Lead Image © vlue, 123RF.com
Windows security with public key infrastructures
Unreadable
Establishing and maintaining public key infrastructures (PKIs) is considered complex and time consuming. Moreover, they can be expensive if you want to use public certificates to improve security. That said, no other system provides an equivalent level of safety. In this article, I introduce the main components of a PKI and show practical implementation options using examples such as email encryption in Outlook and VPN access.
Microsoft's operating systems and applications provide many safety features for improving data protection. Very often, these measures focus on enhanced login security through a stronger and improved password policy, additional software for login security, or the use of firewalls on servers and clients or centrally on gateway servers to the Internet. A feature rarely used to improve security in Windows environments is based on a PKI that relies on certificates issued for various applications, services, and procedures.
All too often, sensitive data transfers are still transmitted without protection, email with sensitive content is not encrypted, or the latest business report is transferred in the clear over FTP. Logging on to the web interface of a third-party solution to inventory software relies on Active Directory (AD) authorization, but the username or password are transmitted in clear text via HTTP. These examples show how a lack of understanding or expertise in the field of encrypted connections can cause security problems.
PKI Components
A PKI comprises the certification authority (CA), a registration authority (RA), and a validation authority (VA). The CA issues certificates, which are requested by the RA and validated and approved by the VA. Additional components include, for example, a revocation list distribution point in the form of a certificate revocation list (CRL) and the Online Certificate Status Protocol (OCSP) to verify the validity of
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Changes in Exchange Server 2013
Exchange Server 2013 sees Microsoft complete the latest version of its groupware solution. In this article, we introduce new features in the server and reveal which features have been eliminated. -
State-of-the-art virtual private networks
Because Microsoft's legacy VPN protocol, PPTP, has a couple of vulnerabilities, SSTP, which routes data via an SSL connection, was introduced as the new VPN protocol with Vista, Windows Server 2008, and Windows 7. -
Securing the TLS ecosystem with Certificate Transparency
With the need for home offices during the pandemic lockdown, provisional solutions instituted on the fly during the transition from office to home require more permanent solutions, especially for securing TLS connections on the Internet. -
Setting up Exchange Server 2010 with SP1
Exchange is the standard messaging solution on Windows. This article explains how to install Exchange 2010 and supplies elegant workarounds for some of the pitfalls. -
Shell access via a web browser
PHP Shell and Shell In A Box put a shell in your browser, thus facilitating web server management – even from the nearest Internet cafÈ and without SSH access.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
