Hughes | Pro Active Directory Certificate Services | Buch | 978-1-4842-7485-9 | www.sack.de

Buch, Englisch, 230 Seiten, Book, Format (B × H): 155 mm x 235 mm

Hughes

Pro Active Directory Certificate Services

Creating and Managing Digital Certificates for Use in Microsoft Networks
1. Auflage 2022
ISBN: 978-1-4842-7485-9
Verlag: APRESS

Creating and Managing Digital Certificates for Use in Microsoft Networks

Buch, Englisch, 230 Seiten, Book, Format (B × H): 155 mm x 235 mm

ISBN: 978-1-4842-7485-9
Verlag: APRESS

In order to deploy and use Microsoft Certificate Services, you need to understand the fundamentals of cryptography, digital signatures, encryption, TLS, and S/MIME. It is also important to understand the concepts behind public key infrastructure (PKI). This book teaches you all the required background knowledge you need. Then it takes you deeper, step by step, teaching you how to deploy Certificate Services and configure it to issue various digital certificate types, complete with examples of using these certificates with IIS, Outlook, and Windows. Microsoft-based networks—on-premises, hybrid, and cloud-based networks—are used in companies of all sizes. Within them, there are many applications of digital certificates that can be created and managed by Microsoft Certificate Services. As security is more important than ever, and cryptography and PKI are fundamental to so many of these defenses, understanding Microsoft Certificate Services is becoming an increasingly more desirable skill. Most IT workers don’t realize the many uses and purposes of Certificate Services, especially within a corporate or government agency network, and how tightly integrated they are with Microsoft Windows Domain style of networks and Active Directory (on-premises or cloud-based, including Azure, AWS, and Google Cloud Services). This book will teach you the gamut. You will appreciate the learning approach presented in the book, beginning with the basics (cryptographic primitives such as encryption and message digests), getting into combinations of primitives to accomplish specific things (such as digital signatures and envelopes), and then trying real-word systems based on digital certificates and PKI (such as TLS, S/MIME secure email, cryptographic authentication, and more). The book wraps it all up and you will learn how to deploy Certificate Services and issue the various types of certificates, including how they are used. What You Will LearnUnderstand basic cryptography (symmetric and asymmetric key encryption, message digests, and digital signatures and envelopes)Know how TLS, S/MIME, and cryptographic authentication workDiscover applications of cryptography related to secure servers with TLS and cryptographic (passwordless) authentication to online services including Windows and secure emailGet to know the common types of digital certificates, how to create and manage them, and examples of their use with IIS, Outlook, etc. Who This Book Is ForMicrosoft system and network engineers, security engineers, and CISOs. Readers should have familiarity with Windows Server 2019 (or more recent) and Active Directory.
Hughes Pro Active Directory Certificate Services jetzt bestellen!

Zielgruppe

Professional/practitioner

Autoren/Hrsg.

Hughes, Lawrence E.

Weitere Infos & Material

Chapter 1-01 – Basic Cryptography – Symmetric Key Encryption Intro to cryptography Symmetric Key vs Asymmetric Key Encryption Key Management Symmetric Key Encryption (Secret Key) Key Management with just Symmetric Key Common Symmetric Key Algorithms Strength of Symmetric Key Algorithms based on Key Length Encryption Modes Examples Chapter 1-02 – Basic Cryptography – Message Digest Intro to message digests Characteristics of a Good Message Digest Algorithm Conception representations Primary uses Chapter 1-03 – Basic Cryptography – Asymmetric Key Encryption Intro to Asymmetric Key (public/private key) How Asymmetric Key Cryptography Works Common Asymmetric Key Algorithms Conceptual Model Algorithm Performance Demo of Crypto Challenge Mechanism Chapter 1-04 – Digital Signature and Digital Envelope Basic concepts for Digital Signatures Creating a Digital Signature Validating a Digital Signature Basic concepts for Digital Envelopes Creating a Digital Envelope Opening a Digital Envelope Chapter 1-05 – Digital Certificates X.509 standard, PKIX (Public Key Infrastructure for X.509) RFCs Details of X.509 certificates Server Certificates Client Certificates S/MIME Certificates Windows Login Certificates Validation of Certificates Certificate Lifetime Management Certificate Revocation (CRL, OCSP) Chapter 1-06 – Public Key Infrastructure Creating and Managing Digital Certificates Requirements for a Secure Network Protecting the CA private keys in an HSM Certificate Hierarchies – public and private Ways to access a Certification Authority Installing CA certificates on relying nodes Chapter 1-07 – Certificate Revocation and Renewal The Need for Certificate Revocation Comparison with Credit Card Revocation Certificate Revocation Lists (CRLs) Open Certificate Status Protocol (OCSP) Publishing CRLs via HTTP and LDAP Running an OCSP Server Chapter 1-08 – Key Management Managing Symmetric Keys Managing Asymmetric Public Keys Managing Asymmetric Private Keys Key Backup and Recovery Key Escrow Building and Publishing a Shared Address Book with Certificates with Active Directory Chapter 1-09 – Public Key Infrastructure Putting All of the Above Pieces Together Security Requirements for a PKI Deploying and Running a PKI Providing Secure Access to a PKI Chapter 1-10 – SSL and TLS TLS (Transport Layer Security) – the New Name for Secure Socket Layer (SSL) Standards (TLS v1.2, TLS v1.3) Deploying a Secure TLS Server (e.g. HTTPS, SMTPS, IMAPS, LDAPS, FTPS) Strong Client Authentication in TLS with a Client Certificate Issues with TLS in Multi-link Systems (e.g. E-mail, FTP) Chapter 1-11 – S/MIME Secure E-mail Multipurpose Internet Mail Extensions (MIME) Secure MIME (S/MIME) Comparison with TLS – How it Complements S/MIME, not competes with it Adding Digital Signatures and Digital Envelopes in Internet E-mail Certificate issues with S/MIME Access to Recipient Certificates for Encrypted Messages Deploying S/MIME Automated S/MIME Certificate Management  Automated Creation of a Shared Address Book in Active Directory Private Key Escrow Chapter 1-12 – Cryptographic Authentication Comparison with Username/Password Authentication Two Factor Authentication (2FA) Using Digital Certificates for Cryptographic Authentication How Crypto Challenge Works in TLS Embedding Crypto Challenge in Cell-Phone Based Push Notification Chapter 2-01 – Microsoft Certificate Services What Certificate Services Is and How it Works Integration with Windows Server 2019 and Active Directory Using mmc.exe to request Certificates Deploying Certificate Services Chapter 2-02 – Issue and Manage TLS Server Certificates Contents of a TLS Server Certificate Creating Certificate Template for TLS Server Certificates Preparing to Issue TLS Sever Certificates Using mmc.exe to request a TLS Server Certificate Installing a TLS Server Certificate to Enable HTTPS in IIS Testing HTTPS in IIS Chapter 2-03 – Issue and Manage TLS Client Certificates Contents of a TLS Client Certificate Creating Certificate Template for TLS Client Certificates Preparing to Issue TLS Client Certificates Using mmc.exe to request a TLS Client Certificate Installing a TLS Client Certificate for Strong Client Authentication Against IIS Testing Strong Client Authentication in IIS Chapter 2-04 – Issue and Manage S/MIME Certificates Contents of a S/MIME Certificate Creating Certificate Template for S/MIME Certificates Preparing to Issue S/MIME Certificates Using mmc.exe to request an S/MIME Certificate Installing an S/MIME Certificate in Outlook  Adding Digital Signature to Internet E-mail Adding Digital Envelope to Internet E-mail Obtaining Recipient Certificates from Active Directory Chapter 2-05 – Cryptographic Authentication to Windows Computers Windows Smartcard Login Contents of a Windows Login Certificate Creating Certificate Template for Windows Login Certificates Preparing to Issue Windows Login Certificates Using mmc.exe to request a Windows Login Certificate Replacing Username/Password Windows Login with Smartcard Login Windows Hello

Lawrence Hughes is a renowned expert in cryptography and PKI. He previously worked at VeriSign and co-founded and was CTO at CipherTrust (a secure email proxy appliance). He also was employed at Sixscape Communications in Singapore where he was responsible for creating much of their technology. Lawrence founded the US-based company PKIEdu Inc. (Public Key Infrastructure Education) to conduct training and consulting in the area of PKI. He created and taught the courseware at VeriSign (the first leading company in the PKI space) and presented it internationally to affiliates and large customers. He is a security author and was heavily involved in the deployment of several national certification authorities in the UK, Netherlands, and Australia.

Ihre Fragen, Wünsche oder Anmerkungen
Vorname*
Nachname*
Ihre E-Mail-Adresse*
Kundennr.
Ihre Nachricht*
Lediglich mit * gekennzeichnete Felder sind Pflichtfelder.
Wenn Sie die im Kontaktformular eingegebenen Daten durch Klick auf den nachfolgenden Button übersenden, erklären Sie sich damit einverstanden, dass wir Ihr Angaben für die Beantwortung Ihrer Anfrage verwenden. Selbstverständlich werden Ihre Daten vertraulich behandelt und nicht an Dritte weitergegeben. Sie können der Verwendung Ihrer Daten jederzeit widersprechen. Das Datenhandling bei Sack Fachmedien erklären wir Ihnen in unserer Datenschutzerklärung.