Solved

What is PKI & How does it work

Posted on 2013-12-10
10
434 Views
Last Modified: 2014-01-10
What is PKI and  How does it work? Does that involve obtaining digital certificates and how are those applied to devices like firewall in the infrastructure?
0
Comment
Question by:SydNal2009
  • 3
  • 2
  • 2
  • +3
10 Comments
 
LVL 11

Expert Comment

by:BillBondo
ID: 39709404
A simple google and walla!!!

http://en.wikipedia.org/wiki/Public-key_infrastructure

Just for starters.
0
 
LVL 26

Assisted Solution

by:pony10us
pony10us earned 84 total points
ID: 39709427
PKI = Public Key Infrastructure.

Simple terms it is a form of encryption using prvate/public keys.  The encryption is performed with the private key which only the company/individual would have. The public key can be distributed to whomever the holder of the keys wishes. You would not be able to open a file that has been encrypted without the public key.

Here is a good Power Point tutorial on PKI:  http://www.cs.odu.edu/~mukka/cs772f07/lectures/day7/pkitutorial.ppt

Applying a cert to network equipment varies depending on the actual equipment.
0
 
LVL 3

Assisted Solution

by:cristiantm
cristiantm earned 250 total points
ID: 39709493
Actually PKI is not a form of encryption, or anything like that. That would be assymetric crytography.

PKI means Public Key Infrastrutcture.

It is everything that is necessary to make assymetric cryptography practical in the real world. That may include hardware, software, policies, etc. By practical, I mean that you get a key pair and you can know who owns the private key, so you can use the assymetric (public/private key) algorithm for encrypting something to the right person, or to digitally sign data, or for authentication mechanisms.

That usually involves digital certificates. A certificate contains the public key and information on who owns the associated private key, and its content is digitally signed so this information can be verified. It may be signed by some trusted third party (X.509 PKIs), by other certificates (PGP), etc.

The question about firewalls is not clear. Could you please detail what you want to know?
0
 
LVL 26

Expert Comment

by:pony10us
ID: 39709540
@cristiantm  -  Thank you for correcting me.  I was working on another issue at work involving encryption and didn't separate the two trains of thought very well.  

Must be age creeping up on me (more like slapping me in the face.  :)  )
0
 

Author Comment

by:SydNal2009
ID: 39709803
What I meant to ask is how do you apply the certificates, in regard to which devices they can be implemented? Is it a file you load onto a firewall, a NIDS, a server or a layer 7 proxy firewall?
0
Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

 
LVL 3

Assisted Solution

by:cristiantm
cristiantm earned 250 total points
ID: 39710129
Still not clear , sorry. What precisely do you want to archive or what situation you have that lead you to  this question?

A firewall/server/whatever may  use certificates for a lot of things. And how it is implemented is also very broad topic. Usually a device may use certificates to authenticate itself for other devices, and that probably means it will generate a key and ask someone to sign it. But certificates may have other usages...
0
 
LVL 14

Accepted Solution

by:
Giovanni Heward earned 83 total points
ID: 39710352
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 83 total points
ID: 39711072
Often devices create their own Certificates, and those are either pre-shared or simply accepted by the other client. This is the case for SSH, a secure tunneling protocol that allows you to send otherwise plain-text commands and other data, through a secure transport tunnel.
Firewalls for example, can create their own certs, you they can import ones of your choosing. For more about encryption have a look at my article, it doesn't cover PKI all that well, but it does touch on many common encryption and hashing questions:
http://www.experts-exchange.com/Security/Encryption/A_12134-Choosing-the-right-encryption-for-your-needs.html Other Articles I have too  may be of interest.
-rich
0
 
LVL 3

Assisted Solution

by:cristiantm
cristiantm earned 250 total points
ID: 39711255
Just a small correction to rich´s post, ssh actually does not use certificates. You only share the public key and set it as trusted on the client side. There is no certificate involved.

However it is true that many devices create their own (self-signed) certificates. Moreover, some devices have a full "PKI" for managing user accounts and internal keys (root CA, intermediate CA, user certificates, keys and certificates for unlock some internal functions, etc.). Thats why the question is very hard to answer without knowing what exactly the author has in mind.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39711326
Correct, pedantic and correct. They use KEYS, self-generated keys :) But the principals are nearly the same, except for the trust/signing portion. The keys can be pre-shared like certificates do with the root cert's in your OS and browser, or you can merely accept them when you first connect, and trust them that way.
-rich
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most computer users do not realize how important their passwords are. Here’s the straight scoop on why you need a good password and how to create super strong passwords that are easy to remember and hard to crack. Thieves Are Trying to Steal Yo…
Read about achieving the basic levels of HRIS security in the workplace.
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now