PKI (Public
Key Infrastructure)
------
We need high security to save our data from software
threats. The main objectives for network security are:-
1. Integrity of route
2. Integrity of data
3. Confidentiality
4. Authentication with cryptography
5. Anti-Replay
PKI is a method use for high security in network.
PKI is not a thing, it is a capability. Capability to easily use, manage and
publish the keys. In cryptography, two asymmetric keys are use. Public key which is to be shared and private
key which is to be closely held. PKI is combination of the different options
together for high security. PKI is
collection of the different components
like:-
1. Active Directory domain
2. PKI enabled applications like IIS, IPSec etc.
3. Certificate Service
Certificate Authority Service
------------------------------------
It is a service in windows server use for high
security. There are 2 types of certificate:-
1. Internal certificate
It is use for Intranet. We have to install
Certificate Service in our server and it will become Certificate Authority
which can issue digital certificate to
the users or client computers. User will download certificate and other
users cannot access server. This certificate is use for authentication, for
data encryption etc. and work as private key for user.
2. External certificate
It is use for Internet. Verisign and some other
companies are working as Certificate Authority on Internet which can provide
certificate to the different companies like ICICI bank, Microsoft etc.
If any company want to use high security like IPSec
policy, HTTPS or SSL etc. on Internet then it need certificate from Verisign
company.
This certificate will work as passport or license to
use high security on Internet.
Certificate Authority will work as Chartered
Accountant to audit the security on Internet.
Certificate Authority can also work as Recovery
Agent in case of any dispute between the different client companies.
For example,
if company A and company B want to use high security on Internet, then
they need certificate from Verisign company. If administrator of company A
leaves his job suddenly , then Verisign will also work as recovery agent to
recover the encrypted data for company.
NOTE:
System properties
of a server cannot be change after the installation of Certificate
Service.
IIS must be install before Certificate Service.
No comments:
Post a Comment