Microsoft® Windows® Security Resource Kit, Second Edition

When you deploy Certificate Services, threats exist to CAs on the network. These include the following:

Compromise of a CA’s key pair
Attacks against servers hosting certificate revocation lists (CRLs) and CA certificates
Attempts to modify the CA configuration
Attempts to modify certificate templates
Attacks that disable CRL checking
Addition of nontrusted CAs to the trusted root CA store
Issuance of fraudulent certificates
Publication of false certificates to the Active Directory directory service
Compromise of a CA by a single administrator
Unauthorized recovery of a user’s private key from the CA database

If attackers can gain access to a CA’s private key, they can build a replica of ...

Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Microsoft® Windows® Security Resource Kit, Second Edition by Ben Smith, Brian Komar, The Microsoft Security Team