Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
xuất bản mỗi 26 tuần với một chồng lên nhau 2 tuần. CRLs Delta bị vô hiệu hóa. Chữ ký riêng biệt phải được cho phép trong chính sách chứng chỉ CA để cho phép việc sử dụng các thuật toán CNG băm và ký giấy chứng nhận. CA chính sách sẽ sử dụng thuật toán SHA256 hash. | Chapter 9 Securing a CA Hierarchy 203 Online CAs must audit all security events at the CA except the starting and stopping of Certificate Services. For offline CAs all security events must be audited at the CA. To allow ongoing issuance of certificates in the event of component failure issuing CAs must not have a single point of failure. CA Name City Power and Light Root CA CA Validity period 20 Years CA Name City Power and Light Policy CA CA Validity Period 10 Years CA Name City Power and Light Eastern Infrastructure CA CA Validity Period 5 Years CA Name City Power and Light Eastern Employee CA CA Validity Period 5 Years CA Name City Power and Light Western Infrastructure CA CA Validity Period 5 Years CA Name City Power and Light Western Employee CA CA Validity Period 5 Years Figure 9-10 The City Power and Light CA hierarchy Case Study Questions 1. If you were to script the configuration of auditing settings for the offline CAs what command would you include in the script to meet the auditing requirements 2. What command is required to meet the audit setting requirements for the online CAs 204 Part II Establishing a PKI 3. Can you meet the security requirements for the CA hierarchy by implementing either a software-based CSP or a smart-card CSP Why or why not 4. Can you use dedicated HSMs at each CA in the hierarchy and meet the design requirements What are the drawbacks to this approach if it is possible 5. Can you use network-attached HSMs at each CA in the CA hierarchy and meet the design requirements What are the drawbacks to this approach if it is possible 6. If you wanted to implement network-attached HSMs for the issuing CAs in the CA hierarchy how many network-attached HSMs would you recommend to City Power and Light Additional Information Microsoft Official Curriculum Course 2821 Designing and Managing a Windows Public Key Infrastructure http www.microsoft.com traincert syllabi 2821afinal.asp Microsoft Windows Security Resource Kit http www.microsoft.com