Features
- Cover Type: Paperback with 592 pages
- Published by: Microsoft Press July 7, 2004
- Written in: English
- ISBN 10 Number: 0735620210
- ISBN 13 Number: 978-0735620216
-
Book Dimensions:
9 x 7.4 x 1.6 inches
- Weighs: 2.6 pounds
Product Description
No need to buy or outsource costly PKI services when you can use the robust PKI and certificate-based security services already built into
Microsoft Windows Server 2003! This in-depth reference teaches you how to design and implement even the most demanding certificate-based security solutions for wireless networking, smart card authentication, VPNs, secure email, Web SSL, EFS, and code-signing applications using Windows Server PKI and certificate services.
Microsoft’s principal PKI consultant, along with members of the
Microsoft PKI Team, shows you how to incorporate best practices, avoid common design and implementation mistakes, help minimize risk, and optimize security administration. CD-ROM features timesaving tools, scripts, and an eBook.
Publisher Description
This official
Microsoft RESOURCE KIT delivers seven comprehensive volumes, including:
Microsoft Windows Security Resource Kit, Second Edition
Microsoft Windows Group Policy Guide
Microsoft Windows Registry Guide, Second Edition
Microsoft Windows Administrator’s Automation Toolkit
Microsoft Windows Internals, 4/e
Microsoft Windows Server 2003 Performance Guide
Microsoft Windows Server 2003 Troubleshooting Guide
The Resource Kit also includes:
1. Tools: 120+ ResKit Tools and Tools help files, plus 114 IIS ResKit tools
2. Scripting tool library: 120+ scripted tools with command-line interface
3. Group Policy utilities: group policy scripts, templates, and whitepapers
4. WS03 Technical Reference Collection: 5,400 pages created by the Windows UA team
5. Unique e-book library: e-book versions of the books in the RK, plus 4 other titles
--This text refers to an out of print or unavailable edition of this title.
Reader ReviewsThe Windows Server 2003 PKI and Certificate Security book will demystify PKI and certificate based security implementations for you. It will be very helpful to anyone who wants to learn what PKI can do for them or needs to know the specifics of how to implement it in their network for many uses from large networks to the small office. For many the thought of PKI, intimidates them. It should not as it really is not that difficult and can improve your security tremendously over traditional password based authentication and allow use of strong encryption and digital signing [proof of entity and integrity]. PKI is used to generate public and private keypairs for use in applications such as L2TP VPN, IPSEC, 802.1X authentication for wireless and wired networks, EFS file encryption, application signing, secure email encryption and signing, SSL website security, and smart cards. The book starts out with the basic concepts of PKI and the use of symmetric and asymmetric encrytpion and how they work together in PKI. It also explains digital signiatures - the other big use for certificates/private keys. It is written to be very understandable and the user or admin that has little understanding of PKI should have no problem learing the content and implemeting it. It does assume a basic understanding of Active Directory for Enterprise Certificate Authority use and also covers stand alone Certificate Authority. The book is also written so that you can refer to indivudual chapters such as the excellent chapter on how to implement 802.1X wireless if you do not need to know other material covered. PKI hierarchy is well covered whether you need to install a single CA, levels of CA's in your network, or even how to setup cross trusts to other CA hierarchies for full trust or conditional trust. If you have a Windows 2000 forest you can learn how to prep your forest schema for using a Windows 2003 Enterprise CA to take advantage of the new features such as autoenrollent for XP clients, configurable version 2 certificate templates, and archivable private keys for certificates used for encryption. Other important topics such as how to install a CA, configure a CAPolicy.inf file, use the certutil utility for many tasks, obtaining and implementing your own OID, role separation for those that need it, CRL and AIA publication points which is very important to the success of your PKI particularly if you are going to use an offline CA or for computers not on your network that use your certificates, configuring an offline CA and securing it, using HSM's - hardware security modules to protect the CA's private key, how to configure version 2 templates, configuring Group Policy for autoenrollment, configuring auditing, using Web Enrollment, how to backup and restore your CA and disaster recovery, how to publish certificates to Active Directory using certutil or PKIhealth tool, the concept of "chaining" to a trusted root CA [very important], and more. With the book comes a lot of helpful tools and scripts such as an example of a CAPolicy.inf and numerous scripts including enroll.vbs that can be used to enroll users on Windows 2000 computers for certificates via logon script. The last part of the book is about application specific use of certificates such as for EFS, email, VPN, smart cards, and more. The chapters cover the advantages of using certifcates for each application, how to plan it, and the specifics of how to implement including how to configure certificate templates and issue certificates to users and computers in in a step by step fashion to have you up and running for that application. There are many tricks and traps in the book that can save a user a lot of time such as verifying that a VPN server is in the RAS and IAS servers group as one example. These tips show that the book is much more than a cut and paste of white papers as some books are. Then end of each chapter has links to many related KB articles, white papers, and RFC's for those that want more information. I found the Windows Server 2003 PKI and Certificate Security book puts it all together for Windows 2003 PKI from understanding the concept of PKI to putting it to use in your own network to greatly enhance your security. Microsoft has many excellent white papers and articles on PKI for Windows 2003 but for many this book will be all that is needed and an invaluable resource for those that use it, plan to use it, or want to know more about it.
Search for books at
