Presentation is loading. Please wait.

Presentation is loading. Please wait.

WSU A Symphony in Four Movements. A Century of Controlled Flight.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "WSU A Symphony in Four Movements. A Century of Controlled Flight."— Presentation transcript:

1 PKI @ WSU A Symphony in Four Movements

2 A Century of Controlled Flight

3 The Symphony  Phase I Certificates for AD  Phase II Cross Certification of WSU VPN  Phase III Certificate Enrollment Extended Beyond AD/User Certificates  Phase IV Cross Certification with External Agencies

4 What is PKI?  PKI (Public Key Infrastructure) is a technology for exchange digital information in a secure manner  Based on Public Key Encryption  Composed of: –Digital Certificates –Certificate Authority –Digital Key Technology (public key, private key) –Policies and Procedures

5 Why Does WSU Need a PKI?  Originally Driven by the Need to Secure Replication  Desire to Eliminate 3 rd Party Certificates for Intranet SSL  Raise Security Awareness

6 PKI Architecture  Stand Alone – Offline – Root CA (Virtual Machine)  Enterprise Subordinate CA  Stand Alone Subordinate CA

7 Phase I Certificates for AD  Root and Enterprise Certificates via Group Policy  Machine Certificates (Auto Enrollment)  Enables IPSec  Enables SSL (Web Servers, Secure LDAP)  Enables Secure Applications (SCS, etc.)  Root and Enterprise Certificates Available for Download for non AD Users

8 Phase I Limitations  No User Certificates  WSU VPN is Not Part of the Trust  Not Intended for Use Outside of AD  External Agencies Must Accept our Certificate Blindly

9 Phase II Cross Certification of WSU VPN  Brings IT-CA Into the Fold –Limits Number of CA’s at WSU  Brings the External Hardware Into the Mix for Potential of Non-AD Users and Computers Getting Certificates  Requires Server 2003 on Both CA’s

10 Phase III Certificate Enrollment Extended Beyond AD/User Certificates  Policies Must Be in Place  Not a Foregone Conclusion  Enables Secure User Activities –Encrypted Email –EFS (with Domain/OU Admin Recovery)

11 Phase IV Cross Certification with External Agencies  The Ultimate Goal  Provides for Secure e-Commerce with a Variety of Agencies  Also NOT a Foregone Conclusion

12 What Next?  Deploy Phase I  Prepare and Deploy Phase II  Investigate all of the Policies Needed for Phase III and Phase IV  Assemble the Interested and Necessary Parties  Write and Approve Policy

13 Resources  PKI & AD – http://www.wsu.edu/ad http://www.wsu.edu/ad  PKI & WSU - http://pki.wsu.edu http://pki.wsu.edu  Terms & Definitions - http://pki.wsu.edu/glossary http://pki.wsu.edu/glossary  This Presentation – http://pki.wsu.edu/show http://pki.wsu.edu/show  Phase Images http://pki.wsu.edu http://pki.wsu.edu

Download ppt "WSU A Symphony in Four Movements. A Century of Controlled Flight."

Similar presentations

April 19-22, 2005SecureIT-2005 How to Start a PKI A Practical Guide Dr. Javier Torner Information Security Officer Professor of Physics.

April 19-22, 2005SecureIT-2005 How to Start a PKI A Practical Guide Dr. Javier Torner Information Security Officer Professor of Physics.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC

 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC
KIERAN JACOBSEN HP Understanding PKI and Certificate Services Gold Sponsors Silver Sponsors.

KIERAN JACOBSEN HP Understanding PKI and Certificate Services Gold Sponsors Silver Sponsors.
Deploying and Managing Active Directory Certificate Services

Deploying and Managing Active Directory Certificate Services
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Chapter 9 Deploying IIS and Active Directory Certificate Services

Chapter 9 Deploying IIS and Active Directory Certificate Services
Public Key Infrastructure Ben Sangster February 23, 2006.

Public Key Infrastructure Ben Sangster February 23, 2006.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer

Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer
Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.

Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Similar presentations

Ads by Google