Digital Certificates

Objective:

Explain digital certificates

Digital certificates play a vital role in the chain of trust. Public key encryption works well when you deal with people you know, as it's easy to send each other a public key. However, what about communications with people you don't know? What would stop someone from posting a public key and saying that instead of Mike, their name is Clement? Not much really, a hacker could post a phony key with the same name and identification of a potential recipient. If the data were encrypted with the phony key, it would be readable by the hacker.

The solution is digital certificates. They play a valuable role because they help you verify that a public key really belongs to a specific owner. Digital certificates are similar to a passport. If you want to leave the country, you must have a passport. If you're at the airport, it's the gold standard of identification, as it proves you are who you say you are. Digital certificates are backed by certificate authorities. A certificate authority is like the U.S. Department of State because it is the bureau that issues passports. In the real world, certificate authorities are handled by private companies. Some of the most well-known include VeriSign, Thawte, and Entrust.

Exam Alert

Digital certificates are used to prove your identity when performing electronic transactions.

Although you might want to use an external certificate authority, it is not mandatory. You could decide to have your own organization act as a certificate authority. Regardless of whether you have a third party handle the duties or you perform them yourself, digital certificates will typically contain the following critical pieces of information:

  1. Identification information that includes username, serial number, and validity dates of the certificates.
  2. The public key of the certificate holder.
  3. The digital signature of the signature authority. This piece is critical, as it validates the entire package.

X.509 is the standard for digital signatures, as it specifies information and attributes required for the identification of a person or a computer system. Version 3 is the most current version of X.509.

Public Key Infrastructure

Part I: Exam Preparation

The Business Aspects of Penetration Testing

The Technical Foundations of Hacking

Footprinting and Scanning

Enumeration and System Hacking

Linux and Automated Security Assessment Tools

Trojans and Backdoors

Sniffers, Session Hijacking, and Denial of Service

Web Server Hacking, Web Applications, and Database Attacks

Wireless Technologies, Security, and Attacks

IDS, Firewalls, and Honeypots

Buffer Overflows, Viruses, and Worms

Cryptographic Attacks and Defenses

Physical Security and Social Engineering

Part II: Final Review

Part III: Appendixes

Appendix A. Using the ExamGear Special Edition Software



Certified Ethical Hacker Exam Prep
Certified Ethical Hacker Exam Prep
ISBN: 0789735318
EAN: 2147483647
Year: 2007
Pages: 247
Authors: Michael Gregg

Similar book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net