Microsoft Windows Server(TM) 2003 PKI and Certificate Security [Paperback]

Brian Komar (Author), Microsoft Corporation (Author)

Book Description

Publication Date: July 7, 2004

Capitalize on the built-in security services in Windows Server 2003—and deliver your own robust, public key infrastructure (PKI) based solutions at a fraction of the cost and time. This in-depth reference cuts straight to the details of designing and implementing certificate-based security solutions for PKI-enabled applications. Written by Brian Komar, a well-known network security and PKI expert, along with members of the Microsoft PKI Team, this guide describes real-world solutions and best practices for wireless networking, smart card authentication, VPNs, security-enhanced e-mail, Web SSL, EFS, and code-signing applications. Get the inside information and guidance you need to avoid common design and implementation mistakes, help minimize risk, and optimize security administration.

Discover how to:

• Strengthen PKI design with policy documents—security policies, certificate policies, and Certificate Practice Statements (CPS)
• Deploy a Windows Server 2003 PKI in an Active Directory environment
• Design, install, and take measures to help secure the CA hierarchy
• Plan PKI membership and implement role separation
• Issue certificates to computers, users, or network devices
• Create trust between organizations by using code signing and security-enhanced email
• Recover a user’s private key by archiving it for encryption certifications
• Plan and perform the deployment of Encrypting File System (EFS)
• Implement Web Secure Sockets Layer (SSL)
• Install the hardware and software required for smart card authentication

CD features:

• Timesaving tools and scripts
• Complete eBook in PDF format

A Note Regarding the CD or DVD

The print version of this book ships with a CD or DVD. For those customers purchasing one of the digital formats in which this book is available, we are pleased to offer the CD/DVD content as a free download via O'Reilly Media's Digital Distribution services. To download this content, please visit O'Reilly's web site, search for the title of this book to find its catalog page, and click on the link below the cover image (Examples, Companion Content, or Practice Files). Note that while we provide as much of the media content as we are able via free download, we are sometimes limited by licensing restrictions. Please direct any questions or concerns to booktech@oreilly.com.

Editorial Reviews

From the Publisher

This official Microsoft RESOURCE KIT delivers seven comprehensive volumes, including:

Microsoft Windows Security Resource Kit, Second Edition

Microsoft Windows Group Policy Guide

Microsoft Windows Registry Guide, Second Edition

Microsoft Windows Administrator’s Automation Toolkit

Microsoft Windows Internals, 4/e

Microsoft Windows Server 2003 Performance Guide

Microsoft Windows Server 2003 Troubleshooting Guide

The Resource Kit also includes:

1. Tools: 120+ ResKit Tools and Tools help files, plus 114 IIS ResKit tools

2. Scripting tool library: 120+ scripted tools with command-line interface

3. Group Policy utilities: group policy scripts, templates, and whitepapers

4. WS03 Technical Reference Collection: 5,400 pages created by the Windows UA team

5. Unique e-book library: e-book versions of the books in the RK, plus 4 other titles --This text refers to an out of print or unavailable edition of this title.

About the Author

Brian Komar is a principal consultant for Microsoft Corporation, specializing in network security and public key infrastructure (PKI). Brian has authored MCSE Training Kits, Microsoft Prescriptive Architecture Guides, and PKI white papers, and he is the coauthor of the Microsoft Windows Security Resource Kit. Brian is a frequent speaker at IT conferences such as Microsoft TechEd, MCP TechMentor, and Windows and .NET Magazine Connections.

David Cross, Microsoft’s PKI program manager is a contributing author to this book.

Product Details

• Paperback: 592 pages
• Publisher: Microsoft Press (July 7, 2004)
• Language: English
• ISBN-10: 0735620210
• ISBN-13: 978-0735620216
• Product Dimensions: 9 x 7.6 x 1.5 inches
• Shipping Weight: 2.6 pounds (View shipping rates and policies)
• Average Customer Review: 4.7 out of 5 stars  See all reviews (20 customer reviews)
• Amazon Best Sellers Rank: #211,568 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

17 of 18 people found the following review helpful:

5.0 out of 5 stars 7 Individual Books ++, July 20, 2005

By 

John Matlock "Gunny" (Winnemucca, NV) - See all my reviews
(REAL NAME)   

This review is from: Microsoft® Windows Server(TM) 2003 Resource Kit (Paperback)

This bundled set of books contains just about everything it is possible to know about Windows Server 2003. Well, maybe not everything, but everything you can include in four thousand six hundred and fifty pages, yes, 4650 pages.

In one slipcase, there are eight separate Microsoft manuals:

Windows Internals (4th Edition)
Windows Group Policy guide
Windows Security Resource Kit (2nd Edition)
Windows Server 2003 Performance Guide
Windows Server 2003 Troubleshooting Guide
Windows Registry Guide (2nd Edition)
Windows Administrator's Automation Toolkit
Windows Server 2003 Tools and Digital Resources (on CD)

The CD contains more material than the rest of the books put together including (guaranteed to be true as it contains all of the manuals just listed in eBook form),
More than 300 esential tools and utilities,
And collections of Technical References on:

Active Director
Core Operating System
Group Policy
High Availability and Scalability
Networking Collection
Storage Technologies
Windows Security

It would be pointless to talk about the contents of each book here as they are already described under their individual titles. What you get in the bundle is: lower price than when purchased individually, extra material on the CD, and a cardboard slipcase to keep them in.

10 of 10 people found the following review helpful:

5.0 out of 5 stars Microsoft Windows 2003 Server Resource Kit: Special Promotion Edition, August 2, 2005

By 

Marko Cruise "Aussie MCSE" (Melbourne, Australia) - See all my reviews
(REAL NAME)   

This review is from: Microsoft Windows Server 2003 Resource Kit: Special Promotional Edition (Pro-Resource Kit) (Paperback)

Worth every penny. This is a massive collection of harder to find resources to help you in your job as a Windows Server 2003 Systems Administrator. Time saving tools, tips, scripts and other resources will make this purchase pay for itself. The included CD ROM has all the material plus additional books in ebook format, so you can take it with you as a ready reference. If you are studying MCSA/MCSE, this resource will help you understand the technology as well as provide you with better tools so that you can apply your skills more efficiently.

10 of 10 people found the following review helpful:

5.0 out of 5 stars Great recource on how PKI can protect your network., January 13, 2005

By 

Steven L. Umbach (Bartlett, Il United States) - See all my reviews
(REAL NAME)   

Amazon Verified Purchase

This review is from: Microsoft Windows Server(TM) 2003 PKI and Certificate Security (Paperback)

The Windows Server 2003 PKI and Certificate Security book will demystify PKI and certificate based security implementations for you. It will be very helpful to anyone who wants to learn what PKI can do for them or needs to know the specifics of how to implement it in their network for many uses from large networks to the small office. For many the thought of PKI, intimidates them. It should not as it really is not that difficult and can improve your security tremendously over traditional password based authentication and allow use of strong encryption and digital signing [proof of entity and integrity]. PKI is used to generate public and private keypairs for use in applications such as L2TP VPN, IPSEC, 802.1X authentication for wireless and wired networks, EFS file encryption, application signing, secure email encryption and signing, SSL website security, and smart cards.

The book starts out with the basic concepts of PKI and the use of symmetric and asymmetric encrytpion and how they work together in PKI. It also explains digital signiatures - the other big use for certificates/private keys. It is written to be very understandable and the user or admin that has little understanding of PKI should have no problem learing the content and implemeting it. It does assume a basic understanding of Active Directory for Enterprise Certificate Authority use and also covers stand alone Certificate Authority. The book is also written so that you can refer to indivudual chapters such as the excellent chapter on how to implement 802.1X wireless if you do not need to know other material covered.

PKI hierarchy is well covered whether you need to install a single CA, levels of CA's in your network, or even how to setup cross trusts to other CA hierarchies for full trust or conditional trust. If you have a Windows 2000 forest you can learn how to prep your forest schema for using a Windows 2003 Enterprise CA to take advantage of the new features such as autoenrollent for XP clients, configurable version 2 certificate templates, and archivable private keys for certificates used for encryption.

Other important topics such as how to install a CA, configure a CAPolicy.inf file, use the certutil utility for many tasks, obtaining and implementing your own OID, role separation for those that need it, CRL and AIA publication points which is very important to the success of your PKI particularly if you are going to use an offline CA or for computers not on your network that use your certificates, configuring an offline CA and securing it, using HSM's - hardware security modules to protect the CA's private key, how to configure version 2 templates, configuring Group Policy for autoenrollment, configuring auditing, using Web Enrollment, how to backup and restore your CA and disaster recovery, how to publish certificates to Active Directory using certutil or PKIhealth tool, the concept of "chaining" to a trusted root CA [very important], and more. With the book comes a lot of helpful tools and scripts such as an example of a CAPolicy.inf and numerous scripts including enroll.vbs that can be used to enroll users on Windows 2000 computers for certificates via logon script.

The last part of the book is about application specific use of certificates such as for EFS, email, VPN, smart cards, and more. The chapters cover the advantages of using certifcates for each application, how to plan it, and the specifics of how to implement including how to configure certificate templates and issue certificates to users and computers in in a step by step fashion to have you up and running for that application. There are many tricks and traps in the book that can save a user a lot of time such as verifying that a VPN server is in the RAS and IAS servers group as one example. These tips show that the book is much more than a cut and paste of white papers as some books are. Then end of each chapter has links to many related KB articles, white papers, and RFC's for those that want more information.

I found the Windows Server 2003 PKI and Certificate Security book puts it all together for Windows 2003 PKI from understanding the concept of PKI to putting it to use in your own network to greatly enhance your security. Microsoft has many excellent white papers and articles on PKI for Windows 2003 but for many this book will be all that is needed and an invaluable resource for those that use it, plan to use it, or want to know more about it.