1. What is data authentication, what is its function, and what are the technical means for its realization?
Digital authentication certificate is an encryption technology with digital certificate as the core. It can encrypt and decrypt, digitally sign and verify the information transmitted on the network to ensure the security and integrity of the information transmitted online. By using a digital certificate, even if the information you send is intercepted by others online, or even if you lose your personal account, password and other information, the security of your account and funds can still be guaranteed.
The certificate is actually issued by the certificate authority (CA) to authenticate the user's public key.
The content of the certificate includes: the information of the electronic visa authority, the public key user information, the public key, the signature of the authority, and the validity period, etc. Currently, the certificate format and verification method generally follow the X.509 international standard.
2. What is identity authentication, what is its function, and what technical means are there for its realization?
Identity verification, also known as "verification" and "authentication", refers to the confirmation of the user's identity through certain means.
There are many methods of authentication, which can basically be divided into: authentication based on shared keys, authentication based on biological characteristics, and authentication based on public key encryption and decryption algorithms. Different authentication methods have different levels of security.
3. What VPN technology?
A Virtual Private Network (VPN) is an extension of a private network that includes a shared or public network link similar to the Internet. A VPN lets you send data between two computers over a shared or public network in a way that simulates a point-to-point private link.
4. What are the classifications of VPN technology?
Tunnel technology, encryption and decryption technology, data authentication technology, identity authentication technology, key management transmission technology
5. What security services can IPSEC technology provide?
Confidentiality, integrity, data source authentication, retransmission protection, non-repudiation
6. What is the technical architecture of IPSEC?
7. What are the similarities and differences between AH and ESP packages?
AH (Authentication Header) is a verification header protocol, and ESP (Encapsulating Security Payload) is an encapsulating security payload protocol. Judging from the name, AH is mainly used to verify IP headers, and ESP is mainly used for encryption;
AH does not provide encryption services, while ESP provides encryption services.
The scope of their verification is different: ESP does not verify the IP header, while AH verifies the IP header, so it is often necessary to use AH and ESP in combination to ensure the confidentiality and integrity of the IP header (as shown in the figure above); AH provides as much security as possible for the IP header. Multiple authentication protection, packets that fail authentication will be discarded and not handed over to the upper layer protocol for decryption. This operating mode can reduce the chance of successful denial of service attacks.
8.What is the function of IKE?
(1) Dynamically establish a security association SA for both parties in ipsec communication, and manage and maintain the SA.
(2) Generate keys for ipsec and provide AH/ESP encryption, decryption and verification.
9. Explain in detail how IKE works?
IKE performs key negotiation and establishes a security association for ipsec in two stages:
The first stage: The communicating parties need to establish a channel that has passed authentication and security protection, and exchange to establish an iskmp security association, iskmp sa,
The second stage: Use the secure channel of the established security association iskmp sa to negotiate security services for ipsec, establish ipsec sa, and generate keys for business data encryption.
10.What modes are there in the first stage of IKE? What are the differences and what are the usage scenarios?
There are two modes in the first stage: main mode and brutal mode.
Main mode:
Brutal mode:
