Public Key Infrastructure in today’s Landscape

Siddick ElaheebocusSales Engineer (Microsoft Lead) / MCT

Harel Mallac Technologies Ltd

Agenda

Security – The buzz words of today!Symmetric v/s Asymmetric – What’s this?Microsoft PKI – Secure your infrastructurePKI terminologies made easy!Demos – See Security!Microsoft PKI Other UsageEnterprise CA Architecture and HSM integrationGovernment PKI Scenarios - eGovermentor large scale Enterprise

Security – The buzz words of today!CryptographyEncryption (Confidentiality)Smart card logon (Two Factor Authentication)Digital Signatures (Non-Repudiation)Secure e-mail (S/MIME)Traffic Security (SSL)IP Security (IPSEC)802.1x Authentication (Wireless Security)Software code Signing (Integrity)Etc …

WHAT’S BEHIND THE SCENE!

Symmetric Key Cryptography

Encryption

“The quick brown fox jumps over the lazy dog”

“AxCv;5bmEseTfid3)fGsmWe#4^,sdgfMwir3:dkJeTsY8R\s@!q3%”

“The quick brown fox jumps over the lazy dog”

Decryption

Plain-text input Plain-text outputCipher-text

Same key(shared secret)

Public Key Encryption (Asymmetric)

Encryption

“The quick brown fox jumps over the lazy dog”

“Py75c%bn&*)9|fDe^bDFaq#xzjFr@g5=&nmdFg$5knvMd’rkvegMs”

“The quick brown fox jumps over the lazy dog”

Decryption

Clear-text Input Clear-text OutputCipher-text

Different keys

Recipient’s public key

Recipient’s private key

private

public

CAN THIS BE TRANSLATED INTO REALITY?

Microsoft PKISecure your infrastructure

Active Directory Certificate Services (AD CS), a role in Windows Server, provides an integrated public key infrastructure (PKI) that enables capabilities such as secure exchange of information, strong authentication, and secure communication across the Internet, extranets, intranets, and applications.

PKI terminologies made easy!

Public Key

Private Key

Certificate

Certification Authority

Demos – See Security!

Show me that famous KEY!How we get certificates from a CA!Encrypting files (EFS) in action!Let’s secure our e-mails (S/MIME)Securing traffic (SSL)Two factor authentication (Smart Cards)

Microsoft PKI Other Usage

Document Security Rights Management Services

BitlockerSecure volume encryption

ServicesMicrosoft Exchange 2010Office Communications ServerEtc…

Secure Internet transactionsSecure Electronic Transactions (SET)

Systems ManagementV-Pro SCCM

Direct AccessAnywhere access solution into your corporate network

Wireless security802.1x and Wi-Fi Protected Access (WPA2)

Network SecurityNetwork Access Protection (NAP)Network Device Enrollment

Enterprise CA ArchitectureRoot CA

Offline Stand-Alone

4096 Bits20 Years

Intermediate CA 1

Offline Stand-Alone2048 Bits10 Years

Intermediate CA n

Offline Stand-Alone2048 Bits10 Years

Issuing CADomain Member

2048 Bits5 Years

Issuing CA mDomain Member

2048 Bits5 Years

Optional tier, needed only in specific circumstances

Hardware Security ModulesHigher protection for your keysFor compliance (e.g. Banks – PCIDSS)Need FIPS140-1 level 2 or higher standards

X.509

Large Scale PKI Architecture

WHAT IS THE USE OF SUCH LARGE SCALE PKI?

PKI Scenarios - eGoverment

National IDAuthentication to government services (gateway)eVoting/eDemocracyNational Archive

And many more …

In the NEWS - Mauritius

Key Take Aways

Overview of Microsoft PKIHow PKI can assist you in your security questThe present and future of Microsoft PKILarge scale PKI usage

Next StepsMore information on Windows Server 2008:http://www.microsoft.com/windowsserver2008/en/us/overview.aspx

Microsoft Identity and Access Web Sitehttp://www.microsoft.com/ida

Microsoft PKI Web Sitehttp://www.microsoft.com/pki

PKI Enhancements in Windows http://www.microsoft.com/technet/technetmag/issues/2007/08/SecurityWatch/

default.aspx

TechNet Library for Active Directory Certificate Services:http://technet2.microsoft.com/windowsserver2008/en/library/045d2a97-1bff-43bd-

8dea-f2df7e270e1f1033.mspx?mfr=true

Questions &

Answers

Meet me at the Ask The Expert Section

10 Hot Topics every IT Admin needs to know about Windows Server 2008 R2

Immerse yourself in the Unified Communications World CIE Labs at HMT Stand

Next Presentation

Have a secure afternoon!

Thank YOU!

For any additional informationsiddick.elaheebocus@hmtechnologies.mu

siddick@intnet.mu

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,

IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.