Beruflich Dokumente
Kultur Dokumente
Topics of Discussion
Certificate Authority overview Certificate Authority configuration Smart card logon Troubleshooting Certificate Authority
CA security model
Controlling enrollment through DACLs (discretionary access control lists)
Certificate Authority
Enrollment
Web-based Group Policy
Certificate Authority
Enterprise CA security model
DACLS Revoking certificates Renewing the CA
Enterprise CA
Root CA Intermediate CA Enterprise subordinate CA
ADVANTAGE PRO Chennais Premier Networking Training Centre
What is PKI?
A public key infrastructure (PKI) is a set of components that manages certificates and keys used by encryption and digital signature services. A good PKI must provide services for cryptographic operations, certificate enrollment and renewal, certificate distribution and validation, certificate revocation, plus administrative tools and services for managing all of the above.
ADVANTAGE PRO Chennais Premier Networking Training Centre
Active Directory
Authentication
Interactive logon Logon request Certificate verification Offline logon Remote access Local versus domain logon
Strategies
Effects of latency caused by Active Directory replication
Time lag for validity of Smart Card Enrollment Station Authenticating domain controllers may not be aware of a new CA Enrollment against an enterprise CA requires a root certificate to be in the chain
Optimizations
Certificate revocation lists (CRL)
When a certificate is revoked, it appears in the issuers CRL Smart card logon uses Microsoft Cryptographic Application Program Interface (CryptoAPI) 2.0
ADVANTAGE PRO Chennais Premier Networking Training Centre
CRLs are cached in the context of the user or computer and updates occur after its expiration Recommended CRL lifetime of 24 hours
Considerations
Properly removing a root CA
Remove root CAs certificate from manually created Group Policy objects Remove the root CA certificate from the root certificate store
DSSTORE Tool
Included in the Windows 2003 Resource Kit Provides the following abilities:
Force auto-enrollment events Manage and verify certificates List certificates in the enterprise Troubleshoot certificate chains
Wireless Networking
Wireless Networking - any networking that doesnt use a wire Radio Waves - electromagnetic waves that travel through the air and are used to carry signals back and forth between your device and an access point (two ways)
Access Points - network nodes connected directly to a wired local area network (air wire) Wireless Ports - devices that you plug into a computer to enable wireless connection -- PCMCIA wireless cards for portables -- PCI and USB adapters for desktops
* Some computers nowadays come with these devices already built into the computers
ADVANTAGE PRO Chennais Premier Networking Training Centre
IrDA
Bluetooth IEEE 802.11
IrDA
Established in 1993
Cheap Infrared connection (same basic technology as is used in a TV remote control) Low power Very short range (3 - 6 ft)
ADVANTAGE PRO Chennais Premier Networking Training Centre
Bluetooth
Introduced in 1998
Emerging replacement for IrDA to connect peripherals/devices to computers or cell phones Can connect up to 8 devices Very low power Short range (typically within a room)
ADVANTAGE PRO Chennais Premier Networking Training Centre
IEEE 802.11
Multiple flavors (802.11a, b, & g) 802.11b was first widespread technology. 802.11g is the latest technology and it offers the same data rate as 11a, but uses the same frequency as 11b.
WLANs
Wireless networks come in three major modes: Ad hoc Infrastructure Hybrid.
Ad hoc
Ad hoc mode refers to a wireless peer-to-peer network: that is, a network in which each device (usually a PC) connects via wireless radio to every other PC directly. The primary technical distinction between ad hoc and infrastructure networks is that infrastructure networks use an access point, while ad hoc networks do not. you connect each PC as you require it, but in a completely non-centralized way.
ADVANTAGE PRO Chennais Premier Networking Training Centre
Ad hoc
Infrastructure
Infrastructure mode refers to a wireless network controlled through a wireless access point that generates the signals for the individual devices to read through their wireless network adapters. The access point acts as a central traffic cop for the signals, and because you place it physically for the best possible reception, it provides more reliable connectivity than ad hoc networks.
Infrastructure
Hybrid mode
Hybrid mode consists of a combination of ad hoc and infrastructure networks. In this mode, you create an infrastructure network, and you then create ad hoc networks among the devices connected to the infrastructure. Hybrid mode maximizes the bandwidth of a wireless network by relieving the access point of the need to handle all traffic; instead, PCs transmit data to one another when possible, leaving the access point free to relay data to and from the wired LAN and to other access Training Centre points. ADVANTAGE PRO Chennais Premier Networking
Hybrid mode
Wireless Security
Wireless Security
IEEE Standards
IEEE 802.11 Multiple flavors (802.11a, b, & g) 802.11b was first widespread technology. 802.11g is the latest technology and it offers the same data rate as 11a, but uses the same frequency as 11b.
FREQUENCY
ACCEPTANCE
ALL THE
BEST