Scribd Logo
Upload

Welcome to Scribd!

  • Security Design in A Windows 2003 Environment: CIS 288 Designing A Secure Public Key Infrastructure

    Uploaded by

    ghar_dash
    12 views13 pages
    cis341_week03_ch03

    Original Title

    cis341_week03_ch03

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    cis341_week03_ch03

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views13 pages

    Security Design in A Windows 2003 Environment: CIS 288 Designing A Secure Public Key Infrastructure

    Uploaded by

    ghar_dash
    cis341_week03_ch03

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 13

    Security Design in a Windows 2003 Environment

    CIS 288 Designing a Secure Public Key Infrastructure

    Objectives
    When you complete this lesson you will be able to:
    Design a public key infrastructure using Certificate Services Design a certification authority hierarchy implementation. Types include geographical, organizational, and trusted Design a logical authentication strategy Design security for C-A servers Design certificate distribution

    Designing a Public Key Infrastructure


    3 basic needs to be secure in an Ecommerce transaction. Ways to encrypt messages:
    Symmetric algorithms Asymmetric algorithms

    Digital certificates

    Designing a Public Key Infrastructure (continued)

    Understanding PKI
    PKI could be described as a collection of standards, policies, laws, and procedures that will ensure security using public and private key pairs The P-K-I architecture is a combination of several key components:
    Digital certificates Certificate authorities Certificate repositories Key retrieval and recovery

    Designing a Certification Authority Implementation


    Factor to consider when implementing a CA:
    Designing the root CAs Designing CA types and roles Are you going to have internal CAs or delegate to third-party C-As? Evaluate the optimum level of capacity for the CAs.

    Designing a Certification Authority Implementation


    Geographical hierarchy

    Designing a Certification Authority Implementation


    Organizational Hierarchy

    Designing a Certification Authority Implementation


    Network Trust Hierarchy

    Designing a Logical Authentication Strategy


    Windows Server 2003 provides a secure framework for users, computers, and services of the enterprise. This is achieved by creating Active Directory accounts for each resource that needs to be accessed in the enterprise. The steps include to: Review the existing authentication strategy. Create the users in Active Directory that can access these resources. Configure the computer accounts for the resources. Secure the authentication process of the enterprise. 4 different ways of doing this

    Designing Security for CA Servers


    Securing Enterprise CA servers is a very important step in a PKI implementation. You should take steps to protect the CA servers.

    Designing Certificate Distribution


    Windows Server 2003 implements a Web Enrollment Support system to request certificates. It also supports autoenrollments and auto-renewals. Windows Server 2003 also supports delta CRL lists. You can manage the CA server using the CA MMC snap-in or the certutil.exe command-line tool.

    Summary
    Designing a Public Key Infrastructure Understanding PKI Designing a Certification Authority Implementation Designing Security for CA Servers

    You might also like