security+ guide to network security fundamentals, third edition chapter 12 applying cryptography
Post on 18-Dec-2015
227 views
TRANSCRIPT
![Page 1: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/1.jpg)
Security+ Guide to Network Security Fundamentals, Third
Edition
Chapter 12Applying Cryptography
![Page 2: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/2.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Objectives
• Define digital certificates
• List the various types of digital certificates and how they are used
• Describe the components of Public Key Infrastructure (PKI)
• List the tasks associated with key management
• Describe the different cryptographic transport protocols
2
![Page 3: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/3.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Digital Certificates
• Using digital certificates involves:– Understanding their purpose– Knowing how they are authorized, stored, and revoked– Determining which type of digital certificate is
appropriate for different situations
3
![Page 4: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/4.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Defining Digital Certificates
• Digital certificate– Can be used to associate or “bind” a user’s identity to
a public key– The user’s public key that has itself been “digitally
signed” by a reputable source entrusted to sign it
• Digital certificates make it possible for Alice to verify Bob’s claim that the key belongs to him
• When Bob sends a message to Alice he does not ask her to retrieve his public key from a central site– Instead, Bob attaches the digital certificate to the
message4
![Page 5: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/5.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 5
![Page 6: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/6.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Defining Digital Certificates (continued)
• A digital certificate typically contains the following information:– Owner’s name or alias– Owner’s public key– Name of the issuer– Digital signature of the issuer– Serial number of the digital certificate– Expiration date of the public key
6
![Page 7: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/7.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Authorizing, Storing, and Revoking Digital Certificates
• Certificate Authority (CA)– An entity that issues digital certificates for others– A user provides information to a CA that verifies her
identity– The user generates public and private keys and sends
the public key to the CA– The CA inserts this public key into the certificate
• Registration Authority (RA)– Handles some CA tasks such as processing certificate
requests and authenticating users
7
![Page 8: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/8.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Authorizing, Storing, and Revoking Digital Certificates (continued)
• Certificate Revocation List (CRL)– Lists revoked certificates– Can be accessed to check the certificate status of
other users– Most CRLs can either be viewed or downloaded
directly into the user’s Web browser
• Certificate Repository (CR)– A publicly accessible directory that contains the
certificates and CRLs published by a CA– CRs are often available to all users through a Web
browser interface8
![Page 9: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/9.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 9
![Page 10: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/10.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Authorizing, Storing, and Revoking Digital Certificates (continued)
10
![Page 11: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/11.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Types of Digital Certificates
• Digital certificates can also be used to:– Encrypt channels to provide secure communication
– Encrypt messages for secure Internet e-mail communication
– Verify the identity of clients and servers on the Web
– Verify the source and integrity of signed executable code
• Categories of digital certificates– Personal digital certificates
– Server digital certificates
– Software publisher digital certificates11
![Page 12: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/12.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 12
![Page 13: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/13.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Types of Digital Certificates (continued)
• Single-sided certificate– When Bob sends one digital certificate to Alice along
with his message
• Dual-sided certificates– Certificates in which the functionality is split between
two certificates• Signing certificate
• Encryption certificate
13
![Page 14: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/14.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Types of Digital Certificates (continued)
• Dual-sided certificate advantages:– Reduce the need for storing multiple copies of the
signing certificate– Facilitate certificate handling in organizations
• X.509 Digital Certificates– The most widely accepted format for digital certificates
14
![Page 15: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/15.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 15
Types of Digital Certificates (continued)
![Page 16: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/16.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 16
![Page 17: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/17.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 17
![Page 18: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/18.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Public Key Infrastructure (PKI)
• Public key infrastructure involves public-key cryptography standards, trust models, and key management
18
![Page 19: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/19.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
What Is Public Key Infrastructure (PKI)?
• Public key infrastructure (PKI)– A framework for all of the entities involved in digital
certificates to create, store, distribute, and revoke digital certificates
• Includes hardware, software, people, policies and procedures
• PKI is digital certificate management
19
![Page 20: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/20.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Public-Key Cryptographic Standards (PKCS)
• Public-key cryptography standards (PKCS)– A numbered set of PKI standards that have been
defined by the RSA Corporation– These standards are based on the RSA public-key
algorithm
20
![Page 21: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/21.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 21
![Page 22: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/22.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 22
![Page 23: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/23.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 23
![Page 24: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/24.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Trust Models
• Trust may be defined as confidence in or reliance on another person or entity
• Trust model – Refers to the type of trusting relationship that can exist
between individuals or entities
• Direct trust– A relationship exists between two individuals because
one person knows the other person
• Third party trust– Refers to a situation in which two individuals trust
each other because each trusts a third party24
![Page 25: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/25.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Trust Models (continued)
• Direct trust is not feasible when dealing with multiple users who each have digital certificates
• Three PKI trust models that use a CA– Hierarchical trust model– Distributed trust model– Bridge trust model
25
![Page 26: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/26.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 26
Trust Models (continued)
![Page 27: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/27.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 27
Trust Models (continued)
![Page 28: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/28.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 28
![Page 29: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/29.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Managing PKI
• Certificate policy (CP)– A published set of rules that govern the operation of a
PKI– Provides recommended baseline security
requirements for the use and operation of CA, RA, and other PKI components
• Certificate practice statement (CPS)– Describes in detail how the CA uses and manages
certificates– A more technical document than a CP
29
![Page 30: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/30.jpg)
Managing PKI (continued)
• Certificate life cycle– Creation– Suspension– Revocation– Expiration
Security+ Guide to Network Security Fundamentals 30
![Page 31: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/31.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Key Management
• Proper key management includes key storage, key usage, and key handling procedures
31
![Page 32: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/32.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Key Storage
• Public keys can be stored by embedding them within digital certificates– While private keys can be stored on the user’s local
system
• The drawback to software-based storage is that it may leave keys open to attacks
• Storing keys in hardware is an alternative to software-based storage
• Private keys can be stored on smart cards or in tokens
32
![Page 33: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/33.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Key Usage
• If more security is needed than a single set of public and private keys– Then multiple pairs of dual keys can be created
• One pair of keys may be used to encrypt information – The public key could be backed up to another location
• The second pair would be used only for digital signatures– The public key in that pair would never be backed up
33
![Page 34: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/34.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Key Handling Procedures
• Procedures include:– Escrow– Expiration– Renewal– Revocation– Recovery
• Key recovery agent (KRA)
• M-of-N control
– Suspension– Destruction
34
![Page 35: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/35.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 35
![Page 36: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/36.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Cryptographic Transport Protocols
• Cryptographic transport protocols can be categorized by the applications that they are commonly used for:– File transfer, Web, VPN, and e-mail
36
![Page 37: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/37.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
File Transfer Protocols
• File Transfer Protocol (FTP)– Part of the TCP/IP suite– Used to connect to an FTP server
• Vulnerabilities– Usernames, passwords, and files being transferred
are in cleartext– Files being transferred by FTP are vulnerable to man-
in-the-middle attacks
• One of the ways to reduce the risk of attack is to use encrypted Secure FTP (SFTP)
37
![Page 38: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/38.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
File Transfer Protocols (continued)
• Secure Sockets Layer (SSL)– A protocol developed by Netscape for securely
transmitting documents over the Internet– Uses a public key to encrypt data that is transferred
over the SSL connection
• Transport Layer Security (TLS)– A protocol that guarantees privacy and data integrity
between applications communicating over the Internet– An extension of SSL
• Are often referred to as SSL/TLS or TLS/SSL38
![Page 39: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/39.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
File Transfer Protocols (continued)
• A second protocol that can be used with SFTP is Secure Shell (SSH)– Also called SFTP/SSH
• SSH– A UNIX-based command interface and protocol for
securely accessing a remote computer– Suite of three utilities: slogin, scp, and ssh– Both the client and server ends of the connection are
authenticated using a digital certificate• Passwords are protected by being encrypted
39
![Page 40: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/40.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 40
File Transfer Protocols (continued)
![Page 41: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/41.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Web Protocols
• Another use of SSL is to secure Web HTTP communications between a browser and a Web server
• Hypertext Transport Protocol over Secure Sockets Layer– “Plain” HTTP sent over SSL/TLS
• Secure Hypertext Transport Protocol– Allows clients and the server to negotiate independently
encryption, authentication, and digital signature methods, in any combination, in both directions
41
![Page 42: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/42.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
VPN Protocols
• Point-to-Point Tunneling Protocol (PPTP)– Most widely deployed tunneling protocol– Allows IP traffic to be encrypted and then
encapsulated in an IP header to be sent across a public IP network such as the Internet
– Based on the Point-to-Point Protocol (PPP)
• Point-to-Point Protocol over Ethernet (PPPoE)– Another variation of PPP that is used by broadband
Internet providers with DSL or cable modem connections
42
![Page 43: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/43.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 43
VPN Protocols (continued)
![Page 44: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/44.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
VPN Protocols (continued)
• Layer 2 Tunneling Protocol (L2TP)– Merges the features of PPTP with Cisco’s Layer 2
Forwarding Protocol (L2F)– L2TP is not limited to working with TCP/IP-based
networks, but supports a wide array of protocols– An industry-standard tunneling protocol that allows IP
traffic to be encrypted• And then transmitted over any medium that supports
point-to-point delivery
44
![Page 45: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/45.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
VPN Protocols (continued)
• IP Security (IPsec)– A set of protocols developed to support the secure
exchange of packets
• Because it operates at a low level in the OSI model– IPsec is considered to be a transparent security
protocol for applications, users, and software
• IPsec provides three areas of protection:– Authentication, confidentiality, and key management
45
![Page 46: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/46.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 46
![Page 47: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/47.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
VPN Protocols (continued)
• IPsec supports two encryption modes:– Transport mode encrypts only the data portion
(payload) of each packet yet leaves the header unencrypted
– Tunnel mode encrypts both the header and the data portion
• Both AH and ESP can be used with transport or tunnel mode– Creating four possible transport mechanisms
47
![Page 48: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/48.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 48
![Page 49: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/49.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 49
![Page 50: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/50.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 50
VPN Protocols (continued)
![Page 51: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/51.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
E-mail Transport Protocol
• S/MIME (Secure/Multipurpose Internet Mail Extensions)– One of the most common e-mail transport protocols– Uses digital certificates to protect the e-mail
messages
• S/MIME functionality is built into the vast majority of modern e-mail software and interoperates between them
51
![Page 52: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/52.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Summary
• Digital certificates can be used to associate a user’s identity to a public key
• An entity that issues digital certificates for others is known as a Certificate Authority (CA)
• Types of certificates– Personal, server, and software publisher certificates
• PKI is digital certificate management
• One of the principal foundations of PKI is that of trust
52
![Page 53: Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography](https://reader038.vdocuments.site/reader038/viewer/2022102906/56649d235503460f949fa40e/html5/thumbnails/53.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Summary (continued)
• An organization that uses multiple digital certificates on a regular basis needs to properly manage those digital certificates
• One cryptographic transport protocol for FTP is Secure Sockets Layer (SSL)
• A secure version for Web communications is HTTP sent over SSL/TLS and is called HTTPS (Hypertext Transport Protocol over Secure Sockets Layer)
• There are several “tunneling” protocols (when a packet is enclosed within another packet) that can be used for VPN transmissions
53