Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

802.1x Design Questions.

From: "Nick Vaernhoej" <nick.vaernhoej () capitalcardservices com>
Date: Tue, 28 Apr 2009 11:16:05 -0500
Good morning,

After looking at deploying a Windows Server 2008 based PKI in order for
us to implement 802.1x based network access control I have some
questions.
I feel they are overall pretty basic, but I have not succeeded in
locating any documentation that really deals with the basics other than
the usual "This is a certificate".

1. What is a proper certificate validity period for user/computer
certificates issued by the issuing certificate authority?
My thought initially was that a certificate was valid for the duration
of "user being logged into active directory". I don't think I was
correct.

2. If a certificate has a validity period of one year and users sit at
multiple PCs in that one year. Is the user certificate stored on all PCs
when the user isn't logged in? If so, is this a concern?

3. Do I need to revoke certificates as users leave the domain? Or is
this automated due to the user being removed from active directory?

4. How do you manage endpoints (PCs) for patch deployments etc. when
there is no user logged in?

Thank you very much
Nick

This electronic transmission is intended for the addressee (s) named above. It contains information that is privileged, 
confidential, or otherwise protected from use and disclosure. If you are not the intended recipient you are hereby 
notified that any review, disclosure, copy, or dissemination of this transmission or the taking of any action in 
reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please 
notify the sender that this message was received in error and then delete this message.
Thank you.

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: