Home Page Icon
Home Page
Table of Contents for
Security without Obscurity: A Guide to PKI Operations
Close
Security without Obscurity: A Guide to PKI Operations
by W. Clay Epstein, Jeff Stapleton
Security without Obscurity
Preface
Authors
Chapter 1: Introduction
1.1 About This Book
1.2 Security Basics
1.3 Standards Organizations
Chapter 2: Cryptography Basics
2.1 Encryption
2.2 Authentication
2.3 Nonrepudiation
2.4 Key Management
2.5 Cryptographic Modules
Chapter 3: PKI Building Blocks
3.1 PKI Standards Organizations
3.2 PKI Protocols: SSL and TLS
3.3 PKI Protocol: IPsec
3.4 PKI Protocol: S/MIME
3.5 PKI Methods: Legal Signatures and Code Sign
3.6 PKI Architectural Components
Chapter 4: PKI Management and Security
4.1 Introduction
4.2 Publication and Repository Responsibilities
4.3 Identification and Authentication
4.4 Certificate Lifecycle Operational Requirements
4.5 Facility, Management, and Operational and Physical Controls
4.6 Technical Security Controls
4.7 Certificate, CRL, and OCSP Profiles
4.8 Compliance Audits and Other Assessments
4.9 Other Business and Legal Matters
Chapter 5: PKI Roles and Responsibilities
5.1 Certificate Authority
5.1.1 Root CA
5.1.2 Online CA
5.1.3 OCSP Systems
5.2 Registration Authority
5.3 Policy Authority
5.4 Subscribers
5.5 Relying Party
5.6 Agreements
5.6.1 Certificate Authority Agreements
5.6.2 Registration Authority Agreements
5.6.3 Subscriber Agreements
5.6.4 Relying Party Agreements
Chapter 6: Security Considerations
6.1 Physical Security
6.2 Logical Security
6.3 Audit Logs
6.4 Cryptographic Modules
Chapter 7: Operational Considerations
7.1 CA Architectures
7.2 Security Architectures
7.3 Certificate Management
7.4 Business Continuity
7.5 Disaster Recovery
7.6 Affiliations
Chapter 8: Incident Management
8.1 Areas of Compromise in a PKI
8.1.1 Offline Root CA
8.1.2 Online Issuing CA That Has Multiple CA Subordinates
8.1.3 Online Issuing CA That Does Not Have Subordinate CAs
8.1.4 Online RA
8.1.5 Online CRL Service HTTP or HTTPS Location for Downloading CRLs
8.1.6 OCSP Responder
8.1.7 End User’s Machine That Has a Certificate on It
8.1.7.1 Private Key Compromise
8.1.7.2 Private Key Access
8.1.7.3 Limited Access to the Private Key
8.1.7.4 Other Attacks
8.2 PKI Incident Response Plan
8.3 Monitoring the PKI Environment Prior to an Incident
8.4 Initial Response to an Incident
8.5 Detailed Discovery of an Incident
8.6 Collection of Forensic Evidence
8.7 Reporting of an Incident
Chapter 9: PKI Governance, Risk, and Compliance
9.1 PKI Governance
9.2 Management Organization
9.3 Security Organization
9.4 Audit Organization
9.5 PKI Risks
9.6 Cryptography Risks
9.6.1 Aging Algorithms and Short Keys
9.6.2 Modern Algorithms and Short Keys
9.6.3 Aging Protocols and Weak Ciphers
9.6.4 Aging or Discontinued Products
9.7 Cybersecurity Risks
9.7.1 Framework Core
9.7.2 Framework Profile
9.7.3 Framework Implementation Tiers
9.8 Operational Risks
9.8.1 Monitoring
9.8.2 Capacity
9.8.3 Continuity
9.8.4 Resources
9.8.5 Knowledge
9.9 PKI Compliance
9.10 Evaluation Criteria
9.11 Gap Assessment
9.12 Audit Process
Chapter 10: Advanced PKI
10.1 Industry Initiatives
10.2 Certificate Trust Levels
10.3 Relying Party Unit
10.4 Short-Term Certificates
10.5 Long-Term Certificates
Bibliography
B.1 ASC X9
B.2 ETSI
B.3 IETF
B.4 ISO
B.5 NIST
B.6 PKCS
B.7 Miscellaneous
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Preliminaries
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset