2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet566/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   562   563   564   565   566   567   568   569   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

LDAP and PKIs 
A public-key infrastructure (PKI) uses LDAP when integrating digital certifi cates into 
transmissions. Chapter 7 covers a PKI in more depth, but in short, a PKI is a group of tech-
nologies used to manage digital certifi cates during the certifi cate lifecycle. There are many 
times when clients need to query a certifi cate authority (CA) for information on a certifi cate, 
and LDAP is one of the protocols used. 
LDAP and centralized access control systems can be used to support single sign-on 
capabilities.
Kerberos 
Ticket authentication is a mechanism that employs a third-party entity to prove identi-
fi cation and provide authentication. The most common and well-known ticket system is 
Kerberos

The Kerberos name is borrowed from Greek mythology. A three-headed 
dog named Kerberos, sometimes referred to as Cerberus, guards the gates 
to the underworld. The dog faces inward, preventing escape rather than 
denying entrance.
Kerberos offers a single sign-on solution for users and provides protection for logon 
credentials. The current version, Kerberos 5, relies on symmetric-key cryptography (also 
known as secret-key cryptography) using the Advanced Encryption Standard (AES) sym-
metric encryption protocol. Kerberos provides confi dentiality and integrity for authentica-
tion traffi c using end-to-end security and helps protect against eavesdropping and replay 
attacks. It uses several different elements that are important to understand: 
Key Distribution Center
The
key distribution center (KDC)
is the trusted third party that 
provides authentication services. Kerberos uses symmetric-key cryptography to authenticate 
clients to servers. All clients and servers are registered with the KDC, and it maintains the 
secret keys for all network members. 
Kerberos Authentication Server
The authentication server hosts the functions of the KDC: 
a ticket-granting service (TGS) and an authentication service (AS). However, it is possible 
to host the ticket-granting service on another server. The
authentication service
verifi es or 
rejects the authenticity and timeliness of tickets. This server is often called the KDC. 


Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   562   563   564   565   566   567   568   569   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish