Security Basics mailing list archives
802.1x Design Questions.
From: "Nick Vaernhoej" <nick.vaernhoej () capitalcardservices com>
Date: Tue, 28 Apr 2009 11:16:05 -0500
Good morning, After looking at deploying a Windows Server 2008 based PKI in order for us to implement 802.1x based network access control I have some questions. I feel they are overall pretty basic, but I have not succeeded in locating any documentation that really deals with the basics other than the usual "This is a certificate". 1. What is a proper certificate validity period for user/computer certificates issued by the issuing certificate authority? My thought initially was that a certificate was valid for the duration of "user being logged into active directory". I don't think I was correct. 2. If a certificate has a validity period of one year and users sit at multiple PCs in that one year. Is the user certificate stored on all PCs when the user isn't logged in? If so, is this a concern? 3. Do I need to revoke certificates as users leave the domain? Or is this automated due to the user being removed from active directory? 4. How do you manage endpoints (PCs) for patch deployments etc. when there is no user logged in? Thank you very much Nick This electronic transmission is intended for the addressee (s) named above. It contains information that is privileged, confidential, or otherwise protected from use and disclosure. If you are not the intended recipient you are hereby notified that any review, disclosure, copy, or dissemination of this transmission or the taking of any action in reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please notify the sender that this message was received in error and then delete this message. Thank you. ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- 802.1x Design Questions. Nick Vaernhoej (May 01)
- RE: 802.1x Design Questions. Ken Kousky (May 01)