pki in today's landscape (mauritius - siddick)
DESCRIPTION
This presentation was delivered by Siddick Elaheebocus during Microsoft TechDays 2010 in Mauritius explaining the bolts and nuts behind Public Key Infrastructure and how the same are being used within organizations and on a national level to address IT security concerns.TRANSCRIPT
Public Key Infrastructure in today’s Landscape
Siddick ElaheebocusSales Engineer (Microsoft Lead) / MCT
Harel Mallac Technologies Ltd
Agenda
Security – The buzz words of today!Symmetric v/s Asymmetric – What’s this?Microsoft PKI – Secure your infrastructurePKI terminologies made easy!Demos – See Security!Microsoft PKI Other UsageEnterprise CA Architecture and HSM integrationGovernment PKI Scenarios - eGovermentor large scale Enterprise
Security – The buzz words of today!CryptographyEncryption (Confidentiality)Smart card logon (Two Factor Authentication)Digital Signatures (Non-Repudiation)Secure e-mail (S/MIME)Traffic Security (SSL)IP Security (IPSEC)802.1x Authentication (Wireless Security)Software code Signing (Integrity)Etc …
WHAT’S BEHIND THE SCENE!
Symmetric Key Cryptography
Encryption
“The quick brown fox jumps over the lazy dog”
“AxCv;5bmEseTfid3)fGsmWe#4^,sdgfMwir3:dkJeTsY8R\s@!q3%”
“The quick brown fox jumps over the lazy dog”
Decryption
Plain-text input Plain-text outputCipher-text
Same key(shared secret)
Public Key Encryption (Asymmetric)
Encryption
“The quick brown fox jumps over the lazy dog”
“Py75c%bn&*)9|fDe^bDFaq#xzjFr@g5=&nmdFg$5knvMd’rkvegMs”
“The quick brown fox jumps over the lazy dog”
Decryption
Clear-text Input Clear-text OutputCipher-text
Different keys
Recipient’s public key
Recipient’s private key
private
public
CAN THIS BE TRANSLATED INTO REALITY?
Microsoft PKISecure your infrastructure
Active Directory Certificate Services (AD CS), a role in Windows Server, provides an integrated public key infrastructure (PKI) that enables capabilities such as secure exchange of information, strong authentication, and secure communication across the Internet, extranets, intranets, and applications.
PKI terminologies made easy!
Public Key
Private Key
Certificate
Certification Authority
Demos – See Security!
Show me that famous KEY!How we get certificates from a CA!Encrypting files (EFS) in action!Let’s secure our e-mails (S/MIME)Securing traffic (SSL)Two factor authentication (Smart Cards)
Microsoft PKI Other Usage
Document Security Rights Management Services
BitlockerSecure volume encryption
ServicesMicrosoft Exchange 2010Office Communications ServerEtc…
Secure Internet transactionsSecure Electronic Transactions (SET)
Systems ManagementV-Pro SCCM
Direct AccessAnywhere access solution into your corporate network
Wireless security802.1x and Wi-Fi Protected Access (WPA2)
Network SecurityNetwork Access Protection (NAP)Network Device Enrollment
Enterprise CA ArchitectureRoot CA
Offline Stand-Alone
4096 Bits20 Years
Intermediate CA 1
Offline Stand-Alone2048 Bits10 Years
Intermediate CA n
Offline Stand-Alone2048 Bits10 Years
Issuing CADomain Member
2048 Bits5 Years
Issuing CA mDomain Member
2048 Bits5 Years
Optional tier, needed only in specific circumstances
Hardware Security ModulesHigher protection for your keysFor compliance (e.g. Banks – PCIDSS)Need FIPS140-1 level 2 or higher standards
X.509
Large Scale PKI Architecture
WHAT IS THE USE OF SUCH LARGE SCALE PKI?
PKI Scenarios - eGoverment
National IDAuthentication to government services (gateway)eVoting/eDemocracyNational Archive
And many more …
In the NEWS - Mauritius
Key Take Aways
Overview of Microsoft PKIHow PKI can assist you in your security questThe present and future of Microsoft PKILarge scale PKI usage
Next StepsMore information on Windows Server 2008:http://www.microsoft.com/windowsserver2008/en/us/overview.aspx
Microsoft Identity and Access Web Sitehttp://www.microsoft.com/ida
Microsoft PKI Web Sitehttp://www.microsoft.com/pki
PKI Enhancements in Windows http://www.microsoft.com/technet/technetmag/issues/2007/08/SecurityWatch/
default.aspx
TechNet Library for Active Directory Certificate Services:http://technet2.microsoft.com/windowsserver2008/en/library/045d2a97-1bff-43bd-
8dea-f2df7e270e1f1033.mspx?mfr=true
Questions &
Answers
Meet me at the Ask The Expert Section
10 Hot Topics every IT Admin needs to know about Windows Server 2008 R2
Immerse yourself in the Unified Communications World CIE Labs at HMT Stand
Next Presentation
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.