PKI, DMZ & Proxy

Wi-fi eavesdropping

DNS spoofing

Sender/Source spoofing

SQL injection

A framework for enforcing single sign-on in enterprise networks

A system of hardware, software, policies, and standards for managing digital certificates and public-key encryption

A protocol designed to handle secure file transfers over the Internet

A set of regulations requiring organizations to encrypt all email traffic

The user’s password

A private symmetric key

The certificate owner’s public key

The OCSP revocation list

Subordinate CAs

Intermediate CAs

Root CAs

Registration Authorities

Issue new certificates on demand

Revoke expired keys in real time

Determine the revocation status of digital certificates

Encrypt data transmitted between a client and server

Block Domain Name System lookups

Authorize specific CAs to issue certificates for their domain

Prevent domain hijacking through DNSSEC

Configure custom SSL/TLS cipher suites

Secure email communications with digital signatures and encryption

Replace all TLS connections in web browsers

Validate the authenticity of DNS records

Implement a web-of-trust for VoIP calls

Central certificate authorities issuing all credentials

Individuals signing each other’s public keys

Government-issued identities integrated into a PKI hierarchy

A single, globally recognized root CA

A protected area of the network where only internal traffic is allowed

A buffer network segment between an internal network and untrusted external networks

An encrypted network used for storing backups

A legacy method of forwarding traffic without inspection

A network device for creating virtualization containers

A caching and forwarding web proxy server

An encrypted tunnel for secure remote access

A zero-trust network access solution