Enhanced Key Usage

The tale of Enhanced Key (mis)Usage

One of the commonly recommended solutions to increase the security of user accounts in the on-premise Active Directory is to require two-factor authentication using Smart Cards. Not everyone knows that Windows Smart Card implementation has undergone a significant change years ago that has not been clearly reflected in the publicly available documentation. Since Public Key Infrastructure (PKI) security is not a typical piece of knowledge, therefore many enterprises may be at risk.

Read more
Protect yourself from malicious PKI administrator

Protect Yourself From Malicious PKI Administrator – Role Separation In PKI

Let’s start with some theoretical background about public key role separation. An important step in designing and implementing our public infrastructure is that reminding the groups or users who will manage it, and here, I would like to point out that we should always use active director groups when we are talking about security managing certification authorities that are member of active director, because it is much easier from management perspective. This design step determines the security of your public infrastructure, so please don’t treat it lightly.

Read more