Professional Documents
Culture Documents
PKI Consists of a number of elements that allow 2 parties to communicate securely without any previous
communication, through the use of a mathematical algorithm called public key cryptography.
Public Key cryptography, as the name implies, stores a piece of information called a public key for each
user/computer/etc. that is participating in a PKI.
Each user/computer/etc. also possess a private key, a piece of information that is known only to the
individual user or computer.
Shared secret key – a cryptography method in which a secret key information is known by both parties.
Certificate Authority (CA) (Root Certificate) –an entity, such as a windows server 2008 server running the
AD CS server role, that issues and manages digital certificates for use in a PKI.
Intermediate Cas
CRL- Identifies Certs that have been revoked or terminated, and the correponding user, computer,
service. Services that utilize PKI should reference the CRL to confirm that a particular certificate has not
been revoked prior to its expiration date.
NAP includes a number of built-in enforcement methods, which defines the mechanisms that NAP can
use:
DHCP enforcement ( DHCP is the only NAP method that can be deployed in a non-AD environment, it is
also the least secure enforcement method, as a user can configure their computer with a static IP
configuration to bypass any DHCP enforcement method that is in place.
802.1x enforcement