Best Practices

Previous page
Table of content
Next page

Best Practices

  • Increase the security of root CA computers.

    You can do this by deploying offline CAs and, if possible, by deploying offline policy CAs, depending on your company s security policy.

  • Implement a hardware storage module.

    You should do this only if your company s security policy requires strong protection of CA key pairs.

  • Ensure that CRLs and CA certificates are published to accessible locations.

    The certificate chaining engine must have access to all CRLs and CA certificates in the certificate chain to validate a presented certificate. If any certificate or CRL is unavailable, its status cannot be determined.

  • Enable CRL checking in all applications.

    CRL checking ensures that a presented certificate passes validation tests for approval. If the certificate fails any tests, it is considered invalid.

  • Apply the latest service packs and hotfixes to CAs.

    This way, you ensure that the CA is protected against known vulnerabilities.


Previous page
Table of content
Next page
Microsoft Windows Security Resource Kit
Microsoft Windows Security Resource Kit
ISBN: 0735621748
EAN: 2147483647
Year: 2003
Pages: 189
Authors: Ben Smith, Brian Komar
BUY ON AMAZON
Beginning Cryptography with Java
C++ How to Program (5th Edition)
Visual C# 2005 How to Program (2nd Edition)
Microsoft WSH and VBScript Programming for the Absolute Beginner
Sap Bw: a Step By Step Guide for Bw 2.0
DNS & BIND Cookbook
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy