2.4 Recognize and understand the administration of the following directory security concepts
o SSL / TLS (Secure Sockets Layer / Transport Layer Security)
o LDAP (Lightweight Directory Access Protocol)
SSL
What is SSL?
SSL, or secure sockets layer, is an encryption method that uses public-key cryptography for authentication, hashing for integrity, and symmetric cryptography for securing a session (domain 4). It uses port 443, and is often used on the Internet to encrypt data when a client purchases something to protect the financial information. It uses a "handshake" to exchange keys. Unlike, IPSec, SSL is only available if the application supports it.
--------------------------------------------------------------------------------
TLS
What is TLS?
TLS, or transport layer security, is a protocol competing with SSL. It uses cryptography/encryption for the same purposes as SSL, but supports other methods of exchanging keys than the SSL handshake. It usually uses the same ports as SSL would. SSL and TLS do not work together, although TLS can "downgrade" itself to provide backward compatibility.
LDAP
What is LDAP?
LDAP, or the Lightweight Directory Access Protocol, is a protocol that allows users to access information in a directory. The users, or clients, must be authenticated. Clients connect with a "distinguished name," or the name to identify an object and it's location, and credentials, such as a password. It is vulnerable to spoofing and DOS attacks.
This page was last modified on 07/28/07 02:11 PM