1. Home
  2. Server Administration
  3. Securing Windows Server 2003

9.9 Summary

Public key infrastructures come in two flavors: public and private. Incorporating a public PKI within your corporation has numerous benefits and drawbacks. Neither flavor is necessarily more or less secure but rather involves a different strategy of trust. A detailed analysis of your intended uses for the certificates should be made and then both flavors should be considered. Once both flavors are considered for your specific scenario and all benefits and drawbacks are weighed, a decision can be made on which solution to use.

The Windows Server 2003 family provides a great deal of functionality for a private PKI, but vendors generally provide those services when leveraging a public solution. Nevertheless, Windows Server 2003 does provide some essential functionality for using the public PKI model. The real benefit of using Windows Server 2003 with PKI, however, is when using it as a certification authority within your own private PKI.

Designing and deploying a private certification hierarchy can be a daunting task. The plan must be laid out carefully in advance and can be quite complex in many cases. A number of decisions must be made early in the process; without them, the deployment cannot even begin. Once that plan is created and reviewed, it should be tested thoroughly to ensure it meets the design goals while providing the necessary security.

Once the plan is documented and tested, you can begin to deploy and configure the root CA. You now know how to deploy a multitier hierarchy once the root CA is established. After the hierarchy is in place, you can configure it for proper issuance, revocation, and ongoing management. These tasks are no less important than deploying the root CA, as any lapse in security in the chain could result in unintentional trust (or lack of trust).



    		Securing Windows Server 2003
    		Preface
    		Chapter 1. Introduction to Windows Server 2003 Security
    		Chapter 2. Basics of Computer Security
    		Chapter 3. Physical Security
    		Chapter 4. File System Security
    		Chapter 5. Group Policy and Security Templates
    		Chapter 6. Running Secure Code
    		Chapter 7. Authentication
    		Chapter 8. IP Security
    		Chapter 9. Certificates and Public Key Infrastructure
    		9.1 What Are Certificates?
    		9.2 What Do I Do with Certificates?
    		9.3 What Is a Certification Authority?
    		9.4 Deciding Between Public and Private Certification Authorities
    		9.5 Implementing a Public PKI
    		9.6 Planning Your Private Certification Hierarchy
    		9.7 Implementing a Private Certification Hierarchy
    		9.8 Maintaining Your Hierarchy
    		9.9 Summary
    		Chapter 10. Smart Card Technology
    		Chapter 11. DHCP and DNS Security
    		Chapter 12. Internet Information Services Security
    		Chapter 13. Active Directory Security
    		Chapter 14. Remote Access Security
    		Chapter 15. Auditing and Ongoing Security
    		Appendix A. Sending Secure Email
    		Colophon