C3 Security Consulting LLC
Confidentiality
Integrety
Availability		 company banner
HomeSecurityServicesVistaInformationCompany
  
floating layer default test box
Security
FOREFRONT
Hardware
Networking
Patch Management
PKI
Web
Windows
Wireless
On this page:
Planning a PKI
SSL/TLS
C3SC PKI Services
Related Links
Benefits of Linux
If you are undecided on what OS to use, see some of the added value of Linux.
Securing your Pocket PC
This article discusses security for handheld computers running Pocket PC/Windows Mobile 2003 operating systems.
SANS Institute
SANS Institute Web site maintains articles, documents, and links on computer security and wireless technologies.
Cerberus
Cerberus, an IPsec implementation from NIST. This implementation contain many different encryption cypher (including all the AES finalists), but is subject to US export controls.
NIST
NIST, Computer Security Resource Center.

Plan and implement a PKI

Print view

A Public Key Infrastructure is the foundation for many security functions within applications, Windows platforms and other operating systems. Of particular note are file and e-mail encryption, secure networking with IPSec, and remote VPN connections.

Encryption is a very effective way of protecting data, both on a media or in transmission. Although it will not protect the existence of your data such as, for instance, a backup would, if implemented appropriately it will serve as non-repudiation as well. However, it is a double edged sword; failure to implement solid administration practices and procedures may result in unrecoverable data.

Unfortunately, while the principle of PKI is simple, the implementation can be complicated. The issue is the administration of the key pairs. Among other functions, a mechanism must be in place to generate key pairs, issue them to authenticated clients, revoke them when needed, and still provide secure recovery mechanisms.

However, Microsoft have done their homework. There is an integrated PKI function available in almost all versions of Windows. These services are based on cryptographic functions (like administration) available in the later server versions of Windows.

But, like most things, nothing is for nothing. The degree of inherent functionality depends on the version of Windows and the level of integration between the relevant systems.

C3SC will plan and implement a PKI, based on Windows services, which can be without the need for third party products. We will create SOP’s for the generation, maintenance, and revocation of certificates. We will install and configure both server and client components. We will train your staff in the use of encryption (for file and e-mail encryption). We will automate the certificate generation.

   Infrastructure:         To provide PKI functions:       To achieve...  
  • Certificate authorities
  • Certificate services (on 2003)
  • Certificate templates
  • Enrollment
  • Revocation
  • Key/certificate management
  • Distribution of certificates
  • Backing up CA
  • Certificate revocation lists
  • Key escrow
  • Encrypted File Systems and recovery
  • Support for smart-cards
  • Enabling web encrypted SSL pages
  • Active Directory authentication
  • Digital signatures
  • etc.

SSL/TLS

Secure Socket Layer and Transport Layer Security are similar protocols, however, the implementation is slightly different. Both SSL and TLS are built on the foundation of your Public Key Infrastructure but TLS is usually implemented with hardware such as smart-cards.

Although both IPSec and SSL use digital certificates generated by the PKI, IPSec services are performed by the operating system and SSL by the application. Knowing this distinction and understanding the implications will allow C3SC to help you make the right choice for your needs.

Specifically, we will:

  1. Install and configure certificate services, and the servers themselves if necessary.
  2. Create a key management infrastructure.
  3. Produce SOPs for all major functions for certificate services:
    • File encryption
    • IPSec network encryption
    • Remote access
    • SSL on IIS
    • Authentication
  4. Train staff on administration and maintenance.
  5. Train end users in the specifics of certificate use.
  6. Document the environment.

See also..

▲Top of page
Did you know?
Windows XP and beyond include firewall technology.
If you have a gateway to the internet or are just using Windows XP Internet Connection Sharing, Windows has a great firewall, but you need to tune it to get the best from it.
Live CD
If you want to test a new/different version of Linux, there are many "live CD" distributions that allow you to boot into the operating system without needing to install it on the hard drive.
Frozen Explorer session?
If your explorer session has stopped responding, hit CTRL+SHFT+ESC to bring up taskmanager. On the processes tab, look for explorer.exe in the Image Name column and hit the End Process button. Your windows session will now seem to disappear. It can be restarted in taskmanager by going to File>New Task (Run) and typing explorer.exe.
Almost half of all companies surveyed spend less than 2% of their IT budget on security.
And of that figure, 40% spent less than 1% citing the engagement of senior management as a significant obstacle.
Need to grant admin access for a single app to a specific user or group?
Don't just give out root. Use Sudo to define and control admin access to all resources - and you are the admin, do the same thing for yourself. You will be much less likely to step on yourself.
Trademarks© Copyright (2006) C3 Security Consulting LLC, Washington DC. (+1 866 799 2969) - Hosted by Webmasters.com