Scribd Logo
Upload

Welcome to Scribd!

  • 53 views

    Guide To Firewalls and Network Security: Chapter 7 Solutions

    Uploaded by

    Mohlomphegi Bennet Aphane
    This document provides solutions to review questions about encryption and digital certificates. Symmetric cryptography is faster than asymmetric but less secure, while asymmetric ensures private keys are never exchanged. IPSec can save time/expense by securing communications without installing VPNs. Digital certificates contain public keys, signatures, and identity information, but their quality depends on trusting the certification authority.

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd

    Guide To Firewalls and Network Security: Chapter 7 Solutions

    Uploaded by

    Mohlomphegi Bennet Aphane
    53 views3 pages
    This document provides solutions to review questions about encryption and digital certificates. Symmetric cryptography is faster than asymmetric but less secure, while asymmetric ensures private keys are never exchanged. IPSec can save time/expense by securing communications without installing VPNs. Digital certificates contain public keys, signatures, and identity information, but their quality depends on trusting the certification authority.

    Original Description:

    solutions

    Original Title

    Chap07 Review

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document provides solutions to review questions about encryption and digital certificates. Symmetric cryptography is faster than asymmetric but less secure, while asymmetric ensures private keys are never exchanged. IPSec can save time/expense by securing communications without installing VPNs. Digital certificates contain public keys, signatures, and identity information, but their quality depends on trusting the certification authority.

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Download as doc, pdf, or txt
    53 views3 pages

    Guide To Firewalls and Network Security: Chapter 7 Solutions

    Uploaded by

    Mohlomphegi Bennet Aphane
    This document provides solutions to review questions about encryption and digital certificates. Symmetric cryptography is faster than asymmetric but less secure, while asymmetric ensures private keys are never exchanged. IPSec can save time/expense by securing communications without installing VPNs. Digital certificates contain public keys, signatures, and identity information, but their quality depends on trusting the certification authority.

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Download as doc, pdf, or txt
    You are on page 1of 3

    Guide to Firewalls and Network Security

    Chapter 7 Solutions
    Review Questions
    1. Encryption is used to protect data at what point?
    Answer: A. Firewalls are unable to encrypt data in transit on the Internet. Also, it makes no sense to
    encrypt data arriving on the external interface from the Internet.

    2. Encryption preserves what aspect of digital data passing between networks? (Choose all that apply.)
    Answer: A, B, and C are correct. Encryption has nothing to do with the usefulness or truthfulness of
    the content of communications—that is the responsibility of the author.

    3. Which function of a firewall might not be compatible with encryption?


    Answer: C. Some protocols and modes that are part IPSec, for instance, encrypt the IP source and
    destination header information of packets, which makes it impossible for NAT to work.

    4. Which of the following aspects of firewalls is made worse by encryption?


    Answer: B. Encryption is a very CPU-intensive process that can slow down communications through
    a firewall even more than they already are.

    5. Complete this sentence: An attack in which a hacker intercepts a public key is called a
    ______________…
    Answer: C

    6. What is the difference between a digital signature and a digital certificate?


    Answer: A digital signature is part of a digital certificate. A digital signature is just an encrypted code.
    A digital certificate includes information about the holder of the certificate, the CA that issued it, and
    so on.

    7. What is the main advantage of using symmetrical cryptography?


    Answer: D. Symmetrical cryptography is not as secure as public-private key cryptography; however, it
    is much faster and requires fewer system resources.

    8. What is the advantage of using asymmetrical cryptography?


    Answer: C. Asymmetrical cryptography is more secure than symmetrical because the user’s private
    key is never exchanged and cannot be intercepted in transit.

    9. You handle security for a corporation with 10 branch offices and 5,000 employees. You are tasked with
    issuing security keys to each of these employees. How would you handle this?
    Answer: Don’t try to do the key management manually; turn instead to a Certification Authority (CA)
    to handle the issuance and management—to function as a Key Distribution Center (KDC), in other
    words.

    10. Which of the following provides for authentication?


    Answers: D. Answer B., tunnel mode, encapsulates and/or encrypts data but does not provide for
    authentication.

    11. Finish this sentence: IPSec can save you the time and expense of installing...
    Answer: A.

    12. What does an IPSec policy do?


    Answer: A.

    Guide to Firewalls and Network Security Chapter 7 Solutions


    13. In what environment would you specify an IPSec policy in Group Policy?
    Answer: B. A is too vague; you only need IPSec for communications that require a heightened
    level of security..

    14. X.509 certificates make use of what entity?


    Answer: B

    15. Finish the following sentence: IPSec is not a security method that provides __________....
    Answer: ...end-to-end (in other words, end-user to end-user) security.

    16. What can digital certificates authenticate that IPSec cannot?


    Answer: D

    17. Digital certificates contain digital signatures and public keys as well as detailed information about the
    certificate holder. However, the quality of all that information depends on one thing that neither you nor the
    certificate holder can control. What is it?
    Answer: C. You need to place trust in the Certification Authority that the holder of the certificate is
    indeed who he or she claims to be.

    18. What function of PGP can effectively erase unencrypted files from hard disks?
    Answer: A

    19. Which of the following is a “hybrid” security scheme that uses both symmetric and asymmetric encryption?
    (Choose all that apply.)
    Answer: C, D

    20. What do the terms “thumbprint” or “fingerprint” mean in the context of encryption?
    Answer: They describe the digital signature that is part of a digital certificate.

    Hands-on Projects
    Project 1
    The digital “fingerprint of your PGP signing key consists of a hexadecimal code that can also be expressed
    in English. The hexadecimal code consists of ten groups with four characters each. The English version
    consists of twenty separate words. You toggle between the two versions of the fingerprint by checking or
    un-checking the Hexadecimal box.

    Project 2
    You get the size in data bits of the key; the KeyID; the date the key was issued; the user’s name, and the
    user’s e-mail address.

    Project 3
    N/A

    Project 4
    You see the original file plus an encrypted version, which has the file extension .pgp as well as the label
    PGP Encrypted File

    Project 5
    You can select a standard key size (768, 1024, 1536, 2048, or 3072 bits), or enter a custom key size up to
    4096 bits.

    Project 6
    The name of the certificate is now listed in the Root Certificate box.

    Guide to Firewalls and Network Security Chapter 7 Solutions


    Case Projects
    Case Project 1
    As a prerequisite for accessing your files, require all of the members of the company that are to be given
    access to obtain digital certificates. Have them digitally sign all e-mail messages that they exchange with
    you.

    Case Project 2
    Both individuals should obtain a public/private key pair generated by an encryption program (The freeware
    version of PGP would be an obvious choice.) You would obtain each other’s public key from a key server.
    Then, attach the key to an e-mail address and use the key to encrypt your communications. The recipient
    can then use his or her private key to decrypt the communications.

    Case Project 3
    Change the subkey associated with the signing key and use the new subkey to generate encryption keys.
    You can then use the encryption keys to encrypt your e-mail or individual files.

    Case Project 4
    Right-click the file, point to PGP in the popup menu, and choose Encrypt to encrypt the file. Then right-
    click the unencrypted version of the file, point to PGP, and choose Wipe, which erases the file completely
    from your hard disk.

    Guide to Firewalls and Network Security Chapter 7 Solutions

    You might also like