Windows Server 2003 Security Infrastructures
This nuts and bolts guide is a must-read for anyone wants to know about Windows Server 2003 security and leverage the operating systems' security infrastructure.
TABLE OF CONTENTS Windows Server 2003 Security Infrastructures
Chapter 13: Introducing Windows Server 2003 Public Key Infrastructure
This chapter is the first chapter on Windows Server 2003 PKI in this book. In this chapter we will look at the added value of using Microsoft Windows Server 2003 PKI as the building block for advanced IT security in your organization. We will also take a closer look at all of its core components: the certificate server, the CryptoAPI, the Data Protection API, and the Active Directory.
13.1 Getting started
Reading this chapter requires a good understanding of the general concepts of cryptography (and particularly asymmetric cryptography) and public key infrastructure (PKI). Good introductions to cryptography and PKI are available in the following books:
-
Understanding Public-Key Infrastructure by Carlisle Adams and Steve Lloyd (Macmillan, 1999).
-
Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure by Russ Housley and Tim Polk (John Wiley, 2001).
-
PKI: Implementing and Managing E-Security by Andrew Nash (McGraw-Hill, 2001).
-
Introduction to the Public Key Infwrastructure for the Internet by Messaoud Benantar (Prentice Hall, 2001).
13.2 A short history of Windows PKI
With the release of Windows Server 2003, Microsoft ships version 3 of its PKI software. Figure 13.1 shows a timeline of the Microsoft PKI software versions and the different NT releases.
Figure 13.1: : Microsoft Windows NT and PKI timeline.
Microsoft s original Certificate Authority (CA) software, which became available as part of the Windows NT 4.0 Option Pack, is a basic PKI solution that many administrators use to generate Secure Sockets Layer (SSL) or Secure...
Copyright Hewlett-Packard Development Co., L.P. 2004 under license agreement with Books24x7
