Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security > Managing Certificates 6 > Flashcards

Managing Certificates 6 Flashcards

0
Q

Describe certificate authentication

A

The process of identifying users in a transaction that through a series of steps instead of using a user name and password authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

What is a digital certificate

A

An electronic document that associates credential with a public key.
The certificate validates the certificate holders identity and is also a way to distribute the holders public key. CA, Certificate Authority issues certificates and the key pairs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is PKI

A

Public Key Infrastructure
A system composed of CA, certificates, software, services, and other cryptographic components for the purpose of enabling authenticity and validation of data and entities.
Can be used to secure transactions over the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

List the components of PKI

A 
Digital certificates 
One or more CAs
Registration authority, RA
certificate repository database
Certificate management system
CSR, certificate signing request a message sent to a CA on which a resource applies for a certificate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is PKCS

A

Public Key Cryptography Standards
The most common CSR format
Important standards include
PKCS 7 cryptographic message syntax standard. Describes syntax used for cryptographic data like digital signature.
PKCS 10 verification request syntax standards. describes the syntax used to request certification of a public key a

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Explain the Root CA

A

The topmost CA In the hierarchy and is the most trusted authority. Issues and self signs the first certificate in the hierarchy. Must be secured be use if compromised all other certificates become invalid.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are public and private roots

A

Describes root CAs
Private root CA. Created for use within a company itself.

Public root CA. created by a third party for general access by the public.
Well known VeriSign, GlobalSign, Entrust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is subordinate CAs

A

Any CA below the root CA

Issues certificates and provide day to day management of the certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are offline CAs

A

Taking the Root CA offline to provide a secure environment. Allows the subordinate CAs to issue all certificates. All updates made to the subordinate CAs. Ensures that the Root CA is not accessible and less likely to be compromised.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Describe why certificates must be enrolled

A

A CA by itself does you no good. Certificate must be enrolled properly for the appropriate entities in order to implement certificate based security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Describe the certificate enrollment process

A

Must start off with a certificate request
The registration authority authenticates identity
RA applies the certificate policy pertaining to the particular CA that will issue the certificate
If identify authenticated the RA sends the certificate request to the CA
The CA creates the certificate and outs it in the repository
The CA notifies the entity that the certificate is available and the certificate is delivered
When entity obtains it, it is installed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Describe the life cycle of the certificate

A

The life cycle begins when the root CA has issued its self signed key pair. Begins issuing certificates to other CAs and users
Users obtain certificates from the CA through certificate enrollment
Certificates can be renewed more then once depending on certificate policy parameters
Certificates can be revoked before expiring
Certificates expire after a given length of time
If the root CAs certificate expires the entire CA becomes inactive
Some CAs support temporary suspension of certificates and also permanent revocation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

For certificate life cycle management compare longer to shorter life cycles.

A

The longer the life cycle less admin overhead is involved. Poses higher security risk giving attackers more time to break cryptography of the key pair.
Shorter life cycle allows for renewal of more secure certificates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Describe the SSL enrollment process

A

Client requests a session with the server
Server responds by sending its digital certificate and public key to the client
Server and client negotiate an encryption level
Client generates a session key, encrypts it and sends it with the public key from the servers
The session key then becomes the key used in the communication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Why do certificates need to be renewed

A

Renewal process upholds security and accessibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

List private key protection methods

A

Back it up to removable media and store the media securely
Delete it from insecure media
Require a password to restore the private key
Never share a key
Never transmit a key on the network or across the Internet
Consider using key escrow to store a private key with trusted third parties.

16
Q

What is key escrow

A

An alternative to key backups
used to store private keys securely while allowing one or more trusted third parties called key escrow agents access to the keys under predefined conditions

17
Q

What is M of N Control used for

A

Used to prevent a single authorized agent from recovering a key.
Is a mathematical control that takes into account the total number of key recovery agents,n, along with the number of agents required to perform a key recovery,m. If the number of agents attempting to recover a key does not meet or exceed m then the key will not be recovered.

18
Q

Name the two private key restoration methods

A

In the event a private key is lost or damaged you must restore the key from a backup or from escrow before you can recover any encrypted data

If using key escrow the key is divided among escrow agents. They use the parts to reconstruct the lost key or decrypt the info directly

If the key was backed up to removable media it can be restored from the backup location.

19
Q

Describe the private key replacement process

A 
Recover the private key
Decrypt any encrypted data
Destroy the original private key
Obtain a new key pair
Reencrypt the data using the new private key
20
Q

List some reasons certificates can be revoked before expiring

A

Certificate owners private key had been compromised or lost
Certificate was obtained by fraudulent means
Certificate holder is no longer trusted.

21
Q

Define the CRL Certificate Revocation List

A

A list of certificates that were revoked before the expiration date
Each CA has its own CRL that can be accessed trough the directory services of the network os or website.

22
Q

What is OCSP

A

Online Certificate Status Protocol
An HTTP based alternative to a CRL for checking the status of revoked certificates.
OCSP servers also called responders accept a request to check a specific certificates status. The responder uses the certificates serial number to search for it in the CAs database. The server sends the certificates status to the requester.
The main advantage is it lowers overhead but not secure using http

Security (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions