Contents

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Previous Chapter

Contents at a Glance

Icons Used in This Book

Contents

Part I Core Concepts

Chapter 1 Crypto Refresh

Confidentiality, Integrity, Authenticity, Nonrepudiation

Confidentiality

Authenticity and Nonrepudiation

Symmetric Encryption

Example Algorithm: DES and 3DES

Asymmetric Encryption

Asymmetric Encryption Application: Authentication

Asymmetric Encryption Application: Encryption

Other Crypto Functions

Digital Signatures

Internet Key Exchange (IKE)

Device Configuration: Certificates

Chapter 2 Understanding PKI Building Blocks

Structure and Content

Certification Authority (CA)

Role and Functions

Private Versus Public CAs

Subordinate Certification Authorities (Sub-CA)

Role and Functions

Registration Authority (RA)

Role and Functions

Endpoint Entities: Users and Devices

Role and Functions

Security Considerations

Users Versus Devices

Key and Certificate Storage

Microsoft Windows Certificate Stores

Standards of Interests (ITU-T, PKCS, and ISO)

Chapter 3 PKI Processes and Procedures

Manual Enrollment

SCEP-Based Enrollment

Certificate Expiration and Renewal

Auto-Enrollment

Certificate Verification and Enforcement

Certificate Revocation Lists

Online Certificate Status Protocol

PKI Integration with AAA

Certificate Authority Resiliency

Chapter 4 Troubleshooting

Keying Material Generation

Exportable Keys

Issues When Importing Key Pairs

Enrollment Process

Certificate Use and Validation

Troubleshooting Flow Charts

Part II Design and Solutions

Chapter 5 Generic PKI Designs

Basic Design with Flat CA Architecture

Solution Elements

Hierarchical Architecture

Hierarchical Architecture Without Chaining

Hierarchical Architecture with Chaining

Certificate Chaining

Chapter 6 Integration in Large-Scale Site-to-Site VPN Solutions

How Do VPN Technologies Use PKI as a Service?

IKE Using Digital Certificates

PKI Design and Leading Practices

DMVPN Deployment Models

DMVPN Integration with PKI

DMVPN with Hub-and-Spoke Model

DMVPN Integration with PKI Using a Spoke-to-Spoke Model

DMVPN Migration from Preshared Authentication to Digital Certificates

GETVPN PKI Design and Leading Practices

GETVPN Overview

GET VPN Deployment Models

GETVPN Deployment with Dual Key Servers and Dual Subordinate CAs

PKI Integration with GETVPN

PKI Troubleshooting with VPN Examples

Chapter 7 Integration in Remote Access VPN Solutions

Cisco IPsec VPN Remote Access

Easy VPN Overview

Deploying IPsec VPN Remote Access on the ASA

Certificate Chaining

Cisco VPN Client Using Digital Certificates

SSL VPN Overview

Troubleshooting the AnyConnect Solution

Chapter 8 Using 802.1X Certificates in Identity-Based Networking

EAP-TLS: Certificate-Based 802.1x

Step 1: Enroll ACS in the Certificate Authority

Step 2: Add the CA in the Identity Store

Step 3: Add AD as an External Database

Step 4: Configure a Certificate Authentication Profile

Step 5: Add an Access Service for 802.1x

Step 6: Configure the Access Service Identity Policy

Step 7: Configure Service Selection Rule

Setting Up the Switch for EAP

Chapter 9 PKI in Unified Communications

PKI Concepts in Cisco UC

Manufacturer Installed Certificate (MIC)

Local Certificates

Certificates Distribution

Phone Enrollment

Call Authentication and Encryption

Software and Configuration Security

802.1x and Network Admission Control

ASA TLS Phone Proxy

Phone—ASA TLS Proxy

ASA TLS Proxy—CUCM Server

Part III Case Studies

Chapter 10 Understanding Cisco Virtual Office

CVO PKI Highlights

Chapter 11 Deploying VPNs with PKI Using Cisco Security Manager

Cisco ASA IPsec VPN Remote Access

Easy VPN Overview

Deploying IPsec VPN Remote Access on the ASA Using CSM

Adding the Device into the CSM Domain

Configure Enrollment Options

Configure the Certificate Map

Configure Remote Access VPN

Deploying DMVPN Using CSM

VPN Policy Configuration

GETVPN Deployment Using CSM

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.