Free Essay

Public Key Infrastructure

In:

Submitted By dfcroughwell
Words 915
Pages 4
Public Key Infrastructure
David Croughwell
Prof. George Danilovics
Networking Security Fundamentals (CIS333)
17 February 2013

Public Key Infrastructure

In discussing the Public Key Infrastructure (PKI) we need to discuss the differences between asymmetric and symmetric keys. These two keys differ in how they are distributed to the various parties that would like to transfer information. Symmetric can be completed by hand delivery, transmitting the key encrypted with a public key, or through a secure connection. This symmetric key or “private key” is used by both parties for encryption and decryption, this method once the key is obtained is the faster of the two and the most secure. Private keys can also be incorporated with hardware devices which will also increase the speed in which the encryption/decryption takes place. Asymmetric keys or “public keys” are a combination of private keys and public keys, since in circumstances the individual receiving the file would have no other ways of receiving the private key securely. This requires a key that is generated so that it can be linked with the private key, being linked like this allows you to post the public key to certificate authorities who will verify that the two keys come from the individual that you expected. The means of identifying who you are can be handled by a third-party corporation. This is completed by utilizing a digital signature which is the equivalent of a handwritten signature. This tells the recipient that the document was created or authorized by the creator. These third parties who are known as certificate authorities (CA) would contact the registration authority (RA). The registration authority is the organization that validates the user requesting a digital certificate and grants permission to the certificate authority for issuing the certificate. A digital certificate is a binding document in which a public key actually belongs to the identity associated with that key. Once the key is authenticated you can use it to encrypt data being sent to the recipient who holds the other half of this public key. The certificate authority is the trusted third-party by both parties involved that will create the certificate. Although these are used for large organizations and the public, smaller businesses may not actually use these for internally created digital certificates. This can be completed through a local certificate authority server maintained by the private organization this would allow members of that organization to encrypt mail and data that could use asymmetric encryption. Although the RA and CA are two of the most critical parts of the PKI, they are not the only ones. Other pieces of the PKI include the subscriber or the person requesting the certificate. As a person or organization requests these certificates they will need a means of organizing them and storing them this is handled by the certificate repository. The repository must be able to monitor the certificates and track whether or not they are still valid. Certificates have expiration dates and as such must be pulled from the current active certificates and placed in the certificate revocation list or the CRL. The CRL does not only hold expired certificates but also certificates that have been revoked for other reasons. Certainly when making a decision between a public CA and an in-house CA you would have to consider the cost in each. The costs though have to include not just initial costs but also to maintain the system. This would include possibly more staff members or more experienced staff members. It could also include increased physical security as well as increased network security. Is the company capable of handling users registering for certificates? When looking at these items it makes deciding whether or not to run an in-house certificate authority. Advantages of running an internal certificate authority are there and include greater control over the certificates. If there is concern for interoperability within the organization this could be eliminated by running the certificate authority in-house. This also reduces the close management of the CRLs, which could reduce the work load for employees. A recommended solution as to which CA is better to use will be dependent on the size of the company, but the easiest solution is to use an in-house CA. The operation of the CA is critical to many businesses today. Many of the businesses today have an e-commerce site which would be dependent on these certificates being available and fully operational. Many of these issues would be better protected if they are handled by the company that needs them. Handling this issue personally by the company will help to ensure that their online appearance is maintained at a high standard. It also reduces the possibilities of breaching the company’s certificate practices. It also is an asset having an individual on the staff that is an expert or extremely knowledgeable on PKI issues and will be available to aid in business decisions.

Bibliography
Adams, C., & Lloyd, S. (2002). Understanding PKI: Concepts, Standards, and Deployment Considerations. Boston: Addison-Wesley Professional.
PC Magazine. (2013, February 17). Encyclopedia: PC Magazine website. Retrieved from PC Magazine Web Site: http://www.pcmag.com/encyclopedia_term/0,2542,t=cryptography&i=40522,00.asp
RSA Data Security. (1999). Understanding Public Key Infrastructure. RSA Data Security.
Walder, B. (2003, July). In-house or out: how to start building a PKI. Retrieved from Computer Weekly Web Site: http://www.computerweekly.com/feature/In-house-or-out-how-to-start-building-a-PKI

Similar Documents

Premium Essay

Public Key Infrastructure

...Case Study 2: Public Key Infrastructure Due Week 6 and worth 50 points You are the Information Security Officer at a small software company. The organization currently utilizes a Microsoft Server 2008 Active Directory domain administered by a limited number of over-tasked network administrators. The remainder of the organization comprises mostly software developers and a relatively small number of administrative personnel. The organization has decided that it would be in its best interest to use a public key infrastructure (PKI) to provide a framework that fosters confidentiality, integrity, authentication, and nonrepudiation. Email clients, virtual private network products, Web server components, and domain controllers would utilize digital certificates issued by the certificate authority (CA). Additionally, digital certificates would be used to sign software developed by the company to demonstrate software authenticity to the customer.  Write a two to three (2-3) page paper in which you: 1. Identify and analyze the fundamentals of PKI. 2. Analyze positive and negative characteristics of a Public and In-house CA. 3. Provide a sound recommendation for either a Public CA or an In-house CA. Your assignment must follow these formatting requirements: * Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any...

Words: 335 - Pages: 2

Premium Essay

Is3230

...Week 4 Lab Part 1: Design a Multi-factor Authentication Process Assessment Worksheet Design a Multi-factor Authentication Process Lab Assessment Questions & Answers 1. In an Internet Banking Financial Institution is Single Factor Authentication acceptable? Why or why not? Yes it can be acceptable because you can buff up security elsewhere. 2. Explain the difference between Positive Verification and Negative Verification? Negative verification is the opposite of positive verification. The customer must contact the bank to verify that the information is correct. 3. What vulnerabilities are introduced by implementing a Remote Access Server? Could Allow Remote Code Execution, two heap overflow, cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. 4. What is a recommended best practice when implementing a Remote Access Policy server user authentication service? Using multi-factor authentication. 5. Name at least 3 remote access protections or security controls that must be in place to provide secure remote access. Authorized secure remote access, Traffic inspection and Coordinated Threat Control, Centralized security management and enterprise-wide visibility and control. 6. When dealing with RADIUS and TACACS+ for authentication methods, what protocols are used...

Words: 1143 - Pages: 5

Premium Essay

Enhance Security Controls for Access to Sensitive Data

...computer is physically connected to a network port, manual procedures and/or an automated method must exist to perform what type of security functions at the Network Port and Data Switch level for access control? Name and define at least three. Verify authorized access to the asset Verify the user is who they say they are through authentication Verify the configuration of the computer is compliant with local security standards.. 5. What is a Network Access Control (NAC) System? Explain its benefits in securing access control to a network. A NAC is the use of certain policy of the network information structure that temporarily limits access the certain recourses while authenticating the user. 6. Explain the purpose of a Public Key Infrastructure (PKI) and give an example of how you would implement it in a large organization whose major concern is the proper distribution of certificates across many sites. PKI - a framework consisting of programs, procedures and security...

Words: 536 - Pages: 3

Free Essay

Strategic It Plan

...advantage of IT and the internet to beat their competitors and with this plan there is a holistic approach to implementation. In an effort to change their business operations, this plan focuses on the business, technical, and architectural perspectives of IT implementation for this small organization. Introduction Small companies today must balance the push for information technology (IT) innovation with stable business strategies. Information technology is rapidly changing the business world, affecting how small companies market and distribute their products, as well as how their people operate. With that in mind, small companies like Heathwood Hardware, Inc. (HHI), must work to evaluate its existing infrastructure against the requirements. Currently, HHI’s IT infrastructure follows the typical scenario with silos of integration and knowledge. Critical functions such as accounting, inventory management, and sales order and request fulfillment are managed by separate systems that do not integrate with each other. HHI is absent on the Internet and conducts all transactions and customer support manually, leaving competitors like Rustica Hardware and Wild West Hardware with greater access to the market. In an effort to gain leverage, HHI has to establish a strategic IT plan with...

Words: 4088 - Pages: 17

Premium Essay

Security

...eventually have 10,000 employees in 20 countries. The Richman corporate headquarters is located in Phoenix, Arizona. Currently there are eight branch offices in: ▪ Atlanta, Georgia ▪ Chicago, Illinois ▪ Cincinnati, Ohio ▪ Denver, Colorado ▪ Los Angeles, California ▪ Montreal, Canada ▪ New York City, New York ▪ Washington, D.C. The North American offices have a total of 5,000 employees who use desktops, laptops, and wireless devices. All offices deal with several sensitive applications. Management from each office shares application information hosted at the corporate office. Instructions: Based on the security objectives in the following table, design an enterprise encryption strategy—a public key infrastructure (PKI) that supports internal employees, external business partners, and clients. Include the design and reasoning for using the selected encryption strategy. |Security Objective |Description | |Privacy or confidentiality |Keeping information secret from all but those who are authorized to see it | |Integrity |Ensuring information has not been altered by unauthorized or unknown means | |Entity authentication or |Corroborating the identity of an entity, for example a person, a computer terminal,| |identification |or a credit card ...

Words: 343 - Pages: 2

Free Essay

Linux

...The definition of a digital certificate is a big component of a public key infrastructure. A digital certificate is an electronic document that shows an individual identity of a person to a public key that is related with it. There was a recent story about how stolen digital certificates compromised the CIA, MI6 and Tor from a company called DigNotar. In this story security auditors that were investigating false digital certificates issued by a Dutch certificate authority. In this case the attackers could have used these in particular certificates to get information of certain users of some of the most popular and most visited sites on the internet for weeks if not months. The digital certificates obtained from this company included CIA, MI6, and Mossad intelligence services and more. The reason the attackers stole the certificates was to steal information and make money off of the information that they had stolen from visitors of the most popular sites and more. The vendors reacted by making a statement saying that they will help resolve things as best as they can. Another attack that happened recently was on march 23rd a hacker named Ich sun hacked into a Italian reseller of Comodo’s who is an issuer of digital certificates. The attacker used the reseller’s credentials to request a digital certificate from Comodo the company. Ich Sun the hacker then made the certificates look as if they were those used by various high-profile websites. In this case the company noticed the...

Words: 303 - Pages: 2

Premium Essay

Hhfgghg

...Dear Manager, I have received your email regarding your new branch office, and I may be of some help to you. There are many ways to secure the workstations in your branch, the three best ways to secure your workstations I will suggest are: passwords, smart cards, and biometrics, I will describe each individually and let you decide which is best for your branch, also I will explain the firewall software that comes with Windows 7. The first type of security I will discuss is the most common but least effective if the proper measurements aren’t taken and I am talking about passwords. This would be the cheapsest way to go due to the fact that security via password you wont need any additional hardware or software. If you were to choose to go this route here are some tips to ensure the protection of your company and its interests. Make sure that your password is seven characters or more, also do make sure to have a mixture of not only letters and numbers but upper and lowercase letters, this will make it pretty difficult for an attacker to “crack your password”. In addition make sure to keep it fresh and change your password every couple of months or so. Windows 7 now supports a plethora of group policy settings to ensure your systems security, but do know that your employees are responsible for their own passwords. To do this you will have to go to the control panel in the start menu and choose the systems and security tab then click administrative tools, from here choose the...

Words: 638 - Pages: 3

Free Essay

Info Systems

...wireless devices, such as cell phones and smartphones, to place orders and conduct business. 5. Briefly explain the differences among smart, credit, charge, and debit cards. A credit card, such as Visa or MasterCard, has a preset spending limit based on the user’s credit history, and each month the user can pay all or part of the amount owed. A charge card, such as American Express, carries no preset spending limit, and the entire amount charged to the card is due at the end of the billing period. The smart card is a credit card–sized device with an embedded microchip to provide electronic memory and processing capability. Debit cards look like credit cards, but they operate like cash or a personal check. 6. Identify the key elements of the technology infrastructure required to successfully implement e-commerce within an organization. 7. What is the Secure Sockets Layer...

Words: 652 - Pages: 3

Premium Essay

Ssl Authentication

...especially during online transactions or when transmitting confidential information. Internet users have come to associate their online security with the lock icon that comes with an SSL-secured website or green address bar that comes with an extended validation SSL-secured website. SSL-secured websites also begin with https rather than http. All browsers have the capability to interact with secured web servers using the SSL protocol. However, the browser and the server need what is called an SSL Certificate to be able to establish a secure connection. SSL Certificates have a key pair: a public and a private key. These keys work together to establish an encrypted connection. The certificate also contains what is called the “subject,” which is the identity of the certificate/website owner. To get a certificate, you must create a Certificate Signing Request (CSR) on your server. This CSR creates the private key and a CSR data file that you send to the SSL Certificate issuer (called a...

Words: 999 - Pages: 4

Free Essay

Chapter 11 Review Questions

...Network security is more often compromised from ___the inside____ than from external sources. 2. __Encryption____ is the last means of defense against data theft. 3. __Phishing___ is a social engineering practice in which a person attempts to glean access or authentication information by posing as someone who needs that information. 4. _Port Scanner___ software searches a node for open ports. 5. A router that is not configured to drop packets that match certain or suspicious characteristics is an example of a risk associated with __software__ and hardware. 6. A _routers_ main function is to examine packets and determine where to direct them based on their Network layer addressing information. 7. The combination of a public key and a private key is known as a _key pair____. 8. In __DNS Spoofing__, a hacker forges name server records to falsify his host’s identity. 9. A VPN _concentrator_ authenticates VPN clients and establishes tunnels for VPN connections. 10. RADIUS and TACACS belong to a category of protocols known as AAA , which stands for - _Authentication____, ___Authorization_____, and _Accounting_. 11. A(n) _security audit__ is a thorough examination of each aspect of the network to determine how it might be compromised. 12. A(n) __security policies___ identifies an organization’s security risks, levels of authority, designated security coordinator and team members, responsibilities for each team member, and responsibilities for each employee. 13...

Words: 317 - Pages: 2

Free Essay

Security Model and Architecture

...Mozilla Firefox When going to the site that requires mutual authentication, person has to present a certificate to the server by giving his/her identity. To obtain this identity, you have to contact and obtain the certificate from the certificate authority that the web server trusts. Most companies obtained the certificate automatically for their owned computers. Some companies sometime set the certificates on smartcards for employee to use. Firefox can access the certificate from Firefox store. Also, when using public website like HTTPS, the trusted root certificate is already in Firefox certificate store because it is pre-loaded. Exporting certificate from Firefox To export certificate from Firefox, first click on the main menu, from main menu, choose tools options, advanced, select the encryption tab and then click on view certificates. When the certificate store is opened, click on the certificate tab to view the certificate that you need. The PGP Trustcenter certificate will be listed under the TC Trustcenter name. Then highlight your certificate that is to be exported, and click on the backup button. Select a location to save your certificate and give it a name, then click save. Another page will come up that requested for password, choose a backup password and click ok. A message will inform you that your certificate has now been backed up, click ok. Importing your certificate into Firefox From the main menu, choose tools, options, Advance, then select the encryption...

Words: 309 - Pages: 2

Free Essay

Nt1230 Chapter 9,10,11

...Chapter 9, 10,11 NT1230 Chapter 9, 10, and 11. Chapter 9 Authentication: The process of verifying that the identity of the person operating the computer matches that of the user account the person is using to gain access. Authorization; The process of granting an authorized user a specific degree of access. Active Directory: Permissions are user based. Users Rights: are specific O.S. Tasks, such as shut down or allow log in through terminal services. Local and domain users: They are two completely separate user account systems, which user account system windows uses depends on whether it is a member of a workgroup or an Active directory domain Home Group: is a simplified network paradigm that enables users connected to a home network to share content with permissions. Work Group: is a collection of computers that are all peers. Peer Network: is one in which every computer can function as both server by sharing with other computers, and client by accessing shared resources on other computers. Domain: is a collection of computers that utilize a central directory service for authentication and authorization. Domain controller: A Windows server with AD/DS directly service installed with domain in users administrator’s only to have to create one user account for each person. Workgroup Users: require many different account for one person. Local Groups: can only use local groups Only local users from the same computer can be members of a local group....

Words: 593 - Pages: 3

Free Essay

Confidentiality

...developers and a small number of administrative personnel. The client has decided that it would be in their best interest to use a public key infrastructure (PKI) to provide a framework that facilitates confidentiality, integrity, authentication, and nonrepudiation. Fundamentals of PKI. Public Key Infrastructure is a security architecture created to provide a high level of confidence for exchanging information over the internet that has become more and more insecure lately. The term can be very confusing, because it is used to mean several different things; for instance PKI may mean the technologies, techniques, and methods that used together provide a secure infrastructure. Additionally PKI may mean the use of a public key and private key pair for authentication mainly as well as “proof of content”.   This uses a mathematical technique known as public key cryptography which uses a pair of related cryptographic keys to verify the identity of the sender (signing), and ensuring privacy (encryption).   PKI have been developed to support secure information exchange over insecure networks like the Internet, in which features like these cannot be readily provided, and can, however, be used easily for information exchanged over private networks, (including corporate internal networks). PKI can also be used to deliver cryptographic keys between servers and users in a secure manner, and also...

Words: 1197 - Pages: 5

Premium Essay

Unit 8 Lab

...Lab 8 Assessment 1. Where can you store your public keys or public certificate files in the public domain? Is this the same thing as a public key infrastructure (PKI) server? Certificate stores 2. What do you need if you want to decrypt encrypted messages and files from a trusted sender? Decryption key 3. When referring to IPSec tunnel mode, what two types of headers are available and how do they differ? Authentication Header is used to prove the identity of the sender and ensure the data is not tampered with while Encapsulated Security Payload provides authentication and encryption and encrypts the IP packets and ensures their integrity. 4. Provide a step by step progression for a typical Certificate Enrollment process with a Certificate Authority. Create Enrollment Object Set Enrollment Parameters Create Request Submit Request Process request Get Certificate Accept Certificate 5. When designing a PKI infrastructure what are the advantages and disadvantages of making the CA available publicly over the Internet or keeping it within the private network? Advantages Straight-forward Concept Chain-length limit Less time to obtain a usable certificate within the CA Disadvantages Scalability Single point of trust Still need an impeccable CA 6. Designing a PKI involves several steps. Per the Windows Best Practices for Designing a PKI, what are those steps? In your words, explain what each step is meant to do? * Outline...

Words: 634 - Pages: 3

Premium Essay

Access Control Proposal

...employees in 8 locations spread all throughout the world. This multinational organization operates a fleet of freight delivery trucks at each location, while also offering freight forwarding and storage, has multiple business accounts with high level retailers, Federal, and large State governments. Recently, IDI has suffered a number of network compromises through an unsecured JV website leading to the exposure of extremely sensitive business strategies pertaining to current company documented developments. These leaks were ultimately the result of the company’s IT core infrastructure being ignored for far too long and having the majority of its operating locations running severely outdated hardware and software. This is where my team and I come in. With the understanding that this will be a process, we will be recommending a plan for phased improvements to IDI’s IT Infrastructure. Presently, the organization’s infrastructure weaknesses far outweigh its’ strengths. The obvious problem is with the hardware and software being extremely outdated, but one of major weaknesses is the lack of security implementations at some of the sites. As I completed further evaluations of some of IDI sites, the decision became clear that we needed to come up with a fairly comprehensive plan to fix and mitigate the major issues that the company is facing now and any that may arise in the future. The most significant challenge will be to ensure that all sites are working towards the same goal of being modernized...

Words: 3307 - Pages: 14