{"id":700,"date":"2006-04-09T08:32:00","date_gmt":"2006-04-09T08:32:00","guid":{"rendered":"http:\/\/markwilson.me.uk\/blog\/2006\/04\/putting-pki-into-practice.htm"},"modified":"2007-03-09T14:49:26","modified_gmt":"2007-03-09T14:49:26","slug":"putting-pki-into-practice","status":"publish","type":"post","link":"https:\/\/www.markwilson.co.uk\/blog\/2006\/04\/putting-pki-into-practice.htm","title":{"rendered":"Putting PKI into practice"},"content":{"rendered":"<p><!--6901862985506619460-->Recently, I blogged about <a href=\"https:\/\/www.markwilson.co.uk\/blog\/2006\/03\/publicprivate-key-cryptography-in.htm\">public\/private key cryptography in plain(ish) English<\/a>.  That post was based on a session which I saw Microsoft UK&#8217;s <a href=\"http:\/\/blogs.technet.com\/steve_lamb\/\">Steve Lamb<\/a> present.  A couple of weeks back, I saw the follow-up session, where Steve put some of this into practice, securing websites, e-mail and files.<\/p>\n<p>Before looking at my notes from Steve&#8217;s demos, it&#8217;s worth picking up on a few items that were either not covered in the previous post, or which could be useful in understanding what follows:<\/p>\n<ul>\n<li>In the previous post, I described encryption using symmetric and asymmetric keys; however many real-world scenarios involve a hybrid approach.  In such an approach, a random number generator is used to seed a symmetric session key which contains a shared secret.  That key is then encrypted asymmetrically for distribution to one or more recipients. Once distributed, the (fast) symmetrical encrypted session key can be used.<\/li>\n<li>If using the certificate authority (CA) built into Windows, it&#8217;s useful to note that this can be installed in standalone or enterprise mode.  The difference is that enterprise mode is integrated with Active Directory, allowing the automatic publishing of certificates.  In a real-world environment, multiple-tiers of CA would be used and standalone or enterprise CAs can both be used as either root or issuing CAs.  It&#8217;s also worth noting that whilst the supplied certificate templates cannot be edited, they can be copied and the copies amended.<\/li>\n<li>Whilst it is technically possible to have one public\/private key pair and an associated certificate for multiple circumstances, there are often administrative purposes for separating them.  For example, in life one would not have common keys for their house and their car, in case they needed to change one without giving access to the other away.  Another analogy is to compare with single sign on, where it is convenient to have access to all systems, but may be more secure to have one set of access permissions per computer system.<\/li>\n<\/ul>\n<p>The rest of this post describes the practical demonstrations which Steve gave for using PKI in the real world.<\/p>\n<p>Securing a web site using HTTPS is relatively simple:<\/p>\n<ol>\n<li>Create the site.<\/li>\n<li>Enrol for a web server certificate (this authenticates the server to the client and it is important that the common name in the certificate matches the fully qualified server name, in order to prevent warnings on the client).<\/li>\n<li>Configure the web server to use secure sockets layer (SSL) for the site &#8211; either forced or allowed.<\/li>\n<\/ol>\n<p>Sometimes web sites will be published via a firewall (such as ISA Server), which to the outside world would appear to be the web server.  Using such an approach for an SSL-secured site, the certificate would be installed on the firewall (along with the corresponding private key).  This has the advantage of letting intelligent application layer firewalls inspect inbound HTTPS traffic before passing it on to the web server (either as HTTP or HTTPS, possibly over IPSec).  Each site is published by creating a listener &#8211; i.e. telling the firewall to listen on a particular port for traffic destined for a particular site.  Sites cannot share a listener, so if one site is already listening on port 443, other sites will need to be allocated different port numbers.<\/p>\n<p>Another common scenario is load-balancing.  In such circumstances, the certificate would need to be installed on each server which appears to be the website.  It&#8217;s important to note that some CAs may prohibit such actions in the licensing for a server certificate, in which case a certificate would need to be purchased for each server.<\/p>\n<p>Interestingly, it is possible to publish a site using 0-bit SSL encryption &#8211; i.e. unencrypted but still appearing as secure (i.e. URL includes https:\/\/ and a padlock is displayed in the browser).  Such a scenario is rare (at least among reputable websites), but is something to watch out for.<\/p>\n<p>Configuring secure e-mail is also straightforward:<\/p>\n<ol>\n<li>Enrol for a user certificate (if using a Windows CA, this can either be achieved via a browser connection to http:\/\/servername\/certsrv or by using the appropriate MMC snap-ins).<\/li>\n<li>Configure the e-mail client to use the certificate (which can be viewed within the web browser configuration, or using the appropriate MMC snap-in).<\/li>\n<li>When sending a message, opt to sign or encrypt e-mail (show icons).<\/li>\n<\/ol>\n<p>Signed e-mail requires that the recipient trusts the issuer, but they do not necessarily need to have access to the issuing CA; however, this may be a reason to use an external CA to issue the certificate.  Encrypted e-mail requires access to the user&#8217;s public key (in a certificate).<\/p>\n<p>To demonstrate access to a tampered e-mail, Steve turned off Outlook&#8217;s cached mode and directly edited a message on the server (using the Exchange Server M: drive to edit a .EML file)<\/p>\n<p>Another possible use for a PKI is in securing files.  There are a number of levels of file access security, from BIOS passwords (problematic to manage); <a href=\"https:\/\/www.markwilson.co.uk\/blog\/2005\/12\/securing-your-windows-computer-with.htm\">syskey<\/a> mode 3 (useful for protecting access to notebook PCs &#8211; a system restore disk will be required for forgotten syskey passwords\/lost key storage); good passwords\/passphrases to mitigate known hash attacks; and finally the Windows encrypting file system (EFS).<\/p>\n<p>EFS is transparent to both applications and users except that encrypted files are displayed as green in Windows Explorer (cf. blue compressed files).  EFS is also unfeasible to break so recovery agents should be implemented.  There are however some EFS &#8220;gotchas&#8221; to watch out for:<\/p>\n<ul>\n<li>EFS is expensive in terms of CPU time, so may be best offloaded to hardware.<\/li>\n<li>When using EFS with groups, if the group membership changes after the file is encrypted, new users are still denied access.  Consequently using EFS with groups is not recommended.<\/li>\n<li>EFS certificates should be backed up &#8211; with the keys!  If there is no PKI or data recovery agent (DRA) then access to the files will be lost (UK readers should consider the consequences of the regulation of investigatory powers act 2000 if encrypted data cannot be recovered). Windows users can use the <code>cipher \/x<\/code> command to store certificates and keys in a file (e.g. on a USB drive).  Private keys can also be exported (in Windows) using the <a href=\"http:\/\/technet2.microsoft.com\/WindowsServer\/en\/library\/0dda0297-6b7b-4a2d-9162-9098a2e0a09b1033.mspx\">certificate export wizard<\/a>.<\/li>\n<\/ul>\n<p>Best practice indicates:<\/p>\n<ul>\n<li>The DRA should be exported and removed from the computer.<\/li>\n<li>Plain text shreds should be eliminated (e.g. using <code>cipher \/w<\/code> to write 00 and FF to the disk at random).<\/li>\n<li>Use an enterprise CA with automatic enrollment and a DRA configured via group policy.<\/li>\n<\/ul>\n<p>More information can be found in Steve&#8217;s article on <a href=\"http:\/\/www.microsoft.com\/technet\/technetmag\/issues\/2005\/11\/ImproveSecurity\/\">improving web security with encryption and firewall technologies<\/a> in Microsoft&#8217;s November 2005 issue of <a href=\"http:\/\/www.microsoft.com\/technet\/technetmag\/\">TechNet magazine<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recently, I blogged about public\/private key cryptography in plain(ish) English. That post was based on a session which I saw Microsoft UK&#8217;s Steve Lamb present. A couple of weeks back, I saw the follow-up session, where Steve put some of this into practice, securing websites, e-mail and files. Before looking at my notes from Steve&#8217;s &hellip; <a href=\"https:\/\/www.markwilson.co.uk\/blog\/2006\/04\/putting-pki-into-practice.htm\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Putting PKI into practice<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[],"tags":[33,43],"class_list":["post-700","post","type-post","status-publish","format-standard","hentry","tag-windows","tag-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Putting PKI into practice - markwilson.it<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.markwilson.co.uk\/blog\/2006\/04\/putting-pki-into-practice.htm\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Putting PKI into practice - markwilson.it\" \/>\n<meta property=\"og:description\" content=\"Recently, I blogged about public\/private key cryptography in plain(ish) English. That post was based on a session which I saw Microsoft UK&#8217;s Steve Lamb present. A couple of weeks back, I saw the follow-up session, where Steve put some of this into practice, securing websites, e-mail and files. Before looking at my notes from Steve&#8217;s &hellip; Continue reading Putting PKI into practice\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.markwilson.co.uk\/blog\/2006\/04\/putting-pki-into-practice.htm\" \/>\n<meta property=\"og:site_name\" content=\"markwilson.it\" \/>\n<meta property=\"article:published_time\" content=\"2006-04-09T08:32:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2007-03-09T14:49:26+00:00\" \/>\n<meta name=\"author\" content=\"Mark Wilson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@markwilsonit\" \/>\n<meta name=\"twitter:site\" content=\"@markwilsonit\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mark Wilson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2006\\\/04\\\/putting-pki-into-practice.htm#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2006\\\/04\\\/putting-pki-into-practice.htm\"},\"author\":{\"name\":\"Mark Wilson\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"headline\":\"Putting PKI into practice\",\"datePublished\":\"2006-04-09T08:32:00+00:00\",\"dateModified\":\"2007-03-09T14:49:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2006\\\/04\\\/putting-pki-into-practice.htm\"},\"wordCount\":1117,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"keywords\":[\"Microsoft Windows\",\"Security\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2006\\\/04\\\/putting-pki-into-practice.htm#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2006\\\/04\\\/putting-pki-into-practice.htm\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2006\\\/04\\\/putting-pki-into-practice.htm\",\"name\":\"Putting PKI into practice - markwilson.it\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#website\"},\"datePublished\":\"2006-04-09T08:32:00+00:00\",\"dateModified\":\"2007-03-09T14:49:26+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2006\\\/04\\\/putting-pki-into-practice.htm#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2006\\\/04\\\/putting-pki-into-practice.htm\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2006\\\/04\\\/putting-pki-into-practice.htm#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Putting PKI into practice\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/\",\"name\":\"markwilson.it\",\"description\":\"get-info -class technology | write-output &gt; \\\/dev\\\/web\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\",\"name\":\"Mark Wilson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"width\":800,\"height\":800,\"caption\":\"Mark Wilson\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\"},\"description\":\"A Chartered IT Professional, with recent experience in technology leadership, IT strategy and practice management roles, Mark Wilson is an Enterprise Architect in the Advisory and Management Group at risual. During a career spanning more than two decades, Mark has gained widespread recognition as an expert in his field including both industry and national press exposure. In addition to certifications from Microsoft, VMware, Red Hat, The Open Group and Axelos, Mark held a Microsoft Most Valuable Professional (MVP) award for three years and is now part of the MVP Reconnect programme. Mark is also well-known on social media and maintains an award-winning blog.\",\"sameAs\":[\"http:\\\/\\\/www.markwilson.co.uk\\\/\",\"https:\\\/\\\/www.instagram.com\\\/markwilsonuk\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/markawilson\\\/\",\"https:\\\/\\\/x.com\\\/markwilsonit\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCWHlZCoHRTocdvtrOJ2IL4A\"],\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/author\\\/mark-wilson\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Putting PKI into practice - markwilson.it","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.markwilson.co.uk\/blog\/2006\/04\/putting-pki-into-practice.htm","og_locale":"en_GB","og_type":"article","og_title":"Putting PKI into practice - markwilson.it","og_description":"Recently, I blogged about public\/private key cryptography in plain(ish) English. That post was based on a session which I saw Microsoft UK&#8217;s Steve Lamb present. A couple of weeks back, I saw the follow-up session, where Steve put some of this into practice, securing websites, e-mail and files. Before looking at my notes from Steve&#8217;s &hellip; Continue reading Putting PKI into practice","og_url":"https:\/\/www.markwilson.co.uk\/blog\/2006\/04\/putting-pki-into-practice.htm","og_site_name":"markwilson.it","article_published_time":"2006-04-09T08:32:00+00:00","article_modified_time":"2007-03-09T14:49:26+00:00","author":"Mark Wilson","twitter_card":"summary_large_image","twitter_creator":"@markwilsonit","twitter_site":"@markwilsonit","twitter_misc":{"Written by":"Mark Wilson","Estimated reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.markwilson.co.uk\/blog\/2006\/04\/putting-pki-into-practice.htm#article","isPartOf":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2006\/04\/putting-pki-into-practice.htm"},"author":{"name":"Mark Wilson","@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"headline":"Putting PKI into practice","datePublished":"2006-04-09T08:32:00+00:00","dateModified":"2007-03-09T14:49:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2006\/04\/putting-pki-into-practice.htm"},"wordCount":1117,"commentCount":1,"publisher":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"keywords":["Microsoft Windows","Security"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.markwilson.co.uk\/blog\/2006\/04\/putting-pki-into-practice.htm#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.markwilson.co.uk\/blog\/2006\/04\/putting-pki-into-practice.htm","url":"https:\/\/www.markwilson.co.uk\/blog\/2006\/04\/putting-pki-into-practice.htm","name":"Putting PKI into practice - markwilson.it","isPartOf":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#website"},"datePublished":"2006-04-09T08:32:00+00:00","dateModified":"2007-03-09T14:49:26+00:00","breadcrumb":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2006\/04\/putting-pki-into-practice.htm#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.markwilson.co.uk\/blog\/2006\/04\/putting-pki-into-practice.htm"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.markwilson.co.uk\/blog\/2006\/04\/putting-pki-into-practice.htm#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.markwilson.co.uk\/blog"},{"@type":"ListItem","position":2,"name":"Putting PKI into practice"}]},{"@type":"WebSite","@id":"https:\/\/www.markwilson.co.uk\/blog\/#website","url":"https:\/\/www.markwilson.co.uk\/blog\/","name":"markwilson.it","description":"get-info -class technology | write-output &gt; \/dev\/web","publisher":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.markwilson.co.uk\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":["Person","Organization"],"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468","name":"Mark Wilson","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","url":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","width":800,"height":800,"caption":"Mark Wilson"},"logo":{"@id":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1"},"description":"A Chartered IT Professional, with recent experience in technology leadership, IT strategy and practice management roles, Mark Wilson is an Enterprise Architect in the Advisory and Management Group at risual. During a career spanning more than two decades, Mark has gained widespread recognition as an expert in his field including both industry and national press exposure. In addition to certifications from Microsoft, VMware, Red Hat, The Open Group and Axelos, Mark held a Microsoft Most Valuable Professional (MVP) award for three years and is now part of the MVP Reconnect programme. Mark is also well-known on social media and maintains an award-winning blog.","sameAs":["http:\/\/www.markwilson.co.uk\/","https:\/\/www.instagram.com\/markwilsonuk\/","https:\/\/www.linkedin.com\/in\/markawilson\/","https:\/\/x.com\/markwilsonit","https:\/\/www.youtube.com\/channel\/UCWHlZCoHRTocdvtrOJ2IL4A"],"url":"https:\/\/www.markwilson.co.uk\/blog\/author\/mark-wilson"}]}},"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":263,"url":"https:\/\/www.markwilson.co.uk\/blog\/2005\/08\/introduction-to-ipsec.htm","url_meta":{"origin":700,"position":0},"title":"An introduction to IPSec","author":"Mark Wilson","date":"Tuesday 30 August 2005","format":false,"excerpt":"I've been meaning to write something about Internet protocol security (IPSec) ever since I heard Steve Lamb talk about it a few months back but Owen Cutajar blogged about Steve Friedl's Illustrated Guide to IPSec a few days back which gives a much better description than I ever will! Steve's\u2026","rel":"","context":"In \"Security\"","block_context":{"text":"Security","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/security"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":541,"url":"https:\/\/www.markwilson.co.uk\/blog\/2006\/03\/publicprivate-key-cryptography-in.htm","url_meta":{"origin":700,"position":1},"title":"Public\/private key cryptography in plain(ish) English","author":"Mark Wilson","date":"Wednesday 22 March 2006","format":false,"excerpt":"Public key infrastructure (PKI) is one of those things that sounds like a good idea, but which I can never get my head around. It seems to involve so many terms to get to grips with and so, when Steve Lamb presented a \"plain English\" PKI session at Microsoft UK\u2026","rel":"","context":"In \"Security\"","block_context":{"text":"Security","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/security"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":392,"url":"https:\/\/www.markwilson.co.uk\/blog\/2005\/06\/kerberos-authentication-explained.htm","url_meta":{"origin":700,"position":2},"title":"Kerberos authentication explained","author":"Mark Wilson","date":"Monday 6 June 2005","format":false,"excerpt":"Authentication and authorisation are often thought of as a single process but the two are actually distinct operations that may even use separate storage locations for the authentication and authorisation data. Authentication is about verifying identity, based on one or more factors, for example something that someone knows (e.g. a\u2026","rel":"","context":"In \"Security\"","block_context":{"text":"Security","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/security"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":303,"url":"https:\/\/www.markwilson.co.uk\/blog\/2006\/06\/making-sense-of-public-key.htm","url_meta":{"origin":700,"position":3},"title":"Making sense of public key infrastructure","author":"Mark Wilson","date":"Friday 30 June 2006","format":false,"excerpt":"I've written a bit on this blog previously in an attempt to demystify public key infrastructure (PKI) but a fellow contributor to the Microsoft Industry Insiders blog, Adrian Beasley, has written an extensive article entitled make sense of public key infrastructure, which could be very useful for anyone trying to\u2026","rel":"","context":"In \"Security\"","block_context":{"text":"Security","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/security"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":199,"url":"https:\/\/www.markwilson.co.uk\/blog\/2005\/12\/wireless-security-and-secure-remote.htm","url_meta":{"origin":700,"position":4},"title":"Wireless security and secure remote access","author":"Mark Wilson","date":"Friday 9 December 2005","format":false,"excerpt":"Last night, I attended Steve Lamb's Microsoft TechNet UK briefing on wireless security and secure remote access. I won't repeat the entire content here, because Steve has an article in the November\/December issue of Microsoft TechNet magazine, entitled improve your web security with encryption and firewall technologies, which, when combined\u2026","rel":"","context":"In \"Microsoft ISA Server\"","block_context":{"text":"Microsoft ISA Server","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/isa"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7352,"url":"https:\/\/www.markwilson.co.uk\/blog\/2017\/12\/7352.htm","url_meta":{"origin":700,"position":5},"title":"Microsoft SQL Server overview","author":"Mark Wilson","date":"Tuesday 19 December 2017","format":false,"excerpt":"I wrote this post a few months ago... and it crashed my blog. Gone. Needed to be restored from backup... ...hopefully this time I'll have more luck! One of the advantages of being in the MVP Reconnect programme is that I occasionally get invited to webcasts that open my eyes\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/www.markwilson.co.uk\/blog\/topic\/technology"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/700","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=700"}],"version-history":[{"count":0,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/700\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=700"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=700"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=700"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}