Term
|
Definition
Security procedure in which a client application automatically issues a certificate enrollment request and sends it to a certification authority (CA), after which the CA then evaluates the request and issues or denies a certificate. When everything works properly, the entire process is invisible to the end user. |
|
|
Term
certificate revocation list (CRL) |
|
Definition
Document maintained and published by a certification authority that lists certificates that have been revoked. |
|
|
Term
|
Definition
Sets of rules and settings that define the format and content of a certificate based on the certificate’s intended use. |
|
|
Term
certification authority (CA) |
|
Definition
Software component or a commercial service that issues digital certificates. Windows Server 2008 includes a CA as part of the Active Directory Certificate Services role. |
|
|
Term
Challenge Handshake Authentication Protocol (CHAP) |
|
Definition
Authentication protocol that uses MD5 hashing to encrypt user passwords, but does not support the encryption of connection data. The passwords it uses must also be stored in a reversibly encrypted format. As a result, CHAP provides relatively weak protection when compared to MS-CHAPv2. |
|
|
Term
Cryptographic Service Provider (CSP) |
|
Definition
indows Server 2008 component that generates public and private encryption keys for certificate requests. |
|
|
Term
|
Definition
Shorter lists of certificates that have been revoked since the last full certificate revocation list was published. |
|
|
Term
|
Definition
Electronic credential issued by a certification authority (CA) that confirms the identity of the party to which it is issued. |
|
|
Term
|
Definition
Process by which a client requests a certificate and a certification authority generates one. |
|
|
Term
|
Definition
Certification authority that is integrated into the Windows Server 2008 Active Directory environment. |
|
|
Term
|
Definition
Component used by a certification authority to determine how it should make new certificates available to their applicants. |
|
|
Term
Extensible Authentication Protocol (EAP) |
|
Definition
Shell protocol that provides a framework for the use of various types of authentication mechanisms. |
|
|
Term
Extensible Authentication Protocol—Transport Level Security (EAP-TLS) |
|
Definition
Authentication method that enables a server to support authentication with smart cards or other types of digital certificates. |
|
|
Term
|
Definition
Certification authorities that do not issue certificates to end users or computers; they issue certificates only to other subordinate CAs below them in the certification hierarchy. |
|
|
Term
|
Definition
Certification authorities that provide certificates to end users and computers. |
|
|
Term
Layer 2 Tunneling Protocol (L2TP) |
|
Definition
Virtual private networking protocol that relies on the IP security extensions (IPSec) for encryption. |
|
|
Term
Microsoft Challenge Handshake Authentication Protocol Version 2 (MS-CHAPv2) |
|
Definition
Authentication protocol that uses a new encryption key for each connection and for each direction in which data is transmitted. MS-CHAPv2 is the strongest password-based authentication method supported by Windows Server 2008 Remote Access and is selected by default. |
|
|
Term
Password Authentication Protocol (PAP) |
|
Definition
Least secure of the authentication protocols supported by Windows Server 2008 because it uses simple passwords for authentication and transmits them in clear text. |
|
|
Term
Point-to-Point Protocol (PPP) |
|
Definition
Data-link layer protocol used by Windows computers for remote access connections. |
|
|
Term
Point-to-Point Tunneling Protocol (PPTP) |
|
Definition
Virtual private networking protocol that takes advantage of the authentication, compression, and encryption mechanisms of PPP, tunneling the PPP frame within a Generic Routing Encapsulation (GRE) header and encrypting it with Microsoft Point-to-Point Encryption (MPPE), using encryption keys generated during the authentication process. |
|
|
Term
|
Definition
Set of rules that a certification authority uses to determine whether it should approve the request, deny it, or mark it as pending for later review by an administrator. |
|
|
Term
|
Definition
Authentication protocol that uses Transport Level Security (TLS) to create an encrypted channel between a wireless client and an authentication server. The use of PEAP is not supported for remote access clients in Windows Server 2008. |
|
|
Term
public key infrastructure (PKI) |
|
Definition
Security relationship in which participants are issued two keys: public and private. The participant keeps the private key secret, while the public key is freely available in the digital certificate. Data encrypted with the private key can be decrypted only using the public key, and data encrypted with the public key can be decrypted only using the private key. |
|
|
Term
Remote Authentication Dial In User Service (RADIUS) |
|
Definition
Centralized authentication service frequently used in organizations with multiple remote access servers. |
|
|
Term
|
Definition
Parent certification authority that issues certificates to the subordinate CAs beneath it. If a client trusts the root CA, it must also trust all of the subordinate CAs that have been issued certificates by the root CA. |
|
|
Term
Secure Socket Tunneling Protocol (SSTP) |
|
Definition
New virtual private networking protocol in Windows Server 2008 and Windows Vista that encapsulates PPP traffic using the Secure Sockets Layer (SSL) protocol. |
|
|
Term
|
Definition
Certification authority that does not use certificate templates or Active Directory. It stores its information locally. |
|
|
Term
|
Definition
Certification authority that has been issued a certificate by a root CA, which stands above it in the certification hierarchy. |
|
|
Term
|
Definition
In a certification authority (CA) hierarchy, what enables clients that trust the root CA to also trust certificates issued by any other CAs subordinate to the root. |
|
|
Term
virtual private network (VPN) |
|
Definition
Technique for connecting to a network at a remote location using the Internet as a network medium. |
|
|
Term
|
Definition
Process by which clients submit certificate enrollment requests to a CA and receive the issued certificates using a Web site created for that purpose. |
|
|