Microsoft Press Microsoft Encyclopedia of Security

[ Pobierz całość w formacie PDF ]
.While the ping utility included with both MicrosoftPKIWindows and UNIX/Linux platforms is a legitimatenetwork testing tool, ping sweeps generally utilize moreStands for Public Key Infrastructure, a set of technolo��sophisticated tools that can automatically scan an entiregies and policies for authenticating entities using publicrange of addresses and perform other kinds of tests tokey cryptography.enumerate hosts that are detected.See: Public Key Infrastructure (PKI)A number of tools are around that can be used to per-form ping sweeps on remote networks, including Fping,PKINITGping, Nmap, Pinger, Ping Sweep, and Rhino9.To evadeAn extension to Kerberos that adds public keyfirewalls that block ICMP echo requests, many of thesecryptography.tools can use other types of packets, including ICMP timestamp and address mask requests as alternatives.OverviewPKINIT enhances the Kerberos specification RFCNotes1510bis by allowing Kerberos clients to have their ini��Ping sweeping is also known as ICMP sweeping.tial authentication performed using public key cryptog��See Also: enumeration, footprinting, Fping, Nmap,raphy.PKINIT is derived from Public Keyscanningcryptography for INITial authentication and is cur��rently an Internet-Draft standard being considered bythe Internet Engineering Task Force (IETF).The advan��PKCStages of incorporating public key cryptography intoStands for public key cryptography standards, a seriesPKerberos include easier key management and the abilityof specifications for Public Key Infrastructure (PKI)to leverage emerging Public Key Infrastructure (PKI) sys��implementation.tems.The PKINIT draft standard specifies how preau��thentication data fields and error data fields in KerberosSee: public key cryptography standards (PKCS)messages can be used for carrying public key data.PKCS #7 See Also: Kerberos, public key cryptographyA specification for cryptographic message syntax.PKIXOverviewPKCS #7 is the most widely implemented of the PKCSStands for Public-Key Infrastructure (X.509), a set ofde facto standards issued by RSA Security.PKCS #7standards for implementing an X.509-based public keyforms the basis of the Cryptographic Message Syntaxinfrastructure (PKI).(CMS) standard of RFC 2630 that outlines how toSee: Public-Key Infrastructure (X.509) (PKIX)authenticate, digest, encrypt, and sign digital messages.Uses for PKCS #7 include certificate requests for Pub��lic Key Infrastructure (PKI) and digital signatures for247plaintext pluggable authentication module (PAM)OverviewplaintextPlatform for Privacy Preferences (P3P) is a project of ��Information that is unencrypted.the World Wide Web Consortium (W3C) intended as an ��Overviewindustry standard for protecting the privacy of users who ��Encryption is the process of transforming plaintext intosubmit personal information to Web sites they visit.P3P ��ciphertext.Plaintext is information that is in human-provides a mechanism for implementing privacy policies ��readable form; for example, an e-mail message typed inon Web sites and provides users with clear and unambig��a text editor.To prevent sensitive information fromuous information about how sites will handle their per��being read if it is intercepted by someone other than itssonal information.P3P allows privacy policies for Web ��intended recipient, the message can be encrypted usingsites to be implemented in a standardized machine-��a mathematical procedure called an encryption algo��readable format so that P3P-supporting Web browsers ��rithm.The result of applying this algorithm to the infor��can automatically compare a site s policy to the user s��mation is ciphertext, a string of bits that still containsprivacy preferences configured in the browser.��the original information but cannot be read by anyoneThe P3P 1.0 Recommendation was released in April ��unless it is first decrypted to convert it back into plaintext.2002, and the W3C has published a number of guides ��See Also: ciphertext, encryption, encryption algorithmand tools for how to implement P3P on both the client ��and server sides.Version 6 of Microsoft Internet ��Explorer Web browser supports many aspects of P3P as ��plaintext cipherdoes Mozilla and other browsers.��block chaining (PCBC)A block cipher used in Kerberos authentication.For More Information1Visit www.w3.org/P3P/ for more information.��OverviewPlaintext cipher block chaining (PCBC) is a modified See Also: privacyform of cipher block chaining (CBC), a feedback mech��anism commonly used in block ciphers.PCBC providesplaybacka mechanism for detecting when encrypted communi��Another name for packet replay, capturing and resend��cations are compromised by ensuring that, if a portioning packets on a network.of an encrypted message is changed, the content of theP remaining part of the message is garbage (indecipher��See: packet replayable).By including a standard block of data at the endof each Kerberos message, a recipient can test whetherpluggable authenticationa message has been tampered with by seeing if this stan��module (PAM)dard data decrypts properly.A UNIX programming model for extensible authentica��See Also: cipher block chaining (CBC), Kerberostion architecture [ Pobierz całość w formacie PDF ]

Archiwum