PKI Uncovered: Certificate-Based Security Solutions for Next-Generation Networks

Authors: Andre Karamanian, Srinivas Tenneti and Francois Dessart
Pages: 272
Publisher: Cisco Press
ISBN: 1587059169

Introduction

The management of identities and online authentication are two problems to which so far only Public Key Infrastructure (PKI) has managed to give a secure and scalable answer to. This book aims at teaching you how to deploy PKI-based solutions and approaches the issue one step at a time, finally ending with case studies.

About the authors

Andre Karamanian is a security consultant at Cisco Systems and has worked in the field of security for approximately 11 years.

Srinivas Tenneti is an enterprise systems engineer at Cisco who has published design guides, white papers, and presentations on end-to-end security solutions.

Francois Dessart is a security consultant at Cisco’s European Advanced Services organization.

Inside the book

The book starts with a very short chapter named “Crypto Refresh”, which is intended to jog the reader’s memory concerning the basics of encryption technology: core concepts, symmetric and asymmetric encryption (and its advantages and challenges), other crypto functions such as hashes and digital signatures, etc.

Everything is explained very briefly, and will possibly not mean that much to someone who doesn’t know the first thing about encryption. Then again, this book is not meant for beginners.

The authors approach the deploying PKI-based solutions in a layered way. They begin by explaining concepts like certificates, certification and registration authorities, key and certificate storage, and more. What are they? What does a digital certificate look like and what does it mean? What are the role and functions of the various authorities? What are the advantages of the ever-so-popular smart cards?

They proceed by answering questions about how one goes about obtaining a digital certificate, renewing it when it expires, and how certificates are verified and enforced, with a additional chapter dedicated to troubleshooting problems that may arise while implementing these procedures. Helpful flow charts are included, so that the reader can check whether he has unwittingly skipped a step or two.

With all that covered, the reader is ready to take on generic PKI designs and learn how to go about designing flat and hierarchical architectures (with or without chaining). Which type of architecture is fitting for a specific network, why, and how to set it up – these questions are answered very shortly but to the point, with easy to follow step-by-step lists.

After that, the user can learn how to use PKI in conjunction with remote access VPN solutions and how to integrate it into larger site-to-site solutions. These two chapters are considerably longer than the previous ones, and cover the topic thoroughly with screenshots, diagrams and code.

This is a good place to mention that the book doesn’t have to be read from cover to cover. If you know all the theory and are interested in specific ways of PKI implementation feel free to skip to the right chapter – you won’t lose anything by it.

The subjects of identity-based networking and the use of PKI in Unified Communications are also covered. The last two chapters are dedicate to understanding how to deploy VPNs with PKI and establish a virtual office with some Cisco offerings – very specific and very handy if you choose the company’s solutions.

Final thoughts

Extremely technical, this book has a specific goal and a very specific target audience. In some parts it reads almost like a manual, which is very helpful if you are currently tasked with implementing PKI, but doesn’t make for an gripping read if you are only interested in learning the theory behind it.