Sunday, 12 August 2012

Digital Certificate


                                                                Digital Certificate


What is a Digital Certificate?

In simple terms, a Digital Certificate or Digital ID as it is sometimes known, is the electronic commerce world's analogue of the passport. It is a credential issued by a trusted authority that binds you as an individual to an identity that can be recognised and verified electronically by other agencies. It confers certain rights and obligations on you according to policies exercised by the Issuing Authority. Because it uses cryptographic technology, it provides you with the ability to digitally sign emails, documents or transactions, or to verify the signatures of others. It enables you to make emails, documents or transactions only readable by those that you designate.

In a real passport, various checks on you are made by a trusted representative of the Issuing Authority to ensure that you are who you say you are, and thus establish a binding between you as an individual and the paper document that declares your identity. In the digital certificate world, a trusted representative of the Issuing Authority must be satisfied that you are who you say you are, before a request is made to issue a digital certificate on your behalf. Just as when a government issues you with a passport, it is officially vouching for the fact that you are who you say you are, when a Digital Certificate Issuing Authority gives you a digital certificate for secure email, it is putting its name behind the claim that you are the holder of your e-mail address.

In a real passport, the methods used to ensure the integrity of the binding between you and the paper identity are such things as watermarks, seals, special paper and ink, etc. In the digital certificate world, the method used to ensure the integrity of the binding between an individual or other entity and the public key, is the digital signature of the Issuing Authority.



What is a Root Certificate?

A root certificate is the digital certificate of an Issuing Authority. The public key in this certificate is used to verify the digital signature of the Issuing Authority. The Issuing Authority's digital signature is present in all certificates that it issues. The root certificate therefore, can be used to verify the integrity of any certificate that was issued by it. By downloading the root certificate, the user indicates trust in the Issuing Authority, and therefore trust in the bindings that it creates between real identities and their digital certificates.



How do Digital Certificates Work?

One widely-used tool for privacy protection is what cryptographers call "symmetric" or "secret key" encryption, called that way because one encryption key is used to both encrypt and to decrypt information. This key should obviously be kept secret from anyone not authorised to decrypt the information. Your log-on password, your cash card PIN, and the information you type in to enter your online bank accounts are all examples of secret keys. You share these secret keys only with the parties you want to communicate with, such as the bank or credit card company. Your private information is then encrypted with this secret key, and it can only be decrypted by one of the parties holding that same key.

Despite its widespread use, this secret-key system has some serious limitations. As network communications proliferate, it becomes very cumbersome for users to create and remember different passwords for each situation. Moreover, the sharing of a secret key involves inherent risks. When you give your mother's maiden name over the telephone, how do you know you can trust the party on the other end of the line? Can you be sure it is really the credit card company you are talking to? Can you be sure nobody is maliciously listening in? If you give somebody your mother's maiden name and that person abuses it for their own gain, how can you prove you did not authorise their use?

Digital Certificate technology addresses these issues because it does not rely on the sharing of secret keys. Rather than using the same key to both encrypt and decrypt data, a Digital Certificate uses a matched pair of keys which complement one another. In other words, what is done by one key can only be undone by the other key in the pair. In this type of key-pair system, a user holds onto a "private key" and never gives it to anyone, while widely disseminating a "public key." Any information locked with the public key can only be unlocked by the corresponding private key, and vice versa. Since the public key alone does not provide access to communications, users do not need to worry about who gets hold of this key.

For example, for the purposes of securing e-mail, key pairs can work in the following two ways.
You can digitally sign your e-mail by enclosing an electronic stamp constructed by using your private key. When your recipient gets your message, their computer checks this stamp to see if it can be decrypted using your public key. If successful, the recipient knows that the message can only have come from the holder of the private key.
Someone who wants to send you private e-mail can use your public key to encrypt the message. When you get the e-mail, your computer checks to see if the public key used to encrypt the e-mail is a valid match with your private key. If the match is successful, the message gets decrypted and you can read it. Anyone who receives your e-mail but does not hold your private key will be unable to decrypt and read the message.

.

A Digital Certificate makes it possible to verify someone's claim that they are the rightful owner of a given key, helping to prevent people from using counterfeit or stolen keys to impersonate other users. Used in conjunction with encryption, Digital Certificates provide a more complete security solution, assuring the identity of all parties involved in a transaction.

Because a Digital Certificate uses and supplies us with the tools of cryptographic technology, it provides us with the ability to digitally sign documents or transactions, or to verify the signatures of others. It enables us to make documents or transactions only readable by those that we designate. Because Digital Certificates bind a public key to an individual or organisation, in a trusted manner, we can be sure of the identities behind these operations.



Who needs a Digital Certificate?

Anyone who wants to receive encrypted e-mail so they know nobody else can read it will need a Digital Certificate. Anyone who wants to digitally sign their e-mail so that recipients can feel confident it came from them will also need a Digital Certificate.


How do I get a Digital Certificate?

Your organisation has identified one or more responsible and trusted individuals who will act in the role of Registration Authority. It is their job to ensure that everyone who holds a certificate is in fact eligible to do so, that they are who they say they are, and that all details recorded on the certificate about the holder are accurate. Your Registration Authority is where you need to apply for a certificate. You should also contact them immediately if you suspect that your private key has been compromised or stolen, or if any details about you have changed (email address, name, etc.).



Who manages my organisation's Digital Certificates?

Your organisation has identified one or more responsible and trusted individuals who will act in the role of Registration Authority. It is their job to ensure that everyone who holds a certificate is in fact eligible to do so, that they are who they say they are, and that all details recorded on the certificate about the holder are accurate. Your Registration Authority is where you need to apply for a certificate
Posted by at No comments:

Tuesday, 31 July 2012

Microsoft finally kills Hotmail, introduces Outlook.com


Microsoft finally kills Hotmail, introduces Outlook.com


Its finally happened. After years of floundering, Microsoft has finally pulled the plug on Hotmail and introduced a preview version of Outlook.com, a new email service which promises users a cleaner user interface, very much like Google’s Gmail. And yes it comes with the compulsory social media integration to services such as Facebook and Twitter.
Is Microsoft trying to compete with Gmail? Totally. In the official Outlook blogpost, Chris Jones wrote,
Webmail was first introduced with HoTMaiL in 1996. Back then, it was novel to have a personal email address you could keep for life – one that was totally independent from your business or internet service provider. Eight years later, Google introduced Gmail, which included 1 GB of storage and inbox search. And while Gmail and other webmail services like Hotmail have added some features since then, not much has fundamentally changed in webmail over the last 8 years – though yesterday’s frustrations about the small size of inboxes are now things of the past.
Clearly Gmail with extra space, chat and now Hangouts, edged Microsoft’s prized Hotmail and it seems the software giant wants to change that.
Outlook.com. Screengrab
Microsoft promises users that it won’t scan their content or sell it to advertisers. This again is a clear reference to Gmail which matches key search words in user emails to show ads.
So what are the key features of Outlook.com?
• Cloud sync: Outlook is cloud friendly and promises that all your email will be available wherever you are. Its linked to your calendar as well. The good thing is that it comes with SkyDrive, so for users sending photos and documents, size is no longer a problem. SkyDrive will ensure that attachment worries are a thing of the past.
• New interface: Microsoft has gone for a cleaner interface. It looks suspiciously similar to Gmail but a change nonetheless. It also promises user that 30 percent more messages will be visible in your Inbox than other services. Yes its one long scroll down in Outlook.com
• Social networks: Outlook.com is touted as the first email service connected to Facebook, Twitter, LinkedIn, Google, and soon, Skype. Recent status updates,Tweets, the ability to chat and video calls are all promised.
• Some apps: Microsoft is also offering free Office Web Apps such as Word, PowerPoint, Excel and OneNote which means you can edit the doc from your inbox.
Will it be enough to trump Gmail? That remains to be seen.
Posted by at No comments:

Thursday, 26 July 2012

DHCP Process




DHCP is a very common protocol and we often here about it. DHCP is much more complex than it looks. DHCP IP address assignment process goes through a few steps explained in this article.

DHCP stands for Dynamic Host Configuration Protocol and is used to automatically assign IP configuration to hosts connecting to a network. The Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCPIP network. DHCP is based on the Bootstrap Protocol (BOOTP)A DHCP client makes a request to a DHCP server that may or may not reside on the same subnet. The automatic distribution of IP configuration information to hosts eases the administrative burden of maintaining IP networks. In its simplest form, DHCP distributes the IP address, subnet mask and default gateway to a host, but can include other configuration parameters such as name servers and netbios configuration.

A DHCP client goes through six stages during the DHCP process. These stages are:
Initializing
Selecting
Requesting
Binding
Renewing
Rebinding

The DHCP client starts the DHCP process by issuing a DHCPDISCOVER message to its local subnet on UDP port 67. Since the client does not know what subnet it belongs to, a general broadcast is used (destination address 255.255.255.255). If the DHCP server is located on a different subnet, a DHCP-relay agent must be used. The DHCP-relay agent can take several forms. The ip-helper IOS command is used to set up a DHCP-relay agent on a Cisco router.The DHCP-relay agent forwards the DHCPDISCOVER message to a subnet that contains a DHCP server. Once the DHCP server receives the DHCPDISCOVER message, it replies with a DHCPOFFER message. The DHCPOFFER message contains the IP configuration information for the client. THE DHCPOFFER message is sent as a broadcast on UDP port 68. The client will know that the DHCPOFFER message is intended for it because the client's MAC address is included in the message.

If the client is on a different subnet than the server, the message is sent unicast to the DHCP-relay agent on UDP port 67. The DHCP-relay agent broadcasts the DHCPOFFER on the client's subnet on UDP port 68.


After the client receives the DHCPOFFER, it sends a DHCPREQUEST message to the server. The DHCPREQUEST message informs the server that it accepts the parameters offered in the DHCPOFFER message. The DHCPREQUEST is a broadcast message, but it includes the MAC address of the server, so that other DHCP servers on the network will know which server is serving the client.


The DHCP server will send a DHCPACK message to the client to acknowledge the DHCPREQUEST. The DHCPACK message contains all the configuration information that was requested by the client. After the client receives the DHCPACK, it binds the IP address and is ready to communicate on the network. If the server is unable to provide the requested configuration, it sends a DHCPNACK message to the client. The client will resend the DHCPREQUEST message. If the DHCPREQUEST message does not return a DHCPACK after four attempts, the client will start the DHCP process from the beginning and send a new DHCPDISCOVER message. There is a great diagram of the DHCP process at the "Understanding DHCP" link at the end of this article.


After the client receives the DHCPACK, it will send out an ARP request for the IP address assigned. If it gets a reply to the ARP request, the IP address is already in use on the network. The client then sends a DHCPDECLINE to the server and sends a new DHCPREQUEST. This step is optional, and is often not performed.

Since the DHCP works on broadcast, two pc which are on different networks (or VLANs) cannot work on the DHCP protocol. Does that mean we should have one dedicated server of DHCP in each vlan? No … in Cisco devices IP helper-address command helps to broadcast DHCP messages from one vlan to other vlan.For more detailed discussion on the DHCP protocol go through the below link from cisco.com




Posted by at No comments:
Subscribe to: Comments (Atom)