资源描述:
《FGT2_18_Certificate_Operations》由会员上传分享,免费在线阅读,更多相关内容在学术论文-天天文库。
1、CertificateOperationsInthislesson,youwilllearnhowtomanagecertificatesonFortiGate,andhowtoinspectthecontentsofencryptedtraffic.CertificateOperationsAftercompletingthislesson,youshouldhavethesepracticalskillsincertificatemanagement,suchashowtouploadcertificates,privatekeys,
2、andCRLswhereappropriate,andhowtoconfigureaFortiGatedeviceandbrowserstousecertificatesandkeysforSSH,SSL,orTLScontentinspection,aswellastroubleshootingcommonmisconfigurations.CertificateOperationsSecuretrafficprotectsyourcommunicationsbetweenyouandsomeoneelse.Thereare4proper
3、tiesthatdefinesecurityinthiscase:dataprivacy,dataintegrity,authentication,non-repudiation.Notallsecurechannelswillrequireallfourfeatures.TheRFCforIPSecVPNallowstunnelstobebuiltwithnoencryption.However,peoplealmostalwayswantprivacyforimportantdataandit’susuallypointlesstomak
4、edataprivateifyoudon’tknowwhosentit,andthatithasn’tbeentamperedwith,inpractice,mostsecuretraffichasatleastthefirst3properties.CertificateOperationsDataprivacyisachievedwithencryption.Encryptionappliesanalgorithmandkeytotheinformation,makingitunintelligibletoathirdpartybefo
5、reittravelsacrossthenetwork.Onlytheintendedrecipient,whoalsoknowsthepattern,isabletodecryptthedataandaccesstheinformation.Therearemultipleciphersincommonuse,suchastripleDESandAES-256.The“strength”ofaciphervariesbythecomputationalrequirementsforanattackertorecovertheplaintex
6、t.CertificateOperationsYourdatamaybeprivate,butcouldbecorruptedintransitorfalsifiedbyathirdparty,thereforeyourtrafficisn’tsecure.Howdoweguaranteethatanencryptedmessagearrivedintact?Thereareseveralmethodstoverifydataintegrity;generallythesearechecksums(CHKSUM),orone-wayhash
7、es,whichgenerateauniquevaluefromapplyingthehashingalgorithmtotheoriginalcleartext.Thesenderwouldsendtheciphertextandthehash;thereceiverwouldrecovertheplaintextandrecalculatethehash,ifthecalculatedhashisthesameasthereceivedvalue,thenthemessageisintact.CertificateOperationsA
8、uthenticationisacornerstoneofsecurecomputing.Whentransmittingandreceivingsecuredat