?
Solved

What is PKI & How does it work

Posted on 2013-12-10
10
Medium Priority
?
450 Views
Last Modified: 2014-01-10
What is PKI and  How does it work? Does that involve obtaining digital certificates and how are those applied to devices like firewall in the infrastructure?
0
Comment
Question by:SydNal2009
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +3
10 Comments
 
LVL 11

Expert Comment

by:BillBondo
ID: 39709404
A simple google and walla!!!

http://en.wikipedia.org/wiki/Public-key_infrastructure

Just for starters.
0
 
LVL 26

Assisted Solution

by:pony10us
pony10us earned 336 total points
ID: 39709427
PKI = Public Key Infrastructure.

Simple terms it is a form of encryption using prvate/public keys.  The encryption is performed with the private key which only the company/individual would have. The public key can be distributed to whomever the holder of the keys wishes. You would not be able to open a file that has been encrypted without the public key.

Here is a good Power Point tutorial on PKI:  http://www.cs.odu.edu/~mukka/cs772f07/lectures/day7/pkitutorial.ppt

Applying a cert to network equipment varies depending on the actual equipment.
0
 
LVL 3

Assisted Solution

by:cristiantm
cristiantm earned 1000 total points
ID: 39709493
Actually PKI is not a form of encryption, or anything like that. That would be assymetric crytography.

PKI means Public Key Infrastrutcture.

It is everything that is necessary to make assymetric cryptography practical in the real world. That may include hardware, software, policies, etc. By practical, I mean that you get a key pair and you can know who owns the private key, so you can use the assymetric (public/private key) algorithm for encrypting something to the right person, or to digitally sign data, or for authentication mechanisms.

That usually involves digital certificates. A certificate contains the public key and information on who owns the associated private key, and its content is digitally signed so this information can be verified. It may be signed by some trusted third party (X.509 PKIs), by other certificates (PGP), etc.

The question about firewalls is not clear. Could you please detail what you want to know?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 26

Expert Comment

by:pony10us
ID: 39709540
@cristiantm  -  Thank you for correcting me.  I was working on another issue at work involving encryption and didn't separate the two trains of thought very well.  

Must be age creeping up on me (more like slapping me in the face.  :)  )
0
 

Author Comment

by:SydNal2009
ID: 39709803
What I meant to ask is how do you apply the certificates, in regard to which devices they can be implemented? Is it a file you load onto a firewall, a NIDS, a server or a layer 7 proxy firewall?
0
 
LVL 3

Assisted Solution

by:cristiantm
cristiantm earned 1000 total points
ID: 39710129
Still not clear , sorry. What precisely do you want to archive or what situation you have that lead you to  this question?

A firewall/server/whatever may  use certificates for a lot of things. And how it is implemented is also very broad topic. Usually a device may use certificates to authenticate itself for other devices, and that probably means it will generate a key and ask someone to sign it. But certificates may have other usages...
0
 
LVL 15

Accepted Solution

by:
Giovanni Heward earned 332 total points
ID: 39710352
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 332 total points
ID: 39711072
Often devices create their own Certificates, and those are either pre-shared or simply accepted by the other client. This is the case for SSH, a secure tunneling protocol that allows you to send otherwise plain-text commands and other data, through a secure transport tunnel.
Firewalls for example, can create their own certs, you they can import ones of your choosing. For more about encryption have a look at my article, it doesn't cover PKI all that well, but it does touch on many common encryption and hashing questions:
http://www.experts-exchange.com/Security/Encryption/A_12134-Choosing-the-right-encryption-for-your-needs.html Other Articles I have too  may be of interest.
-rich
0
 
LVL 3

Assisted Solution

by:cristiantm
cristiantm earned 1000 total points
ID: 39711255
Just a small correction to rich´s post, ssh actually does not use certificates. You only share the public key and set it as trusted on the client side. There is no certificate involved.

However it is true that many devices create their own (self-signed) certificates. Moreover, some devices have a full "PKI" for managing user accounts and internal keys (root CA, intermediate CA, user certificates, keys and certificates for unlock some internal functions, etc.). Thats why the question is very hard to answer without knowing what exactly the author has in mind.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39711326
Correct, pedantic and correct. They use KEYS, self-generated keys :) But the principals are nearly the same, except for the trust/signing portion. The keys can be pre-shared like certificates do with the root cert's in your OS and browser, or you can merely accept them when you first connect, and trust them that way.
-rich
0

Featured Post

Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Read about achieving the basic levels of HRIS security in the workplace.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question