pki in today's landscape (mauritius - siddick)
DESCRIPTION
This presentation was delivered by Siddick Elaheebocus during Microsoft TechDays 2010 in Mauritius explaining the bolts and nuts behind Public Key Infrastructure and how the same are being used within organizations and on a national level to address IT security concerns.TRANSCRIPT
![Page 1: PKI in today's landscape (Mauritius - Siddick)](https://reader035.vdocuments.site/reader035/viewer/2022062303/5568694fd8b42a203d8b507b/html5/thumbnails/1.jpg)
![Page 2: PKI in today's landscape (Mauritius - Siddick)](https://reader035.vdocuments.site/reader035/viewer/2022062303/5568694fd8b42a203d8b507b/html5/thumbnails/2.jpg)
Public Key Infrastructure in today’s Landscape
Siddick ElaheebocusSales Engineer (Microsoft Lead) / MCT
Harel Mallac Technologies Ltd
![Page 3: PKI in today's landscape (Mauritius - Siddick)](https://reader035.vdocuments.site/reader035/viewer/2022062303/5568694fd8b42a203d8b507b/html5/thumbnails/3.jpg)
Agenda
Security – The buzz words of today!Symmetric v/s Asymmetric – What’s this?Microsoft PKI – Secure your infrastructurePKI terminologies made easy!Demos – See Security!Microsoft PKI Other UsageEnterprise CA Architecture and HSM integrationGovernment PKI Scenarios - eGovermentor large scale Enterprise
![Page 4: PKI in today's landscape (Mauritius - Siddick)](https://reader035.vdocuments.site/reader035/viewer/2022062303/5568694fd8b42a203d8b507b/html5/thumbnails/4.jpg)
Security – The buzz words of today!CryptographyEncryption (Confidentiality)Smart card logon (Two Factor Authentication)Digital Signatures (Non-Repudiation)Secure e-mail (S/MIME)Traffic Security (SSL)IP Security (IPSEC)802.1x Authentication (Wireless Security)Software code Signing (Integrity)Etc …
WHAT’S BEHIND THE SCENE!
![Page 5: PKI in today's landscape (Mauritius - Siddick)](https://reader035.vdocuments.site/reader035/viewer/2022062303/5568694fd8b42a203d8b507b/html5/thumbnails/5.jpg)
Symmetric Key Cryptography
Encryption
“The quick brown fox jumps over the lazy dog”
“AxCv;5bmEseTfid3)fGsmWe#4^,sdgfMwir3:dkJeTsY8R\s@!q3%”
“The quick brown fox jumps over the lazy dog”
Decryption
Plain-text input Plain-text outputCipher-text
Same key(shared secret)
![Page 6: PKI in today's landscape (Mauritius - Siddick)](https://reader035.vdocuments.site/reader035/viewer/2022062303/5568694fd8b42a203d8b507b/html5/thumbnails/6.jpg)
Public Key Encryption (Asymmetric)
Encryption
“The quick brown fox jumps over the lazy dog”
“Py75c%bn&*)9|fDe^bDFaq#xzjFr@g5=&nmdFg$5knvMd’rkvegMs”
“The quick brown fox jumps over the lazy dog”
Decryption
Clear-text Input Clear-text OutputCipher-text
Different keys
Recipient’s public key
Recipient’s private key
private
public
CAN THIS BE TRANSLATED INTO REALITY?
![Page 7: PKI in today's landscape (Mauritius - Siddick)](https://reader035.vdocuments.site/reader035/viewer/2022062303/5568694fd8b42a203d8b507b/html5/thumbnails/7.jpg)
Microsoft PKISecure your infrastructure
Active Directory Certificate Services (AD CS), a role in Windows Server, provides an integrated public key infrastructure (PKI) that enables capabilities such as secure exchange of information, strong authentication, and secure communication across the Internet, extranets, intranets, and applications.
![Page 8: PKI in today's landscape (Mauritius - Siddick)](https://reader035.vdocuments.site/reader035/viewer/2022062303/5568694fd8b42a203d8b507b/html5/thumbnails/8.jpg)
PKI terminologies made easy!
Public Key
Private Key
Certificate
Certification Authority
![Page 9: PKI in today's landscape (Mauritius - Siddick)](https://reader035.vdocuments.site/reader035/viewer/2022062303/5568694fd8b42a203d8b507b/html5/thumbnails/9.jpg)
Demos – See Security!
Show me that famous KEY!How we get certificates from a CA!Encrypting files (EFS) in action!Let’s secure our e-mails (S/MIME)Securing traffic (SSL)Two factor authentication (Smart Cards)
![Page 10: PKI in today's landscape (Mauritius - Siddick)](https://reader035.vdocuments.site/reader035/viewer/2022062303/5568694fd8b42a203d8b507b/html5/thumbnails/10.jpg)
Microsoft PKI Other Usage
Document Security Rights Management Services
BitlockerSecure volume encryption
ServicesMicrosoft Exchange 2010Office Communications ServerEtc…
Secure Internet transactionsSecure Electronic Transactions (SET)
Systems ManagementV-Pro SCCM
Direct AccessAnywhere access solution into your corporate network
Wireless security802.1x and Wi-Fi Protected Access (WPA2)
Network SecurityNetwork Access Protection (NAP)Network Device Enrollment
![Page 11: PKI in today's landscape (Mauritius - Siddick)](https://reader035.vdocuments.site/reader035/viewer/2022062303/5568694fd8b42a203d8b507b/html5/thumbnails/11.jpg)
Enterprise CA ArchitectureRoot CA
Offline Stand-Alone
4096 Bits20 Years
Intermediate CA 1
Offline Stand-Alone2048 Bits10 Years
Intermediate CA n
Offline Stand-Alone2048 Bits10 Years
Issuing CADomain Member
2048 Bits5 Years
Issuing CA mDomain Member
2048 Bits5 Years
Optional tier, needed only in specific circumstances
![Page 12: PKI in today's landscape (Mauritius - Siddick)](https://reader035.vdocuments.site/reader035/viewer/2022062303/5568694fd8b42a203d8b507b/html5/thumbnails/12.jpg)
Hardware Security ModulesHigher protection for your keysFor compliance (e.g. Banks – PCIDSS)Need FIPS140-1 level 2 or higher standards
X.509
![Page 13: PKI in today's landscape (Mauritius - Siddick)](https://reader035.vdocuments.site/reader035/viewer/2022062303/5568694fd8b42a203d8b507b/html5/thumbnails/13.jpg)
Large Scale PKI Architecture
WHAT IS THE USE OF SUCH LARGE SCALE PKI?
![Page 14: PKI in today's landscape (Mauritius - Siddick)](https://reader035.vdocuments.site/reader035/viewer/2022062303/5568694fd8b42a203d8b507b/html5/thumbnails/14.jpg)
PKI Scenarios - eGoverment
National IDAuthentication to government services (gateway)eVoting/eDemocracyNational Archive
And many more …
![Page 15: PKI in today's landscape (Mauritius - Siddick)](https://reader035.vdocuments.site/reader035/viewer/2022062303/5568694fd8b42a203d8b507b/html5/thumbnails/15.jpg)
In the NEWS - Mauritius
![Page 16: PKI in today's landscape (Mauritius - Siddick)](https://reader035.vdocuments.site/reader035/viewer/2022062303/5568694fd8b42a203d8b507b/html5/thumbnails/16.jpg)
Key Take Aways
Overview of Microsoft PKIHow PKI can assist you in your security questThe present and future of Microsoft PKILarge scale PKI usage
![Page 17: PKI in today's landscape (Mauritius - Siddick)](https://reader035.vdocuments.site/reader035/viewer/2022062303/5568694fd8b42a203d8b507b/html5/thumbnails/17.jpg)
Next StepsMore information on Windows Server 2008:http://www.microsoft.com/windowsserver2008/en/us/overview.aspx
Microsoft Identity and Access Web Sitehttp://www.microsoft.com/ida
Microsoft PKI Web Sitehttp://www.microsoft.com/pki
PKI Enhancements in Windows http://www.microsoft.com/technet/technetmag/issues/2007/08/SecurityWatch/
default.aspx
TechNet Library for Active Directory Certificate Services:http://technet2.microsoft.com/windowsserver2008/en/library/045d2a97-1bff-43bd-
8dea-f2df7e270e1f1033.mspx?mfr=true
![Page 18: PKI in today's landscape (Mauritius - Siddick)](https://reader035.vdocuments.site/reader035/viewer/2022062303/5568694fd8b42a203d8b507b/html5/thumbnails/18.jpg)
Questions &
Answers
Meet me at the Ask The Expert Section
![Page 19: PKI in today's landscape (Mauritius - Siddick)](https://reader035.vdocuments.site/reader035/viewer/2022062303/5568694fd8b42a203d8b507b/html5/thumbnails/19.jpg)
10 Hot Topics every IT Admin needs to know about Windows Server 2008 R2
Immerse yourself in the Unified Communications World CIE Labs at HMT Stand
Next Presentation
![Page 21: PKI in today's landscape (Mauritius - Siddick)](https://reader035.vdocuments.site/reader035/viewer/2022062303/5568694fd8b42a203d8b507b/html5/thumbnails/21.jpg)
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.