Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

What is PKI & How does it work

Posted on 2013-12-10
10
Medium Priority
?
458 Views
Last Modified: 2014-01-10
What is PKI and  How does it work? Does that involve obtaining digital certificates and how are those applied to devices like firewall in the infrastructure?
0
Comment
Question by:SydNal2009
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +3
10 Comments
 
LVL 11

Expert Comment

by:BillBondo
ID: 39709404
A simple google and walla!!!

http://en.wikipedia.org/wiki/Public-key_infrastructure

Just for starters.
0
 
LVL 26

Assisted Solution

by:pony10us
pony10us earned 336 total points
ID: 39709427
PKI = Public Key Infrastructure.

Simple terms it is a form of encryption using prvate/public keys.  The encryption is performed with the private key which only the company/individual would have. The public key can be distributed to whomever the holder of the keys wishes. You would not be able to open a file that has been encrypted without the public key.

Here is a good Power Point tutorial on PKI:  http://www.cs.odu.edu/~mukka/cs772f07/lectures/day7/pkitutorial.ppt

Applying a cert to network equipment varies depending on the actual equipment.
0
 
LVL 3

Assisted Solution

by:cristiantm
cristiantm earned 1000 total points
ID: 39709493
Actually PKI is not a form of encryption, or anything like that. That would be assymetric crytography.

PKI means Public Key Infrastrutcture.

It is everything that is necessary to make assymetric cryptography practical in the real world. That may include hardware, software, policies, etc. By practical, I mean that you get a key pair and you can know who owns the private key, so you can use the assymetric (public/private key) algorithm for encrypting something to the right person, or to digitally sign data, or for authentication mechanisms.

That usually involves digital certificates. A certificate contains the public key and information on who owns the associated private key, and its content is digitally signed so this information can be verified. It may be signed by some trusted third party (X.509 PKIs), by other certificates (PGP), etc.

The question about firewalls is not clear. Could you please detail what you want to know?
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 26

Expert Comment

by:pony10us
ID: 39709540
@cristiantm  -  Thank you for correcting me.  I was working on another issue at work involving encryption and didn't separate the two trains of thought very well.  

Must be age creeping up on me (more like slapping me in the face.  :)  )
0
 

Author Comment

by:SydNal2009
ID: 39709803
What I meant to ask is how do you apply the certificates, in regard to which devices they can be implemented? Is it a file you load onto a firewall, a NIDS, a server or a layer 7 proxy firewall?
0
 
LVL 3

Assisted Solution

by:cristiantm
cristiantm earned 1000 total points
ID: 39710129
Still not clear , sorry. What precisely do you want to archive or what situation you have that lead you to  this question?

A firewall/server/whatever may  use certificates for a lot of things. And how it is implemented is also very broad topic. Usually a device may use certificates to authenticate itself for other devices, and that probably means it will generate a key and ask someone to sign it. But certificates may have other usages...
0
 
LVL 15

Accepted Solution

by:
Giovanni Heward earned 332 total points
ID: 39710352
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 332 total points
ID: 39711072
Often devices create their own Certificates, and those are either pre-shared or simply accepted by the other client. This is the case for SSH, a secure tunneling protocol that allows you to send otherwise plain-text commands and other data, through a secure transport tunnel.
Firewalls for example, can create their own certs, you they can import ones of your choosing. For more about encryption have a look at my article, it doesn't cover PKI all that well, but it does touch on many common encryption and hashing questions:
http://www.experts-exchange.com/Security/Encryption/A_12134-Choosing-the-right-encryption-for-your-needs.html Other Articles I have too  may be of interest.
-rich
0
 
LVL 3

Assisted Solution

by:cristiantm
cristiantm earned 1000 total points
ID: 39711255
Just a small correction to rich´s post, ssh actually does not use certificates. You only share the public key and set it as trusted on the client side. There is no certificate involved.

However it is true that many devices create their own (self-signed) certificates. Moreover, some devices have a full "PKI" for managing user accounts and internal keys (root CA, intermediate CA, user certificates, keys and certificates for unlock some internal functions, etc.). Thats why the question is very hard to answer without knowing what exactly the author has in mind.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39711326
Correct, pedantic and correct. They use KEYS, self-generated keys :) But the principals are nearly the same, except for the trust/signing portion. The keys can be pre-shared like certificates do with the root cert's in your OS and browser, or you can merely accept them when you first connect, and trust them that way.
-rich
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question