Lead Image © vlue, 123RF.com

Lead Image © vlue, 123RF.com

Windows security with public key infrastructures

Unreadable

Article from ADMIN 35/2016
By
A rarely used feature for improving security in Windows environments relies on certificates issued for various applications, services, and procedures that is based on a public key infrastructure.

Establishing and maintaining public key infrastructures (PKIs) is considered complex and time consuming. Moreover, they can be expensive if you want to use public certificates to improve security. That said, no other system provides an equivalent level of safety. In this article, I introduce the main components of a PKI and show practical implementation options using examples such as email encryption in Outlook and VPN access.

Microsoft's operating systems and applications provide many safety features for improving data protection. Very often, these measures focus on enhanced login security through a stronger and improved password policy, additional software for login security, or the use of firewalls on servers and clients or centrally on gateway servers to the Internet. A feature rarely used to improve security in Windows environments is based on a PKI that relies on certificates issued for various applications, services, and procedures.

All too often, sensitive data transfers are still transmitted without protection, email with sensitive content is not encrypted, or the latest business report is transferred in the clear over FTP. Logging on to the web interface of a third-party solution to inventory software relies on Active Directory (AD) authorization, but the username or password are transmitted in clear text via HTTP. These examples show how a lack of understanding or expertise in the field of encrypted connections can cause security problems.

PKI Components

A PKI comprises the certification authority (CA), a registration authority (RA), and a validation authority (VA). The CA issues certificates, which are requested by the RA and validated and approved by the VA. Additional components include, for example, a revocation list distribution point in the form of a certificate revocation list (CRL) and the Online Certificate Status Protocol (OCSP) to verify the validity of

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • © Alessandro Russo, 123RF.com
    Changes in Exchange Server 2013
    Exchange Server 2013 sees Microsoft complete the latest version of its groupware solution. In this article, we introduce new features in the server and reveal which features have been eliminated.
    more »
  • Lead Image © Bruce Rolff, 123RF.com
    Securing the TLS ecosystem with Certificate Transparency
    With the need for home offices during the pandemic lockdown, provisional solutions instituted on the fly during the transition from office to home require more permanent solutions, especially for securing TLS connections on the Internet.
    more »
  • Lead Image © Stuart Miles, 123RF.com
    Obtain certificates with acme.sh
    We take a close look at acme.sh, a lightweight client for the ACME protocol that facilitates digital certificates for secure TLS communication channels.
    more »
  • Shell in a Browser

    PHP Shell and Shell In A Box put a shell in your browser, thus facilitating web server management – even from the nearest Internet café and without SSH access.

    more »
  • Photo by Oscar Sutton on Unsplash
    Certificate management with FreeIPA and Dogtag
    The Dogtag certificate manager integrated into the FreeIPA open source toolset generates SSL/TLS certificates for intranet services and publishes them on the network.
    more »
comments powered by Disqus