Securing Certificate Services
To further prevent the likelihood of the different types of threats described previously, you can take the following measures:
Implement physical security measures.
Implement logical security measures.
Implementing Physical Security Measures
Physical security measures prevent attackers from gaining physical access to the computer running Active Directory Certificate Services. When an attacker gains physical access to a computer, any number of attacks can take place. Physical security measures can include the following:
Use off-line CAs. By creating a three-tier hierarchy, the root CA and second-level CAs (also referred to as policy CAs) can be off-line CAs that are not accessible remotely or even turned on. With a two-tier ...
Get Windows Server® 2008 Security Resource Kit now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.