TAILIEUCHUNG - The Best Damn Windows Server 2003 Book Period- P87

The Best Damn Windows Server 2003 Book Period- P87:The latest incarnation of Microsoft’s server product,Windows Server 2003, brings many new features and improvements that make the network administrator’s job chapter will briefly summarize what’s new in 2003 and introduce you to the four members of the Windows Server 2003 family: the Web Edition, the Standard Edition, the Enterprise Edition, and the Datacenter Edition. | 836 Chapter 24 Planning Implementing and Maintaining a Public Key Infrastructure 1. Create an account to be used for key recovery. 2. Create a new template to issue to that account. 3. Request a key recovery certificate from the CA. 4. Have the CA issue the certificate. 5. Configure the CA to archive certificates by using the Recovery Agents tab of the CA property sheet shown in Figure . 6. Create an archive template for the CA. Figure Recovery Agents Tab of the CA Property Sheet Each of these steps requires many substeps but can be well worth the time and effort. It is worth noting again that key recovery is not possible on a stand-alone CA because a standalone cannot use templates. It is also worth noting that only encryption keys can be recovered - private keys used for digital signatures cannot be. Planning CA Security As we have already discussed configuring the root CA as a standalone is probably the most important measure you can take to prevent accidental or intentional tampering. With no network connectivity attacks become virtually impossible as a user would have to log on while sitting at the physical location of the server. Other security considerations are really more a function of general server security - things such as requiring complex passwords implementing file encryption and physically limiting access to the server. In guarding the hierarchy you cannot solely concentrate on the root CA. After all if a subordinate CA is tampered with every entity below it in the PKI hierarchy becomes compromised. Most Planning Implementing and Maintaining a Public Key Infrastructure Chapter 24 837 subordinate CAs are attached to the network. This obviously increases their vulnerability. Beyond securing the network itself by using IPSec and group policies for example there is another part of a standard PKI that helps maintain CA integrity. That part is certificate revocation which we will go into in greater detail shortly. Certificate revocation enables

• Cơ sở dữ liệu
• Phân tích thống kê với máy tính
• bảo mật cơ sở dữ liệu
• cơ sở dữ liệu Mysql
• xử lý tín hiệu
• mô phỏng dữ liệu
• SQL căn bản
• ứng dụng máy tính
• phân tích thống kê
• kiểm định giả thiết thống kê
• quy hoạch tuyến tính
• đồ thị Box
• tính toán thống kê
• phương pháp số văn bản