2.3 PLAN FOR THE USE OF SMART CARDS FOR AUTHENTICATION. SUMMARY OF E...

6. - MCSE EXAM 70 293 PLANNING AND MAINTAINING A WINDOWS SERVER 2003 NETWORK INFRASTRUCTURE PHẦN 9 PPT 6. - MCSE EXAM 70 293 PLANNING AND MAINTAINING A WINDOWS SERVER 2003 NETWORK INFRASTRUCTURE PHẦN 9 PPT
MCSE EXAM 70 293 PLANNING AND MAINTAINING A WINDOWS SERVER 2003 NETWORK INFRASTRUCTURE PHẦN 9 PPT
6.2.3 Plan for the use of smart cards for authentication. Summary of Exam ObjectivesExam Objectives Fast TrackExam Objectives Frequently Asked QuestionsSelf TestSelf Test Quick Answer Key

861

Introduction

Public Key Infrastructure (PKI) is the method of choice for handling authentication issuesin large enterprise-level organizations today.Windows Server 2003 includes the tools youneed to create a PKI for your company and issue digital certificates to users, computers, andapplications.This chapter addresses the complex issues involved in planning a certificate-based PKI.We’ll provide an overview of the basic terminology and concepts relating to thepublic key infrastructure, and you’ll learn about public key cryptography and how it is usedto authenticate the identity of users, computers, and applications and services.We’ll discussthe role of digital certificates and the different types of certificates; user, machine, and appli-cation certificates.You’ll learn about certification authorities (CAs), the servers that issue certificates,including both public CAs and private CAs such as the ones you can implement on yourown network using Windows Server 2003’s certificate services. Next, we’ll discuss the CAhierarchy and how root CAs and subordinate CAs act together to provide for your organi-zation’s certificate needs.You’ll find out how the Microsoft certificate services work, andwe’ll walk you through the steps involved in implementing one or more certificationauthorities based on the needs of the organization.You’ll learn to determine the appropriateCA type – enterprise or stand-alone CA – for a given situation and how to plan the CAhierarchy and provide for security of your CAs.We’ll show you how to plan for enrollmentand distribution of certificates, including the use of certificate requests, role-based adminis-tration, and auto-enrollment deployment.Next, we’ll discuss how to implement the use of smart cards for authentication withinthe PKI.You’ll learn what smart cards are and how smart card authentication works, andwe’ll show you how to deploy smart card logon on your network.We’ll discuss smart cardreaders and show you how to set up a smart card enrollment station. Finally, we’ll discussthe procedures for using smart cards to log on to Windows, for remote access and VPNs,and to log on to a terminal server.

Planning a Windows Server 2003

EXAM