Chapter 12: Planning, Implementing, and Maintaining a Public Key Infrastructure

Previous page
Table of content
Next page


Introduction

Public Key Infrastructure (PKI) is the method of choice for handling authentication issues in large enterprise-level organizations today. Windows Server 2003 includes the tools you need to create a PKI for your company and issue digital certificates to users, computers, and applications. This chapter addresses the complex issues involved in planning a certificate-based PKI. We’ll provide an overview of the basic terminology and concepts relating to the public key infrastructure, and you’ll learn about public key cryptography and how it is used to authenticate the identity of users, computers, and applications and services. We’ll discuss the role of digital certificates and the different types of certificates; user, machine, and application certificates.

You’ll learn about certification authorities (CAs), the servers that issue certificates, including both public CAs and private CAs such as the ones you can implement on your own network using Windows Server 2003’s certificate services. Next, we’ll discuss the CA hierarchy and how root CAs and subordinate CAs act together to provide for your organization’s certificate needs. You’ll find out how the Microsoft certificate services work, and we’ll walk you through the steps involved in implementing one or more certification authorities based on the needs of the organization. You’ll learn to determine the appropriate CA type – enterprise or stand-alone CA – for a given situation and how to plan the CA hierarchy and provide for security of your CAs. We’ll show you how to plan for enrollment and distribution of certificates, including the use of certificate requests, role-based administration, and auto-enrollment deployment.

Next, we’ll discuss how to implement the use of smart cards for authentication within the PKI. You’ll learn what smart cards are and how smart card authentication works, and we’ll show you how to deploy smart card logon on your network. We’ll discuss smart card readers and show you how to set up a smart card enrollment station. Finally, we’ll discuss the procedures for using smart cards to log on to Windows, for remote access and VPNs, and to log on to a terminal server.


Previous page
Table of content
Next page
MCSE Planning and Maintaining a Windows Server 2003 Network Infrastructure. Exam 70-293 Study Guide and DVD Training System
MCSE Planning and Maintaining a Windows Server 2003 Network Infrastructure: Exam 70-293 Study Guide and DVD Training System
ISBN: 1931836930
EAN: 2147483647
Year: 2003
Pages: 173
Authors: Syngress, Syngress Publishing, Thomas W. Shinder, Debra Littlejohn Shinder
BUY ON AMAZON
CISSP Exam Cram 2
SQL Tips & Techniques (Miscellaneous)
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
GO! with Microsoft Office 2003 Brief (2nd Edition)
PMP Practice Questions Exam Cram 2
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy