial CA
|
|
What are the tasks performed by the PKI?
|
Publish Certificates, Enroll clients, Use certificates, Renew certificates, Revoke certificates.
|
|
What is a certificate of revocation list?
|
A list published at regular intervals, to inform the other systems on the network of certificates they should no longer honor.
|
|
What does planning a PKI consist of?
|
Defining the certificate requirements, Creating a CA infrastructure, Configuring certificates.
|
|
How do you Determine what your client's security needs are?
|
How certificates can help yu provide that security, which users, computers, services and applications will use certificates and what kind of certificates you need
|
|
What applications are suppored by Windows Server 2003 PKI?
|
Digital Signatures, Internet authentications, IP Security (IPSEC), Encrypting File System (EFS) user and revery certificates, secure e-mail, smart card logon, software code signing, Wireless netowrk authentication.
|
|
What is IPSEc?
|
IP security extensions which allow you to encrypt and digitally sign communicatins in order to prevent them from being compromised as they are transmitted overe a network
|
|
What is EFS?
|
It enables user to store data files on adisk in encrypted form in order to prevent other users from accessing it.
|
|
What is the best practie when defining the certificate security requirements for your network?
|
Create a small set of security definitions and apply them to your users and computers as needed.
|
|
What is Basic Security Level?
|
Applies to most users in the organization, uses certificates to provide encrypted e-mail and EFS services.
|