Microsoft® Windows® Security Resource Kit, Second Edition

Securing Certificate Services

To prevent the likelihood of these threats, you can take the following measures:

Implement physical security measures.
Implement logical security measures.
Modify CRL and CA certificate publication points.
Enable CRL checking in all applications.
Manage permissions of certificate templates.
Implement role separation.

Implementing Physical Security Measures

Physical security measures prevent attackers from gaining physical access to the computer running Certificate Services. When an attacker gains physical access to a computer, any number of attacks can take place. Physical security measures can include the following:

Creating a three-tier hierarchy that deploys the root CA and the second-level CAs (also referred to ...

Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft® Windows® Security Resource Kit, Second Edition by Ben Smith, Brian Komar, The Microsoft Security Team

Securing Certificate Services

Implementing Physical Security Measures

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly