Review: PKI Uncovered Certificate-Based Security Solutions for Next-Generation Networks

I am currently reading the Cisco Press book, PKI Uncovered Certificate-Based Security Solutions for Next-Generation Networks, so far this is one of the better books I have seen on Certificates and PKI, this book includes topics on how to design your Public Key Infrastructure (PKI), implementation tips, and other great knowledge no network administrator should be without.

The book goes through how to use certificates for authentication / authorization in various VPN types (GET, DMVPN, IPsec, WebVPN, etc). Should you find yourself managing a Cisco network, that would need to be able to scale to meet the demands of company growth, certificates are one of the best (only?) solutions. This combined with external authentication technologies, like RADIUS and TACACS+ make scaling your deployment a lot easier, especially if you add external authentication from first deployment.

Company growth isn’t the only reason to integrate your VPNs with your PKI. Administration is another big advantage of using certificates over other authentication methods. Certificates allow you to make use of Online Certificate Status Protocol (OSCP) servers and Certificate Revocation List (CRL) to help manage certificates. Certificates also have expiration dates, which enforces the changing of encryption keys (most of this can be automated), we all change our static pre-shared keys on a regular basis don’t we?

Another great publication by Cisco Press, if you enjoy other Cisco Press books, you should enjoy this book.

Even though I have just about every book on the CCIE Security recommended reading list, I am still waiting to get my hands on the new CCNP Security certification books.

May 8th, 2011 • Posted in Review
No comments yet.

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>