CIS288 WEEK 3: Designing A Secure public key Infrastructure Slide 1 Introduction Welcome to week 3 of C-I-S 288: Security Design

in a Windows 2003 Environment. In the previous lesson we discussed securing servers based on function. In this week we will discuss designing a secure public key infrastructure. Next Slide: Slide 2 Objectives When you complete this lesson you will be able to: Design a public key infrastructure using Certificate Services; Design a certification authority hierarchy implementation. Types include geographical, organizational, and trusted; Design a logical authentication strategy; Design security for C-A servers; And Design certificate distribution. Slide 3 Designing a Public Key Infrastructur e Next Slide: Every E-commerce transaction must satisfy three basic needs to be secure and complete: The first is the sender has the authority to send the required message; Second, the message is authentic; And third the sender cannot falsely deny sending the message or the content of the message. This is commonly referred to as nonrepudiation. Therefore, you need to protect the data during the transmission process. You do that by encrypting the content of the message with mathematical algorithms. There are several ways to encrypt messages. All of them fall into two major categories: symmetric and asymmetric algorithms. The symmetric model works on a shared key that works well in a protect environment. A good example is the A-TM machine. The asymmetric encryption is also known as public key cryptography. It involves two asymmetric key pairs. These are not like the Pin number. The two keys for the bank and

the customer are different. The two keys are referred to as the private and the public key. Digital certificates are based on public key cryptography. These certificates are made by applying two levels of cryptography to a message: hashing algorithms and signing algorithms. Slide 4 Designing a Public Key Infrastructur e (continued) Understandi ng PKI Next Slide: The figure on this slide illustrates the complete P-K-I process in trying to send an e-mail message to a recipient. There are 8 steps to complete the P-K-I implementation. Next Slide: P-K-I could be described as a collection of standards, policies, laws, and procedures that will ensure security using public and private key pairs. P-K-I assists in electronic transactions with the help of digital certificates and C-As to verify and validate the potential users of your application. The P-K-I architecture is a combination of several key components. These components vary from actual certificates to lists that will authorize or revoke user access to the enterprise. They include: digital certificates; certificate authorities, or C-As; certificate repositories; and key retrieval and recovery. Those are the major components of P-K-I, and here are some of the ways to indicate the structure of the P-K-I implementation: They include: certificate policy, practice statements and certificate revocation list, or C-R-L, and certificate trust list. The C-R-L list specifies the certificates that should be revoked before the expiration date. Users on this list will no longer have access to resources secured by certificates. And the C-T-L documents the trusted certificates of the enterprise. This signed list is issued by the C-As. Management of a Windows Server 2003 C-T-L is done via Group Policy Objects or G-P-Os. Next Slide:

Slide 5

Slide 6

Designing a Certification Authority Implementat ion

The design of the C-A is very important. The correct C-A design will provide reliable service to the users, and an organic structure to delete and add users. This will also reduce maintenance costs. You need to consider several factors when implementing a C-A; They include: Designing the root C-As, designing C-A types and roles; are you going to have internal C-As or delegate to third-party C-As?; and evaluate the optimum level of capacity for the C-As.

Slide 7

Next Slide: Designing a The C-As in a geographical hierarchy are organized Certification according to the geographical location of the subsidiaries of Authority the enterprise. This model allows the regional C-A Implementat administrators to manage their domains more efficiently. ion A sample model of the geographical hierarchy is shown on this slide. Next Slide: Designing a The trust hierarchy can also be designed to accommodate Certification the organizational structure of an enterprise. On this slide a Authority sample figure is shown of the organizational hierarchy. Implementat ion Next Slide: Designing a Certification Authority Implementat ion Some organizations have distributed and independent I-T departments. It could be difficult to identify and implement a single entity as a root C-A, and there might be little communication between these subsidiaries since they operate independently within their domain. A single root CA design would not be appropriate for this scenario. You can overcome this issue by designing a network trust model. There is no single root C-A in this model; instead, there are multiple C-As taking the role of the root C-A. There are trust relationships between these C-As, which is achieved by each C-A issuing the other a cross certificate. These cross certificates can be bidirectional or unidirectional. Shown on this slide is an example of Network Trust Security. Next Slide:

Slide 8

Slide 9

Slide 10

Designing a Logical Authenticati on Strategy

A logical authentication strategy for an enterprise could be very complex. You need to provide a secure environment to communicate with your business partners. The enterprise might consist of many employees situated in many locations. Those employees might work at company premises and external locations. These employees could also travel for their work purposes. The most important feature of the authentication strategy is to prevent intruders from accessing sensitive data. You need to consider all these features to build a logical authentication strategy for the enterprise. Windows Server 2003 provides a secure framework for users, computers, and services of the enterprise. This is achieved by creating Active Directory accounts for each resource that needs to be accessed in the enterprise. The first step of the strategy is to review the existing authentication strategy. Then, you need to create the users in Active Directory that can access these resources. Then, you have to configure the computer accounts for the resources. The next step is to secure the authentication process of the enterprise. This can be done in many ways. They include: Create a strong password policy for users and service accounts in the enterprise, configure an account lockout policy, limit the usage according to time, and monitor the expiration time frames of the P-K-I certificates.

Slide 11

Designing Security for CA Servers

Next Slide: Securing Enterprise C-A servers is a very important step in a P-K-I implementation. Hackers can inflict a myriad of attacks on sensitive data if the C-A servers are compromised. They can modify the certificates or alter the configuration of the C-A servers, thus impacting all systems within the Enterprise I-T systems. You should take steps to protect the C-A servers. Next Slide: Now that we have discussed P-K-I in theory, you can put it into practice. Windows Server 2003 implements a Web Enrollment Support system to request certificates. It also supports auto-enrollments and auto-renewals. Windows Server 2003 also supports delta C-R-L lists. You can manage the C-A server using the C-A M-M-C snap-in or the CERT-UTIL dot E-X-E command-line tool. Next Slide:

Slide 12

Designing Certificate Distribution

Slide 13

Summary

We have reached the end of this lesson. Lets take a look at what we have covered. Discussed first was Designing a Public Key Infrastructure. You need to protect the data during the transmission process. You do that by encrypting the content of the message with mathematical algorithms. There are several ways to encrypt messages. All of them fall into two major categories: symmetric and asymmetric algorithms. Next we discussed P-K-I. P-K-I could be described as a collection of standards, policies, laws, and procedures that will ensure security using public and private key pairs. P-KI assists in electronic transactions with the help of digital certificates and C-As to verify and validate the potential users of your application. This followed with a discussion on Designing a Certification Authority Implementation. The design of the C-A is very important. The correct C-A design will provide reliable service to the users, and an organic structure to delete and add users. This will also reduce maintenance costs. We concluded the lesson with a discussion on Designing Security for C-A Servers. Securing Enterprise C-A servers is a very important step in a P-K-I implementation. Hackers can inflict a myriad of attacks on sensitive data if the C-A servers are compromised. You should take steps to protect the C-A servers.