Term
|
Definition
| Security procedure in which a client application automatically issues a certificate enrollment request and sends it to a certification authority (CA), after which the CA then evaluates the request and issues or denies a certificate. When everything works properly, the entire process is invisible to the end user. |
|
|
Term
| certificate revocation list (CRL) |
|
Definition
| Document maintained and published by a certification authority that lists certificates that have been revoked. |
|
|
Term
|
Definition
| Sets of rules and settings that define the format and content of a certificate based on the certificate’s intended use. |
|
|
Term
| certification authority (CA) |
|
Definition
| Software component or a commercial service that issues digital certificates. Windows Server 2008 includes a CA as part of the Active Directory Certificate Services role. |
|
|
Term
| Challenge Handshake Authentication Protocol (CHAP) |
|
Definition
| Authentication protocol that uses MD5 hashing to encrypt user passwords, but does not support the encryption of connection data. The passwords it uses must also be stored in a reversibly encrypted format. As a result, CHAP provides relatively weak protection when compared to MS-CHAPv2. |
|
|
Term
| Cryptographic Service Provider (CSP) |
|
Definition
| indows Server 2008 component that generates public and private encryption keys for certificate requests. |
|
|
Term
|
Definition
| Shorter lists of certificates that have been revoked since the last full certificate revocation list was published. |
|
|
Term
|
Definition
| Electronic credential issued by a certification authority (CA) that confirms the identity of the party to which it is issued. |
|
|
Term
|
Definition
| Process by which a client requests a certificate and a certification authority generates one. |
|
|
Term
|
Definition
| Certification authority that is integrated into the Windows Server 2008 Active Directory environment. |
|
|
Term
|
Definition
| Component used by a certification authority to determine how it should make new certificates available to their applicants. |
|
|
Term
| Extensible Authentication Protocol (EAP) |
|
Definition
| Shell protocol that provides a framework for the use of various types of authentication mechanisms. |
|
|
Term
| Extensible Authentication Protocol—Transport Level Security (EAP-TLS) |
|
Definition
| Authentication method that enables a server to support authentication with smart cards or other types of digital certificates. |
|
|
Term
|
Definition
| Certification authorities that do not issue certificates to end users or computers; they issue certificates only to other subordinate CAs below them in the certification hierarchy. |
|
|
Term
|
Definition
| Certification authorities that provide certificates to end users and computers. |
|
|
Term
| Layer 2 Tunneling Protocol (L2TP) |
|
Definition
| Virtual private networking protocol that relies on the IP security extensions (IPSec) for encryption. |
|
|
Term
| Microsoft Challenge Handshake Authentication Protocol Version 2 (MS-CHAPv2) |
|
Definition
| Authentication protocol that uses a new encryption key for each connection and for each direction in which data is transmitted. MS-CHAPv2 is the strongest password-based authentication method supported by Windows Server 2008 Remote Access and is selected by default. |
|
|
Term
| Password Authentication Protocol (PAP) |
|
Definition
| Least secure of the authentication protocols supported by Windows Server 2008 because it uses simple passwords for authentication and transmits them in clear text. |
|
|
Term
| Point-to-Point Protocol (PPP) |
|
Definition
| Data-link layer protocol used by Windows computers for remote access connections. |
|
|
Term
| Point-to-Point Tunneling Protocol (PPTP) |
|
Definition
| Virtual private networking protocol that takes advantage of the authentication, compression, and encryption mechanisms of PPP, tunneling the PPP frame within a Generic Routing Encapsulation (GRE) header and encrypting it with Microsoft Point-to-Point Encryption (MPPE), using encryption keys generated during the authentication process. |
|
|
Term
|
Definition
| Set of rules that a certification authority uses to determine whether it should approve the request, deny it, or mark it as pending for later review by an administrator. |
|
|
Term
|
Definition
| Authentication protocol that uses Transport Level Security (TLS) to create an encrypted channel between a wireless client and an authentication server. The use of PEAP is not supported for remote access clients in Windows Server 2008. |
|
|
Term
| public key infrastructure (PKI) |
|
Definition
| Security relationship in which participants are issued two keys: public and private. The participant keeps the private key secret, while the public key is freely available in the digital certificate. Data encrypted with the private key can be decrypted only using the public key, and data encrypted with the public key can be decrypted only using the private key. |
|
|
Term
| Remote Authentication Dial In User Service (RADIUS) |
|
Definition
| Centralized authentication service frequently used in organizations with multiple remote access servers. |
|
|
Term
|
Definition
| Parent certification authority that issues certificates to the subordinate CAs beneath it. If a client trusts the root CA, it must also trust all of the subordinate CAs that have been issued certificates by the root CA. |
|
|
Term
| Secure Socket Tunneling Protocol (SSTP) |
|
Definition
| New virtual private networking protocol in Windows Server 2008 and Windows Vista that encapsulates PPP traffic using the Secure Sockets Layer (SSL) protocol. |
|
|
Term
|
Definition
| Certification authority that does not use certificate templates or Active Directory. It stores its information locally. |
|
|
Term
|
Definition
| Certification authority that has been issued a certificate by a root CA, which stands above it in the certification hierarchy. |
|
|
Term
|
Definition
| In a certification authority (CA) hierarchy, what enables clients that trust the root CA to also trust certificates issued by any other CAs subordinate to the root. |
|
|
Term
| virtual private network (VPN) |
|
Definition
| Technique for connecting to a network at a remote location using the Internet as a network medium. |
|
|
Term
|
Definition
| Process by which clients submit certificate enrollment requests to a CA and receive the issued certificates using a Web site created for that purpose. |
|
|
