Presentation is loading. Please wait.

Presentation is loading. Please wait.

Real Life Enterprise PKI MMS Minnesota 2014 Hasain Alshakarti – TrueSec Enterprise Security #MMSMinnesota #MMSConfigMgr #MMSLove.

Published byArron Burke Modified over 7 years ago

Similar presentations

Presentation on theme: "Real Life Enterprise PKI MMS Minnesota 2014 Hasain Alshakarti – TrueSec Enterprise Security #MMSMinnesota #MMSConfigMgr #MMSLove."— Presentation transcript:

1 Real Life Enterprise PKI MMS Minnesota 2014 Hasain Alshakarti – TrueSec Enterprise Security MVP @Alshakarti #MMSMinnesota #MMSConfigMgr #MMSLove

2 Level of protection required? Polices & Compliance Tiers & Hierarchies Key length, Lifetime & Integrity Algorithms Availability & Recovery Revocation Information Administration & Roles Audit & Monitoring

3 Key Integrity? Offline Hardware Security Module (HSM) Least Access & Least Privilege Hardened System

4 Algorithms Signing (RSA/DSA/ECC) Hashing (SHA1/SHA256)

5 Tiers & Hierarchies Whitepapers & Books Requirements Policy & Compliance Functional Organizational

6 Availability & Recovery Functional Availability Issuing Revocation Information Backup

7 Revocation Information PKI Client centric Base, delta and overlapping CRL OCSP Caching Validation behavior & usage Application oriented

8 Enterprise vs Standalone CA? Trust: Issuer of Authentication Tokens “Golden Ticket” Ent CA = DC Ent CA Admin = Ent Admin Enrollment Certificate Templates (AD Objects) Auto Enrollment (AD ACE & Templates)

9 CA Compromise? Relying Parties (RP)

10 Real Life Enterprise PKI Evaluations Please provide session feedback by clicking the Eval button in the scheduler app. One lucky winner will get a free ticket to the next MMS! Visit all of our sponsors in the expo area and online! Platinum Sponsors: Gold Sponsors : MMS Minnesota 2014 Hasain Alshakarti – TrueSec

Download ppt "Real Life Enterprise PKI MMS Minnesota 2014 Hasain Alshakarti – TrueSec Enterprise Security #MMSMinnesota #MMSConfigMgr #MMSLove."

Similar presentations

PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.

PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.
Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.

Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.
KIERAN JACOBSEN HP Understanding PKI and Certificate Services Gold Sponsors Silver Sponsors.

KIERAN JACOBSEN HP Understanding PKI and Certificate Services Gold Sponsors Silver Sponsors.
Deploying and Managing Active Directory Certificate Services

Deploying and Managing Active Directory Certificate Services
Certificates Last Updated: Aug 29, 2013. A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Internet Based Client Management

Internet Based Client Management
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Chapter 11: Active Directory Certificate Services

Chapter 11: Active Directory Certificate Services
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Practical PowerShell Tips & Tricks MMS Minnesota 2014 Trevor Sullivan, Jeff Wouters, David O’Brien – @david_Obrien.

Practical PowerShell Tips & Tricks MMS Minnesota 2014 Trevor Sullivan, Jeff Wouters, David O’Brien – @david_Obrien.
Automating Microsoft Azure with PowerShell MMS Minnesota 2014 Trevor Sullivan and David O’Brien – #MMSMinnesota.

Automating Microsoft Azure with PowerShell MMS Minnesota 2014 Trevor Sullivan and David O’Brien – #MMSMinnesota.
Advanced Infrastructures In System Center Configuration Manager 2012 R2 Jason blog.configmgrftw.com m Wally.

Advanced Infrastructures In System Center Configuration Manager 2012 R2 Jason blog.configmgrftw.com m Wally.
Your CMDB and PowerShell DSC: DevOps Techniques

Your CMDB and PowerShell DSC: DevOps Techniques
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Configuring Active Directory Certificate Services Lesson 13.

Configuring Active Directory Certificate Services Lesson 13.
1 Digital Credential for Higher Education John Gardiner 202-973-6618 August 11, 2004.

1 Digital Credential for Higher Education John Gardiner August 11, 2004.
1 Week 10 – Manage Multiple Domains and Forest Configure Domain and Forest Functional Levels Manage Multiple Domains and Trust Relationships Active Directory.

1 Week 10 – Manage Multiple Domains and Forest Configure Domain and Forest Functional Levels Manage Multiple Domains and Trust Relationships Active Directory.

Similar presentations

Ads by Google