CA [See certification authority] cable plants as risk factors securing cables as risk factors securing transmissions cameras , securing data centers with 2nd CAPI (Cryptographic API) requesting certificates and writing custom PKI-aware software CAPICOM (CAPI Component Object Model) card key systems controlling security vulnerabilities 2nd CDPs (CRL distribution points) choosing for private certification hierarchies configuring for root CA publishing CRL of offline root CA centralizing remote access authentication Cert Publishers group Certificate Export Wizard certificate hierarchy certificate policy (CP), constructing certificate practice statement (CPS), constructing certificate revocation lists [See CRLs] certificate rules best practices suggest using creating new rules for identifying applications Certificate Services issuing email certificates with in Windows Server 2003 certificate templates 2nd configuring digital signature certificates configuring encryption certificates certificate-based authentication, configuring IPSec for certificates 2nd [See also private certification hierarchies] archiving private keys and 2nd backing up private keys and benefits of deploying client certificates distributing enrollment applications expiration dates of exporting to floppy disks without private keys formatting importing received certificates issued by certification authorities origins of processing requests for publishing requesting supported by Windows Server 2003 for IPSec communication types of Windows Certificates snap-in Certificates MMC snap-in 2nd certification authority commercial vendors configurable certificate templates and configuring clients to trust your certificates functions of how it works improvements to private processing requests for certificates public requesting certificates from role separation and sending digitally signed email using your own certification authority certificates certification hierarchies choosing between public/private CAs private [See private certification hierarchies] CGI (Common Gateway Interface) applications, supported by IIS checklist, security checksum identifying applications using sending digitally signed email used with signed code cipher.exe /w command 2nd clearing full security logs client autoenrollment , obtaining certificates using client certificates, deploying client interactions with servers (DHCP) clock synchronization, maximum tolerance for Code Red (Internet worm) commercial certification authorities Compatible Workstation Security template compatws.inf template computer accounts Account Policies at OU level Active Directory and cleaning up, if stale deploying software with GPOs computer certificates computer clock synchronization, maximum tolerance for computers, stolen configuration context (Active Directory forest) 2nd Configure Automatic Updates setting containers vs. OUs (organizational units) contiguous namespace of Active Directory trees CP (certificate policy), constructing CPS (certificate practice statement), constructing CRL distribution points (CDPs) choosing for private certification hierarchies configuring for root CA publishing CRL of offline root CA CRLs (certificate revocation lists) architecture of delta CRLs expiration dates of implementing a public PKI importing publishing 2nd for offline root CA 2nd how often two-tier vs. three- tier PKI cryptographic accelerators vs. hardware security modules (HSMs) Cryptographic API (CAPI) requesting certificates and writing custom PKI-aware software cryptographic hardware for private certification hierarchies cryptography key-based shared secret keys smart cards and
