Active Directory Certificate Services

The two-man rule in security is used to secure high-valued assets and operations. As an example, many banks provide a safety box facility. People can rent these safety boxes to store valuable asserts they have. Most of these safety boxes are designed to support a two-man rule. This means each safety box has two locks. One key to the lock is held by the bank and the key for the second lock is issued to the customer. In order to open it, customers and bank agents need to agree to open it and use their keys at same time. As soon as a customer shows up at the bank, he/she can't just go to the place where lockers are located. There is a certain process for that. Banks will verify their identity first. They will ask for passport and driving license to verify their identity. After a successful verification, they will assign a bank agent to go with the customer and open it using the bank and customer keys. But the end goal of these layers of security is to verify that the customer is the exact same person he/she claims to be in order to allow access to the high valued assets in the locker box.

The role of the public key infrastructure (PKI) is similar to this. PKI is responsible for verifying objects and services that are genuine using digital certificates. When we apply for visas or jobs, sometimes they ask to verify our identity using police certificates. We may have already provided a copy of passport and identity cards with the application forms. However, the police department is a well-known authority, which anyone can trust. Therefore, a police certificate, which verifies our identity will confirm that we are the same person we claim to be. On the other hand, the police department is now responsible for the certificate they issued about us. Before providing certificates, it's their responsibility to verify the identity using different procedures.

Modern businesses are increasingly using PKI to counter the modern infrastructure threats. As an example, they use digital certificates to verify their web services, to authenticate their web applications, billing systems, service URLs and so on. They use digital certificates to encrypt network traffics between networks or hosts, so no other unauthorized party can decrypt them. AD CS allows organizations to set up and maintain their own PKI in their own infrastructure boundaries to create, manage, store, renew, and revoke digital certificates. In this chapter, we are going to look at the following topics:

  • What is a certificate service and how PKI works?
  • How to design your PKI?
  • Different PKI deployment models in action
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.137.213.128