Muutke küpsiste eelistusi

PKI Uncovered: Certificate-Based Security Solutions for Next-Generation Networks [Pehme köide]

3.70/5 (16 hinnangut Goodreads-ist)
, ,
  • Formaat: Paperback / softback, 272 pages, kõrgus x laius x paksus: 231x189x14 mm, kaal: 458 g
  • Ilmumisaeg: 09-Mar-2011
  • Kirjastus: Cisco Press
  • ISBN-10: 1587059169
  • ISBN-13: 9781587059162
Teised raamatud teemal:
  • Pehme köide
  • Hind: 74,79 €*
  • * saadame teile pakkumise kasutatud raamatule, mille hind võib erineda kodulehel olevast hinnast
  • See raamat on trükist otsas, kuid me saadame teile pakkumise kasutatud raamatule.
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Lisa soovinimekirja
PKI Uncovered: Certificate-Based Security Solutions for Next-Generation NetworksSuurem pilt
  • Formaat: Paperback / softback, 272 pages, kõrgus x laius x paksus: 231x189x14 mm, kaal: 458 g
  • Ilmumisaeg: 09-Mar-2011
  • Kirjastus: Cisco Press
  • ISBN-10: 1587059169
  • ISBN-13: 9781587059162
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781587059162.html
Märksõnad:
-Plan the foundations of an effective PKI system

-Implement processes for certificate enrollment, expiration, renewal, verification, and enforcement

-Troubleshoot key generation, enrollment, and certificate verification issues

-Master PKI design, from the basics to complex enterprise hierarchies

-Implement large-scale, site-to-site VPN solutions that integrate PKI with GET-VPN or DMVPN

-Secure remote access with ASA-based IPsec and SSL VPNs, and Cisco VPN clients

-Deploy 802.1x certificates to control access at the switchport level

-Use certificates to manage identity for VolP and call management systems

-Integrate 802.1x. DMVPN, and PKI architecture to implement cohesive virtual office security

-Use Cisco Security Manager with PKI-based systems

-Migrate to PKI from IKE pre-shared keys

In response to growing needs for flexible, scalable, and secure authentication, thousands of organizations are implementing PKI-based identity management. In PKI Uncovered, three leading Cisco security experts bring together all the knowledge and techniques you need to successfully plan, design, deploy, operate, and troubleshoot PKI in your environment.

The authors share best practices and experiences drawn from their extensive experience helping Cisco customers deploy PKI in organizations with widely varying requirements.

They begin by introducing the foundational concepts of PKI and modern cryptography. Next they walk through high-level PKI design considerations, helping you make the best choices for your organization. They introduce several PKI design modules and show how to integrate these modules into comprehensive security solutions.

PKI Uncovered offers specific, detailed guidance on using PKI with Cisco router-based DMVPN, ASA, 802.1X, and Cisco GET VPN, as well as extensive troubleshooting assistance and two end-to-end case studies.
Introduction XIII
Part I Core Concepts
Chapter 1 Crypto Refresh
1(14)
Confidentiality, Integrity, Authenticity, Nonrepudiation
2(3)
Confidentiality
2(1)
Integrity
2(1)
Authenticity and Nonrepudiation
3(1)
Symmetric Encryption
3(1)
Advantages
4(1)
Challenges
4(1)
Example Algorithm: DES and 3DES
4(1)
Asymmetric Encryption
5(1)
Asymmetric Encryption Application: Authentication
5(1)
Asymmetric Encryption Application: Encryption
5(1)
Advantages
6(1)
Challenges
6(1)
Example: RSA
6(1)
Other Crypto Functions
6(2)
Hashes
7(1)
Digital Signatures
7(1)
Internet Key Exchange (IKE)
8(4)
IKE Phase 1
9(3)
IKE Phase 2
12(1)
Device Configuration: Certificates
12(1)
Summary
13(2)
Chapter 2 Understanding PKI Building Blocks
15(22)
Certificates
15(7)
Structure and Content
15(4)
Standards
19(3)
Certification Authority (CA)
22(2)
Role and Functions
23(1)
Private Versus Public CAs
23(1)
Subordinate Certification Authorities (Sub-CA)
24(2)
Role and Functions
24(1)
Hierarchies
24(2)
Registration Authority (RA)
26(1)
Role and Functions
26(1)
Endpoint Entities: Users and Devices
27(1)
Role and Functions
27(1)
Security Considerations
27(1)
Users Versus Devices
28(1)
Key and Certificate Storage
28(8)
Generalities
28(1)
Microsoft Windows Certificate Stores
28(1)
Linux
29(1)
MAC
29(1)
Cisco IOS
29(3)
Cisco ASA
32(2)
Smartcards
34(1)
Standards of Interests (ITU-T, PKCS, and ISO)
35(1)
Summary
36(1)
Chapter 3 PKI Processes and Procedures
37(20)
Enrollment
37(7)
Manual Enrollment
38(5)
SCEP-Based Enrollment
43(1)
Certificate Expiration and Renewal
44(2)
Auto-Enrollment
44(1)
Rollover
45(1)
Certificate Verification and Enforcement
46(7)
Certificate Revocation Lists
47(3)
Online Certificate Status Protocol
50(1)
PKI Integration with AAA
51(2)
PKI Resiliency
53(1)
Certificate Authority Resiliency
53(1)
Summary
54(3)
Chapter 4 Troubleshooting
57(40)
Keying Material Generation
57(6)
Key Sizes
58(1)
Label
58(1)
Exportable Keys
59(1)
Issues When Importing Key Pairs
60(3)
Enrollment Process
63(13)
Certificate Use and Validation
76(16)
Troubleshooting Flow Charts
92(3)
Summary
95(2)
Part II Design and Solutions
Chapter 5 Generic PKI Designs
97(12)
Basic Design with Flat CA Architecture
97(1)
Solution Elements
98(1)
Hierarchical Architecture
98(4)
Hierarchical Architecture Without Chaining
102(2)
Hierarchical Architecture with Chaining
104(4)
Certificate Chaining
104(4)
Summary
108(1)
Chapter 6 Integration in Large-Scale Site-to-Site VPN Solutions
109(46)
How Do VPN Technologies Use PKI as a Service?
109(1)
IKE Using Digital Certificates
110(1)
PKI Design and Leading Practices
110(25)
DMVPN Deployment Models
112(3)
DMVPN Integration with PKI
115(2)
DMVPN with Hub-and-Spoke Model
117(7)
DMVPN Integration with PKI Using a Spoke-to-Spoke Model
124(6)
DMVPN Migration from Preshared Authentication to Digital Certificates
130(5)
GETVPN PKI Design and Leading Practices
135(19)
GETVPN Overview
135(1)
GET VPN Deployment Models
135(1)
GETVPN Deployment with Dual Key Servers and Dual Subordinate CAs
136(2)
PKI Integration with GETVPN
138(8)
PKI Troubleshooting with VPN Examples
146(1)
NTP Issues
146(1)
CRL Checking
146(8)
Summary
154(1)
Chapter 7 Integration in Remote Access VPN Solutions
155(32)
Cisco IPsec VPN Remote Access
155(8)
Easy VPN Overview
156(1)
Deploying IPsec VPN Remote Access on the ASA
156(1)
Certificate Chaining
157(6)
Cisco VPN Client Using Digital Certificates
163(14)
SSL VPN Access
177(6)
SSL VPN Overview
177(6)
Troubleshooting the AnyConnect Solution
183(2)
Summary
185(2)
Chapter 8 Using 802.1X Certificates in Identity-Based Networking
187(10)
EAP-TLS: Certificate-Based 802.1x
188(7)
Step 1: Enroll ACS in the Certificate Authority
189(2)
Step 2: Add the CA in the Identity Store
191(1)
Step 3: Add AD as an External Database
192(1)
Step 4: Configure a Certificate Authentication Profile
192(1)
Step 5: Add an Access Service for 802.1x
192(2)
Step 6: Configure the Access Service Identity Policy
194(1)
Step 7: Configure Service Selection Rule
194(1)
Setting Up the Switch for EAP
195(1)
Summary
195(2)
Chapter 9 PKI in Unified Communications
197(12)
PKI Concepts in Cisco UC
197(3)
Manufacturer Installed Certificate (MIC)
197(1)
Local Certificates
198(1)
Creating Trust
198(2)
Certificates Distribution
200(1)
CAPF
200(1)
Phone Enrollment
201(1)
Applications
201(6)
Call Authentication and Encryption
201(2)
Software and Configuration Security
203(1)
802.1x and Network Admission Control
204(2)
ASA TLS Phone Proxy
206(1)
Phone—ASA TLS Proxy
207(1)
ASA TLS Proxy—CUCM Server
207(1)
Summary
207(2)
Part III Case Studies
Chapter 10 Understanding Cisco Virtual Office
209(8)
CVO PKI Highlights
212(3)
Summary
215(2)
Chapter 11 Deploying VPNs with PKI Using Cisco Security Manager
217(30)
Cisco ASA IPsec VPN Remote Access
218(16)
Easy VPN Overview
218(1)
Deploying IPsec VPN Remote Access on the ASA Using CSM
218(1)
Adding the Device into the CSM Domain
219(3)
Configure Enrollment Options
222(3)
Configure the Certificate Map
225(2)
Configure Remote Access VPN
227(7)
Deploying DMVPN Using CSM
234(6)
VPN Policy Configuration
236(4)
GETVPN Deployment Using CSM
240(5)
Summary
245(2)
Index 247