CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

Slides:



Advertisements
Similar presentations
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Advertisements

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Planning a Public Key Infrastructure
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Deploying and Managing Active Directory Certificate Services
Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Chapter 9 Deploying IIS and Active Directory Certificate Services
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Copyright line. Configuring Certificate Services and PKI Exam Objectives  Planning a Windows Server 2008 Certificate-Based PKI  Implementing Certification.
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Understanding Active Directory
Chapter 11: Active Directory Certificate Services
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
CN2140 Server II Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Security Management.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Maintaining Network Health Lesson 10. Skills Matrix Technology SkillObjective DomainObjective # Understanding the Components of NAP Configure Network.
11 CERTIFICATE SERVICES AND SECURE AUTHENTICATION Chapter 10.
Configuring Active Directory Certificate Services Lesson 13.
Public Key Infrastructure Ammar Hasayen ….
Microsoft ® Official Course Module 8 Deploying and Managing Certificates.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Deploying PKI Inside Microsoft The experience of Microsoft in deploying its own corporate PKI Published: December 2003.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Lecture 5.3: Key Distribution: Public Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Configuring Directory Certificate Services Lesson 13.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.
Module 9: Fundamentals of Securing Network Communication.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
Compliance Defects in Public- key Cryptography “ A public-key security system trusts its users to validate each others’s public keys rigorously and to.
Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
Windows 2000 Certificate Authority By Saunders Roesser.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
70-412: Configuring Advanced Windows Server 2012 services
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
Creating and Managing Digital Certificates Chapter Eleven.
Module 13: Enterprise PKI Active Directory Certificate Services (AD CS)
Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.
Security+ Chapter 6 Lab Screen Shots Security+ Chapter 6 Lab Screen Shots Installing Enterprise Subordinate CA Thanks to Rhonda!
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Building and extending the internal PKI
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Maintaining Network Health Lesson 10. Active Directory Certificates Services 2 A component of Microsoft Identity Lifecycle Management (ILM) ILM allow.
Key management issues in PGP
Maintaining Network Health
Module 8: Securing Network Traffic by Using IPSec and Certificates
IS3230 Access Security Unit 9 PKI and Encryption
جايگاه گواهی ديجيتالی در ايران
Module 8: Securing Network Traffic by Using IPSec and Certificates
Install AD Certificate Services
Presentation transcript:

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

Agenda Chapter 13: Configuring Active Directory Certificate Services Exercise Lab Quiz

Public Key Infrastructure Allow two parties to communicate securely, without any previous communication, through the use of public key cryptography Public key cryptography stores a public key for each participant in a PKI Each participant also possesses a private key By combining the public key with private key, one entity can communicate with another entity in a secure fashion without exchanging any sort of shared secret key beforehand ▫A shared secret key is a secret piece of information that is shared between two parties

Shared Secret Key

Certificate Authority (CA) An entity that issues and manages digital certificates for use in a PKI ▫For Server 2008, it requires AD CS server role ▫CAs are hierarchical (One root and several subordinate CAs) ▫Three-tier hierarchy, where a single root CA issues certificates to a number of intermediate CAs, allowing the intermediate CAs to issue certificates to users or computers

Digital Certificate (certificate) The digital certificate contains ▫The certificate holder’s name ▫Public key ▫The digital signature of the Certificate Authority that issued the certificate ▫The certificate’s expiration date

Digital Signature Proves the identity of the entity that has signed a particular document A digital signature indicates that the message is authentic and has not been tampered with since it left the sender’s Outbox

Certificate Practice Statement and Certificate Revocation List Certificate Practice Statement (CPS) ▫Provides a detailed explanation of how a particular CA manages certificates and keys Certificate Revocation List (CRL) ▫This list identifies certificates that have been revoked or terminated, corresponding user, computer, or service ▫Services that utilize PKI should reference the CRL to confirm that a particular certificate has not been revoked prior to its expiration date

Certificate Templates Templates used by a CA to simplify the administration and issuance of digital certificates

Self-Enrollment and Enrollment Agents Self-Enrollment ▫This feature enables users to request their own PKI certificates, typically through a Web browser Enrollment agents ▫These are used to request certificates on behalf of a user, computer, or service You can use either self-enrollment or enrollment agents

Auto-Enrollment Supported by Windows Server 2003 and later Allows users and computers to automatically enroll for certificates based on: ▫One or more certificate templates ▫Group Policy settings in Active Directory ▫Certificate templates that are based on Windows 2000 will not allow auto-enrollment to maintain backwards compatibility

Recovery Agent These agents are configured within a CA to allow users to recover private keys for users, computers, or services if their keys are lost

Key Archival This is the process by which private keys are maintained by the CA for retrieval by a recovery agent In a Windows PKI implementation, users’ private keys can be stored within AD

Windows Server 2008 and Certificate Services The AD CS server role consists of the following services and features: ▫Web enrollment ▫Online Responder  Responds the requests from clients about the certificate status  Online Certificate Status Protocol (OCSP) ▫Network Device Enrollment Service (NDES)  To enroll the hardware-based routers and other network device for PKI certificates

Types of CAs When deploying a Windows-based PKI, two different types of CAs can be deployed: ▫Standalone CA  Not integrated with AD  It requires administrator intervention to respond to certificate requests ▫Enterprise CA  Integrated with AD  Can use certificate templates

Configuring Certificate Auto- enrollment for Wireless Networks You can control PKI in Public Key Policies area in the group policy ▫Encrypting File System (EFS)  Recovery agents (In computer configuration node) ▫Automatic Certificate Request  All computers to automatically submit a request for a certificate from an Enterprise CA

Configuring Certificate Auto- enrollment for Wireless Networks You can control PKI in Public Key Policies area in the group policy ▫Trusted Root Certificate Authorities  It determines if uses can choose to trust root CAs ▫Enterprise Trust  Allows an administrator to define and distribute a CTL for external root CAs ▫Certificate Services Client-Auto-Enrollment  Allows an administrator to enable or disable the automatic enrollment  Use auto-enrollment to write certificate information to the smart card through GPO

Infrastructure components for Auto- Enrollment of PKI Clients must be running XP, Vista Business or Ent., Server 2003, Server 2008 Enterprise CA running on Server 2003 or 2008

Extra materials

Assignment Fill in the blank ▫1-10 Multiple Choice ▫1-10 Online Lab 13

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.