FGT2_18_Certificate_Operations

《FGT2_18_Certificate_Operations》由会员上传分享，免费在线阅读，更多相关内容在学术论文-天天文库。

1、CertificateOperationsInthislesson,youwilllearnhowtomanagecertificatesonFortiGate,andhowtoinspectthecontentsofencryptedtraffic.CertificateOperationsAftercompletingthislesson,youshouldhavethesepracticalskillsincertificatemanagement,suchashowtouploadcertificates,privatekeys,

2、andCRLswhereappropriate,andhowtoconfigureaFortiGatedeviceandbrowserstousecertificatesandkeysforSSH,SSL,orTLScontentinspection,aswellastroubleshootingcommonmisconfigurations.CertificateOperationsSecuretrafficprotectsyourcommunicationsbetweenyouandsomeoneelse.Thereare4proper

3、tiesthatdefinesecurityinthiscase:dataprivacy,dataintegrity,authentication,non-repudiation.Notallsecurechannelswillrequireallfourfeatures.TheRFCforIPSecVPNallowstunnelstobebuiltwithnoencryption.However,peoplealmostalwayswantprivacyforimportantdataandit’susuallypointlesstomak

4、edataprivateifyoudon’tknowwhosentit,andthatithasn’tbeentamperedwith,inpractice,mostsecuretraffichasatleastthefirst3properties.CertificateOperationsDataprivacyisachievedwithencryption.Encryptionappliesanalgorithmandkeytotheinformation,makingitunintelligibletoathirdpartybefo

5、reittravelsacrossthenetwork.Onlytheintendedrecipient,whoalsoknowsthepattern,isabletodecryptthedataandaccesstheinformation.Therearemultipleciphersincommonuse,suchastripleDESandAES-256.The“strength”ofaciphervariesbythecomputationalrequirementsforanattackertorecovertheplaintex

6、t.CertificateOperationsYourdatamaybeprivate,butcouldbecorruptedintransitorfalsifiedbyathirdparty,thereforeyourtrafficisn’tsecure.Howdoweguaranteethatanencryptedmessagearrivedintact?Thereareseveralmethodstoverifydataintegrity;generallythesearechecksums(CHKSUM),orone-wayhash

7、es,whichgenerateauniquevaluefromapplyingthehashingalgorithmtotheoriginalcleartext.Thesenderwouldsendtheciphertextandthehash;thereceiverwouldrecovertheplaintextandrecalculatethehash,ifthecalculatedhashisthesameasthereceivedvalue,thenthemessageisintact.CertificateOperationsA

8、uthenticationisacornerstoneofsecurecomputing.Whentransmittingandreceivingsecuredat