Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 9: Fundamentals of Securing Network Communication.

Published bySusan Estella Logan Modified over 9 years ago

Similar presentations

Presentation on theme: "Module 9: Fundamentals of Securing Network Communication."— Presentation transcript:

1 Module 9: Fundamentals of Securing Network Communication

2 Public Key Infrastructure Using Certificates

3 Lesson 1: Public Key Infrastructure Components of Public Key Infrastructure Selecting a Certification Authority What Is a Certificate? Types of Certificates What Is a Certificate Template? New Certificate Features in Windows Server® 2008

4 Components of Public Key Infrastructure Certificate and CA Management Tools Certification Authority Certificate and CRL Distribution Points Certificate Template Digital Certificate Digital Certificate Certificate Revocation List Public Key-Enabled Applications and Services

5 Selecting a Certification Authority Internal CAs: Generate certificates free of charge Are trusted by internal computers Are not trusted by computers outside the organization External CAs: Require a fee for each certificate Are trusted by internal and external computers

6 What Is a Certificate? A digital certificate: Can be used to verify identity Contains a public key Contains information about the issuer and the subject Is signed by a CA

7 Types of Certificates Certificate TypeDescription User Assigned to users for performing actions such as file encryption Computer Assigned to computers for performing actions such as domain communication CA Assigned to certification authorities to authorize the issuing of certificates Certificates can be for limited uses:

8 What Is a Certificate Template? Certificate Template Description AdministratorAllows trust list signing and user authentication Basic EFS Used by Encrypting File System (EFS) to encrypt data Computer Allows a computer to authenticate itself on the network Domain ControllerAll-purpose certificates held by domain controllers IPSec Used by IP Security (IPSec) to digitally sign, encrypt, and decrypt network communication User Certificate to be used by users for e-mail, EFS, and client authentication Web ServerProves the identity of a Web server Certificate templates include:

9 New Certificate Services Features in Windows Server 2008 New FeatureDescription Enterprise PKIA tool for monitoring your PKI environment Network Device Enrollment Service Allows routers and switches to obtain X.509 certificates Online certificate status protocol Allows queries to view the validity of certificates Policy settings Updated with addition features for managing certificated by using Group Policy Web enrollmentUpdated to use a new DLL for enrollment control Cryptography Next Generation A set of APIs for performing cryptographic operations Restricted Enrollment Agent An authorized individual that can approve certificate requests for specific security groups New certificate services features include:

10 Lesson 2: Using Certificates What Is the Certificates Snap-in? What Is SSL? What Is IPSec? What Is S/MIME? How Certificates Are Used for Remote Access Demonstration: Obtaining a User Certificate

11 What Is the Certificates Snap-in? The Certificates snap-in manages user and computer certificates

12 What Is SSL? Secure Sockets Layer (SSL): Encrypts communication between a client and server Requires no client configuration Is commonly used with basic authentication Uses asymmetric encryption to establish a secure channel Uses symmetric encryption to secure data in transit Server Client Encrypted Text Unencrypted Text

13 What Is IPSec? IPSec: Secures communication between two hosts Authenticates both hosts Is configured by using Windows Firewall with Advanced Security Can use multiple authentication types: – Pre-shared key – Kerberos version 5 protocol – Certificates

14 What Is S/MIME? Secure Multipurpose Internet Mail Extensions (S/MIME): Is a standard for helping to secure e-mail communication Can encrypt e-mail messages Can digitally sign e-mail messages Is supported by most e-mail clients Requires coordination between senders

15 How Certificates Are Used for Remote Access When certificates are used for remote access: The certificates are used as an authentication method Security is increased over using a username and password Can be placed on a smart card for additional security

16 Demonstration: Obtaining a User Certificate In this demonstration, you will see how to obtain a user certificate.

17 Lab: Securing Web Communication Exercise 1: Verifying the Trusted Root CA Exercise 2: Securing a Web site by using SSL Logon information Virtual computer NYC-DC1, NYC-CL1 User nameAdministrator Password Pa$$w0rd Estimated time: 60 minutes

18 Lab Review Why does accessing the Web site by IP address trigger a warning? What is the difference between removing the HTTP binding for a Web site and requiring the use of SSL? What is the difference between a certificate request, a domain certificate, and a self-signed certificate?

19 Module Review and Takeaways Review Questions Real-world Issues and Scenarios Best Practices Tools

Download ppt "Module 9: Fundamentals of Securing Network Communication."

Similar presentations

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Grid Computing Basics From the perspective of security or An Introduction to Certificates.

Grid Computing Basics From the perspective of security or An Introduction to Certificates.
Deploying and Managing Active Directory Certificate Services

Deploying and Managing Active Directory Certificate Services
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Chapter 9 Deploying IIS and Active Directory Certificate Services

Chapter 9 Deploying IIS and Active Directory Certificate Services
70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Chapter 11: Active Directory Certificate Services

Chapter 11: Active Directory Certificate Services
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Similar presentations

Ads by Google