Need Advice on PKI and PKI research materials
tgfndotcom
Member Posts: 37 ■■□□□□□□□□
Our organization has been skirting around implementation of PKI, we are a microsoft shop so it is not a huge deal to follow microsoft best practices and build a internal PKI infrustructure.
As far as advice, we are in the process or multiple projects over the next few years, with the possiblilities of alot of Certificate usage (RMS, NAP, IPsec server isolation, Direct Access, Wired and Wireless 802.1x, networking team wants TLS if possible for Wireless, SCCM with external distribution point, sharepoint extranet for collaboration with other orgs, and i am sure there is more comming...)
I would like to see if anyone has a book, resource, cbt, something indepth on a scalable PKI for internal and external use, and options of different implementations.... I need to have a bit more information than i am finding to backup my thoughts and business analysis on how to build this infrustructure for our organization. Even some resources that show just external or internal choices to be made would help....
I have some time becuase i have tasked the security team to develop the Certificate policy and that will give me guidelines that they see as well as whatever i come up with
Any HELP would be great, i know there are some very intelligent people on these forums... that might be able to give a guy a point in the right direction..
thanks
As far as advice, we are in the process or multiple projects over the next few years, with the possiblilities of alot of Certificate usage (RMS, NAP, IPsec server isolation, Direct Access, Wired and Wireless 802.1x, networking team wants TLS if possible for Wireless, SCCM with external distribution point, sharepoint extranet for collaboration with other orgs, and i am sure there is more comming...)
I would like to see if anyone has a book, resource, cbt, something indepth on a scalable PKI for internal and external use, and options of different implementations.... I need to have a bit more information than i am finding to backup my thoughts and business analysis on how to build this infrustructure for our organization. Even some resources that show just external or internal choices to be made would help....
I have some time becuase i have tasked the security team to develop the Certificate policy and that will give me guidelines that they see as well as whatever i come up with
Any HELP would be great, i know there are some very intelligent people on these forums... that might be able to give a guy a point in the right direction..
thanks
Comments
-
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
Are you using 2003 or 2008? There are resource kit books from MS Press specifically for PKI for both versions. That's going to be your best resource, hands-down. You can usually get them on Amazon for a steal if you're ok with used. -
broc
Member Posts: 167
Are you using 2003 or 2008? There are resource kit books from MS Press specifically for PKI for both versions. That's going to be your best resource, hands-down. You can usually get them on Amazon for a steal if you're ok with used.
I'll second that advice, I've been using the 2008 version for the last week as I'm designing a complete PKI architecture for a new Windows Server 2008 forest and the resource is extremely thorough.
I also need to re-write a complete Security Policy... and that's going to keep me busy for a while! (if anybody has any good resource on that, don't hesitate to let me know).
Here is a few links I've been using for the PKi:
http://blogs.technet.com/askds/archive/2009/09/01/designing-and-implementing-a-pki-part-i-design-and-planning.aspx
http://blogs.technet.com/askds/archive/2009/10/15/windows-server-2008-r2-capolicy-inf-syntax.aspx
http://technet.microsoft.com/en-us/library/cc778985(WS.10).aspx"Not everything that counts can be counted, and not everything that can be counted counts.” -
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
I also need to re-write a complete Security Policy... and that's going to keep me busy for a while! (if anybody has any good resource on that, don't hesitate to let me know).
SANS: Information Security Policy Templates -
broc
Member Posts: 167
Thanks Dynamik, great resource!
I spend hours on the sans website reading articles but didn't think of looking there for a template."Not everything that counts can be counted, and not everything that can be counted counts.” -
tgfndotcom
Member Posts: 37 ■■□□□□□□□□
thanks guys, i will check these out ..... i really appreciate the jump start on this with everything else going on, i just wanted to be able to focus on the correct material rather than fishing through everything for days/weeks