Solved

What is PKI & How does it work

Posted on 2013-12-10
10
432 Views
Last Modified: 2014-01-10
What is PKI and  How does it work? Does that involve obtaining digital certificates and how are those applied to devices like firewall in the infrastructure?
0
Comment
Question by:SydNal2009
  • 3
  • 2
  • 2
  • +3
10 Comments
 
LVL 11

Expert Comment

by:BillBondo
ID: 39709404
A simple google and walla!!!

http://en.wikipedia.org/wiki/Public-key_infrastructure

Just for starters.
0
 
LVL 26

Assisted Solution

by:pony10us
pony10us earned 84 total points
ID: 39709427
PKI = Public Key Infrastructure.

Simple terms it is a form of encryption using prvate/public keys.  The encryption is performed with the private key which only the company/individual would have. The public key can be distributed to whomever the holder of the keys wishes. You would not be able to open a file that has been encrypted without the public key.

Here is a good Power Point tutorial on PKI:  http://www.cs.odu.edu/~mukka/cs772f07/lectures/day7/pkitutorial.ppt

Applying a cert to network equipment varies depending on the actual equipment.
0
 
LVL 3

Assisted Solution

by:cristiantm
cristiantm earned 250 total points
ID: 39709493
Actually PKI is not a form of encryption, or anything like that. That would be assymetric crytography.

PKI means Public Key Infrastrutcture.

It is everything that is necessary to make assymetric cryptography practical in the real world. That may include hardware, software, policies, etc. By practical, I mean that you get a key pair and you can know who owns the private key, so you can use the assymetric (public/private key) algorithm for encrypting something to the right person, or to digitally sign data, or for authentication mechanisms.

That usually involves digital certificates. A certificate contains the public key and information on who owns the associated private key, and its content is digitally signed so this information can be verified. It may be signed by some trusted third party (X.509 PKIs), by other certificates (PGP), etc.

The question about firewalls is not clear. Could you please detail what you want to know?
0
 
LVL 26

Expert Comment

by:pony10us
ID: 39709540
@cristiantm  -  Thank you for correcting me.  I was working on another issue at work involving encryption and didn't separate the two trains of thought very well.  

Must be age creeping up on me (more like slapping me in the face.  :)  )
0
 

Author Comment

by:SydNal2009
ID: 39709803
What I meant to ask is how do you apply the certificates, in regard to which devices they can be implemented? Is it a file you load onto a firewall, a NIDS, a server or a layer 7 proxy firewall?
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 3

Assisted Solution

by:cristiantm
cristiantm earned 250 total points
ID: 39710129
Still not clear , sorry. What precisely do you want to archive or what situation you have that lead you to  this question?

A firewall/server/whatever may  use certificates for a lot of things. And how it is implemented is also very broad topic. Usually a device may use certificates to authenticate itself for other devices, and that probably means it will generate a key and ask someone to sign it. But certificates may have other usages...
0
 
LVL 14

Accepted Solution

by:
Giovanni Heward earned 83 total points
ID: 39710352
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 83 total points
ID: 39711072
Often devices create their own Certificates, and those are either pre-shared or simply accepted by the other client. This is the case for SSH, a secure tunneling protocol that allows you to send otherwise plain-text commands and other data, through a secure transport tunnel.
Firewalls for example, can create their own certs, you they can import ones of your choosing. For more about encryption have a look at my article, it doesn't cover PKI all that well, but it does touch on many common encryption and hashing questions:
http://www.experts-exchange.com/Security/Encryption/A_12134-Choosing-the-right-encryption-for-your-needs.html Other Articles I have too  may be of interest.
-rich
0
 
LVL 3

Assisted Solution

by:cristiantm
cristiantm earned 250 total points
ID: 39711255
Just a small correction to rich´s post, ssh actually does not use certificates. You only share the public key and set it as trusted on the client side. There is no certificate involved.

However it is true that many devices create their own (self-signed) certificates. Moreover, some devices have a full "PKI" for managing user accounts and internal keys (root CA, intermediate CA, user certificates, keys and certificates for unlock some internal functions, etc.). Thats why the question is very hard to answer without knowing what exactly the author has in mind.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39711326
Correct, pedantic and correct. They use KEYS, self-generated keys :) But the principals are nearly the same, except for the trust/signing portion. The keys can be pre-shared like certificates do with the root cert's in your OS and browser, or you can merely accept them when you first connect, and trust them that way.
-rich
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Join & Write a Comment

Defense in depth is one of the most important security principles that no one disagrees with, it simply states that IT security must be handled at different layers without neglecting any of them relying on other or others.  If I tried to clarify the…
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now