1. Where can you store your public keys or public certificate files in the public domain? Is this the same thing as a Public Key Infrastructure (KI) server?
A- Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition, store a certificate locally on the computer or device that requested it or, in the case of a user, on the computer or device that the user used to request it. The storage location is called the certificate store. A certificate store will often have numerous certificates, possibly issued from a number of different certification authorities.
B- Yes
2. What do you need to do if you want to decrypt encrypted message and files from a trusted sender?
A- You need the private key to decrypt the encrypted message or files.
3. When referring to IPSec tunnel mode, what two types of headers are available and how do they differ?
A- Authentication Header (AH) and Encapsulating Security Payload (ESP)
4. Provide a step by step progression for a typical Certificate Enrollment process with a Certificate Authority.
A –
5. When designing a PKI infrastructure what are the advantages and disadvantages of making the CA available publicly over the Internet or keeping it within the private network?
Advantages
Disadvantages
CA Located in a Private Network
Supports cross-certification of other CA server hierarchies on the Enterprise Corporate Private Enterprise private network.
The CA server is protected from public access, and from intrusion or DoS attacks from the public Internet.
Requires a slightly more complicated VPN router configuration. Because the CA server can not be reached on the public Internet, enrolling a new branch requires a VPN administrator to certificate enroll the VPN routers in one of the following ways:
–Locally in the enterprise campus prior to shipping them to a remote location
–Over an IPSec pre-shared tunnel connection.
–Interactively through cut-and-paste certificate enrollment over a telnet/ssh session to a remote VPN router.
Because the CA server cannot be reached from the public Internet it cannot be used for other Cisco-specific applications that have public X.509 certificates requirements.
CA Located in a Public Network
•Provides a CA server that can be used for IPSec tunnels or other Cisco-specific applications that have public X.509 certificates requirements.
•Provides the simplest enrollment for the VPN endpoint routers.
•Provides for cross-certification of other CA servers hierarchies on the public Internet.
•Because the CA server is available to the public it is a possible target for intrusion or DoS attacks. Precautions must be taken to protect the server.
6. Designing a PKI involves several steps. Per the Windows Best Practices for Designing a PKI, what are those steps? IN your own words, explain what each step is meant to do.
A- Defining your certificate requirements – by defining these requirements, it makes the rest of the steps a bit easier
B- Creating a design for your infrastructure – by creating a design for the infrastructure, it alleviates the confusion of where each is located
C- Creating a certificate management plan – the certificate management plan is designed to manage the certificates
D- Deploying your PKI solution – putting it into use
7. When deploying a PKI, it is important to understand how many CAs will be necessary to properly implement the infrastructure, Provide 3-5 important considerations that must be taken into account before deploying a PKI for a large environment.
A- Connectivity
B- Routing and Switching Capabilities
C- Network Security
D- Access Controls
8. What is the main function of the certutil.exe command line tool available in Microsoft Windows?
A - You can use Certutil to extract and display CA configuration information, configure Certificate Services, back up and restore CA components, and verify certificates, key pairs, and certificate chains.
9. What is the OpenSSL project and their mission?
A - The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.
10. What is the purpose of Single Sign-on? Provide one example of how it benefits security and one example as to how it can increase security risk.
A – It allows a user to use a single login and password to access everything in a network. The benefit of it is that the user only has to remember one username and password. It can increase security risk if someone manages to get a hold of a user’s username and password.
11. True or False. You can enable VPN technology for remote access for mobile workers using the public Internet and also for Wireless LANs (WLAN) within the LAN Domain to ensure confidentiality.
A - True
12. Relate back to the C-I-A tenets of information system security. Hashing provide file Confidentiality. While encryption provides file Integrity.
13. Which method of hashing provides for stronger file integrity verification and why? MD5 or SHA-1?
A- SHA-1 provides for stronger file integrity verification because is 160 bit compared to MD5 at 128 bit.
14. True or False. By Public Key Infrastructure, it is acceptable to share and host your key for all to see and use on a public or shared help server.
A- True
15. True or False. You can host your public key at http://pgp.mit.edu/ because MIT hosts a Public Key Infrastructure for all to use.
A- True
You May Also Find These Documents Helpful
-
This Dragon Net Solutions (DNS) Access Control and Account Management Plan details the access control and account management activities for Dragon Net Solutions. It facilitates compliance with the National Institute of Standards and Technology’s (NIST) Recommended Security Controls for Federal Information Systems (NIST 800-53) and the NIST Guide for Accessing the Security Controls in Federal Information Systems (NIST 800-53A). Specifically, the following NIST Access Controls (AC) are addressed:…
- 1211 Words
- 5 Pages
Powerful Essays -
To define the authentication and encryption settings for remote access VPN clients, the following remote access network policy is created in Network Policy Server (NPS):…
- 297 Words
- 2 Pages
Satisfactory Essays -
Confidential services is a military support branch consisting of 14.000.000 computers with internet access and 250000 servers. All employees must must have a security clearance, and they communicate mainly using blackberry devices and email Hardware Control…
- 280 Words
- 2 Pages
Satisfactory Essays -
1. What are some common risks, threats, and vulnerabilities commonly found in the LAN-to-WAN Domain that must be mitigated through a layered security strategy?…
- 928 Words
- 3 Pages
Good Essays -
The Envy firm is currently seeking opportunities to address security-related issues and prepare government agencies and mid-sized organizations to operate in a more secure manner. The organization has grown in size to 22 full time employees, with 8 employees focusing specifically on services and products. Five currently hold CISSP certifications, four hold CISM certifications, four hold GIAC, and six hold other GIAC certifications. The envy firm has won major contracts over the last four years for assessments and penetration testing. Although the firm does not offer services that review source code to assess its security, the envy firm has every belief that it is qualified to address this RFP.…
- 371 Words
- 2 Pages
Satisfactory Essays -
As Credential Solutions accepts payments using Credit/Debit cards, the obvious security threat is credit/debit card fraud.…
- 1267 Words
- 6 Pages
Better Essays -
c. Active Directory Certificate Services provides customizable services for creating and managing public key certificates used in software security systems employing public key technologies. Organizations can use Active Directory Certificate Services to enhance security by binding the identity of a person, device, or service to a corresponding private key. Active Directory Certificate Services also includes features that allow you to manage certificate enrollment and revocation in a variety of scalable environments.…
- 646 Words
- 3 Pages
Good Essays -
The first observed website is the "SANS Institute." This company offers programmers and network operators incentives and training on how to protect their investment. (Electronically!) With systems being compromised in today's virtual world, it is imperative that network administrators introduce methods to detour entrapment from their private operating systems. The SANS products and scheduled conferences offer security training to professionals to help them better their investment. Certificates, along with state of the art training will help companies and businesses alike to eliminate themselves from being vulnerable from the cyber world.…
- 536 Words
- 3 Pages
Good Essays -
Even though we think CA have a lot of challenges in the transformation process. CA still has a lot of opportunities and advantages in the technology field. We recommend CA to maintain its main business in mainframe, and increase the investment in development of cloud computing.…
- 3583 Words
- 15 Pages
Satisfactory Essays -
This document serves to respond to questions regarding the Cloud (given that we are looking to increase our size and are currently Iaas with Rackspace). You expressed the following questions / concerns:…
- 767 Words
- 4 Pages
Good Essays -
6) The above mentioned certificates should 3 set Xerox copies with college attestation and gazetted sign .in each Xerox copy bottom put your signature its mandatory. Don’t forget to do before submitting application.…
- 578 Words
- 3 Pages
Good Essays -
focus today is on the big “I,” the public Internet and IP VPNs, to the exclusion of…
- 12448 Words
- 96 Pages
Powerful Essays -
Đọc hiểu và giải thích thuật toán, cho ví dụ V. Key Management 13.Trình bày việc phân phối public-key dùng Public-key authority 14. Trình bày việc phân phối public-key dùng Public-key certificates 15.Trình bày tổ chức của chứng nhận X509 ver 3…
- 404 Words
- 2 Pages
Powerful Essays -
Cisco Meraki is a complete cloud managed networking solution. The centralized cloud management for security, networking and application…
- 789 Words
- 4 Pages
Good Essays -
5. Upon presentment of their validated school ID and verification from the ACP Registration Database that a student met any of the 3 cases mentioned in #4, the committee members in Checking Stage shall put a stamp "APPROVED" in the student's arm and the student shall now move on to the second stage, the Manual Registration Stage.…
- 451 Words
- 2 Pages
Satisfactory Essays