Chapter 4: Installing, Configuring, Managing Windows 2000 Certificate Authorities

Introduction

Organizations today rely on networks for access to information. These range from internal networks to the Internet. Access must be configured to provide information to other organizations that request it. For example, when a person wants to make a purchase, they can quickly check out vendors' prices through their Web pages. To not allow the competition to get ahead of their organization, they must establish their own Web page for the advertising and ordering of their products.

In the past, Windows NT provided user security through account names and passwords. At logon, every user had to submit credentials, which were compared against a server's database for authentication. The matching of the username and password identified the user but failed to identify the corporate server. This environment allowed many Man-in-the-Middle (MITM) attacks. An attacker could configure a server to impersonate the corporate server, thus intercepting the data from the user as well as from the corporate server. With the man in the middle in place, an attacker could grab sensitive data when users sent information to the corporate server. The man in the middle could have access to sensitive information when the server sent the information to the requesting user. The best way to prevent impersonation from occurring on a network is to have both the user and the server verify themselves to each other.

Windows 2000 includes new security features that prevent MITM attacks. The new security features include the components that create the Public Key Infrastructure (PKI). As the name implies, security is based on the use of public key pairs.