ISC2 - Study notes 25 Flashcards
TLS uses asymmetric encryption to share the session key privately. The public and private asymmetric keys are used to encrypt and decrypt the session key.
TLS uses symmetric encryption to encrypt session data. The session key is then used to encrypt and decrypt the data within the session.
SSL decryptor (sometimes called a TLS decryptor) is placed between user systems and the Internet. Organizations often use them to decrypt TLS session traffic and examine the decrypted data. SSL decryptors can often help detect potential problems.
Info
is one of the first public key algorithms used to privately share symmetric keys between two systems.
Diffie-Hellman
Secure/Multipurpose Internet Mail Extensions (S/MIME) is the standard used to encrypt and digitally sign e-mail.
Digital signatures provide several security benefits, including authentication, integrity, and nonrepudiation. But the primary purpose of a digital signature is to provide authentication.
An important point to remember about e-mail encryption is that the sender requires the recipient’s public key.
Info
(PGP) can encrypt, decrypt, and digitally sign e-mails between individuals; provides confidentiality through encryption, as well as authentication, with the use of digital signatures.
(PKI) includes all the components necessary to create, manage, distribute, validate, and revoke certificates.
A PKI is created based on the X.509 protocol. The X.509 standard identifies many of the components and formats used by the PKI, CAs, and certificates.
Info
Who it was issued to (such as a website, a server, or a user)
Who issued it (the CA)
Validity dates (which allow the certificate to expire)
Serial number (used to uniquely identify the certificate)
Public key (matched to a private key that is not included in the certificate)
A certification path showing the trust chain of the certificate to the root CA
Certificates include following info :
A large organization can use a registration authority (RA). An RA accepts certificate requests, verifies the data, and passes the request on to the CA. The RA is optional and never issues certificates.
Public CAs sell and validate certificates and provide assurances to users that certificates are valid.
certificates issued by a private CA aren’t trusted by default. If external clients receive these certificates, they will receive an error indicating that the certificate is not trusted.
Info
how a CA is trusted. The primary method is by installing certificates from the root CA onto a system’s trusted certificate authorities store. Trusted Root Certification Authorities store for a Windows 7 system. Certificates in this store are from root CAs, and each certificate represents a certificate trust chain. Any certificate issued by any CA in this trust chain is automatically trusted.
Info
refers to storing a copy of a private key for safekeeping or creating an alternative key to be used if necessary. The key can be retrieved if the original key is lost or unavailable. Recovery agents are the individuals authorized to recover keys held in escrow.
Key Escrow
hierarchical trust chain allows CAs to issue certificates and for entities to verify the certificates are valid. For example, imagine a client trusts a root CA. The client will automatically trust certificates from the root CA or any intermediate CAs in the trust chain. Additionally, the client can validate the certificate by either retrieving the CRL or using OCSP.
Info
is a decentralized trust model allowing anyone to create self-signed certificates. Because a person who creates a self-signed certificate also signs the certificate, it isn’t possible to easily validate its authenticity.
WOT
