Managing Public Key Infrastructure in the Enterprise Published June 2014 The following content may no longer reflect Microsoft’s current position or infrastructure. This content should be viewed as reference documentation only, to inform IT business decisions within your own company or organization. All organizations that exchange information over the Internet are susceptible to attack from malicious users. Electronic credentials that prove identity are a critical part of security measures. Microsoft IT has developed recommendations to help other enterprises design and protect an infrastructure that supports these credentials. Executive Overview Cyberattacks against enterprise organizations have become ubiquitous and sophisticated. Threats to the confidentiality, integrity, and availability of sensitive business data rise as employees, suppliers, partners, and customers share an increasing amount of information at a global scale. These threats require organizations to develop methods to provide security for their information. PKIs deliver a way to prove identity in the online world. They provide security mechanisms for the exchange of information over nonsecure networks. They can prove that data hasn't been tampered with, which is critical in conducting online transactions. It's important for organizations to take measures that will help protect their PKIs. Situation Many organizations deploy a Public Key Infrastructure (PKI) to support critical business functions, such as strong authentication of users for remote access or for helping to protect access to sensitive data. Attacking a PKI infrastructure is typically not the end goal of attackers. But compromising a PKI can provide attackers with credentials that they can use to gain further access. Security of the systems and processes that compose a PKI is an important consideration in the design and deployment of a PKI. Solution Whether you're operating an existing PKI or planning to deploy a new PKI in your environment, Microsoft IT has developed recommendations that can help you provide basic security controls for key business processes. The recommendations include specific approaches along with general guidance to keep in mind when you're considering the threats in your environment. Planning a CA Hierarchy Deciding on what type of certification authority (CA) hierarchy to implement (one tier, two tier, or three tier) is one of the first decisions that you need to make. When you're designing your CA 2 | Securing Public Key Infrastructure hierarchy, consider your long-term business goals, as well as your business needs in the near term (12–18 months). It's possible to overcomplicate your PKI by trying to plan for every possible use case. Providing Physical Controls Malicious physical access to a system will inevitably lead to compromise. Before you deploy PKI systems, identify the key physical security controls that those systems will need, based on the impact that a compromise would have to your business. Recommendations include: Keep PKI assets separate from general computing assets (for example, separate locked rack, room, and cage). Track and audit physical access to PKI assets. Use strong authentication to physically access PKI assets. Prevent tailgating (one person following another) to sensitive areas where PKI assets are stored. Use alarm systems to detect access to PKI assets. Use camera systems to monitor physical access. Take advantage of existing datacenter security controls where possible (for example, alarms and cameras). Establishing Processes A large portion of the work that's involved with running a successful PKI is establishing repeatable processes that are well documented and consistently followed. The extent that partners, suppliers, and internal customers trust your PKI will determine how formal you need to be in documenting your processes. Your documentation may also have to meet regulatory and compliance requirements. For externally trusted PKIs, a proper Request for Comments (RFC)–compliant certificate policy or Certification Practice Statement (CPS) may be required. If it isn't required, we recommend it. For an internally trusted PKI that isn't ever intended to be trusted outside the company, you should, at a minimum, document your practices for internal reference. For all PKIs, provide adequate training to support staff. Develop change management procedures to ensure that changes are properly scrutinized prior to implementation. For high-impact deployments, develop a PKI Policy Authority to govern the PKI and approve any changes to the policy. For highimpact PKIs, create key ceremony documents when you create new CA keys. These documents can provide an auditable trail to show that the keys were generated according to your policy. Providing Technical Controls It's important to treat PKI systems as critical systems and deploy strong technical controls to help protect them from unauthorized access. As with other critical systems, you should implement hardened baselines and strict management access for them. Give special consideration to PKI systems that are always kept offline. Implement controls for offline systems so that they are never brought online and don't have malicious software introduced to them. Additional recommendations include: Eliminate unnecessary services and software that are running on CAs. Restrict access to Internet content. Restrict access to PKI systems by using proper configuration settings and techniques. Delegate PKI tasks to limit the need for privileged accounts. Use network isolation and firewalls as appropriate. Secure certificate templates and control the use of user-specified alternative names. Planning Certificate Algorithms and Usages 3 | Securing Public Key Infrastructure Another key decision in PKI design is the suite of cryptographic algorithms to use, and the length of time that certificates are valid for. Advances in computing capabilities and cryptographic research continue to show that cryptographic algorithms have a finite lifespan. Ensure that you select the strongest cryptographic algorithms that are possible for your environment. Be aware of potential compatibility issues between operating systems and cryptographic software packages. After you select the proper algorithms, ensure that the attributes that you allow in your certificates enable only the intended usages and do not expose your organization to misuse of issued certificates. Selection of proper algorithms will help ensure that data and processes have the best possible chance of remaining secure for their useful life. Additional recommendations for planning for cryptographic algorithms and certificate usages include: Constrain issuing CAs to limit the impact of a CA compromise. Carefully determine the required extended key usages and grant only the usages that the use case requires. Use key generation and hash algorithms that are comparable in strength. Storing and Managing Keys and Artifacts A primary security control in a PKI is how private keys are stored and managed, particularly for CAs. Additionally, a well-run PKI will require the storage of several artifacts, such as hardware security module (HSM) activation cards or tokens, backup files, and documents. Improper storage of these artifacts can lead to the compromise of the entire PKI, without an attacker ever having to compromise a CA system. Recommendations for helping to protect CA keys and PKI assets include: Use HSMs for CAs, especially high-impact CAs. Use multiple-person control for access to high-impact keys, such as root CAs. Store PKI artifacts, such as HSM tokens and backups, in locations that have sufficient security measures. Use tamper-evident containers to store sensitive artifacts. Maintain a chain of custody for sensitive artifacts. Maintain an inventory of all sensitive artifacts and their locations. Monitoring A key component of any PKI security plan is ongoing monitoring of the infrastructure and supporting processes. With critical systems such as a CA, it's vital to collect the right information and have appropriate alerting and review processes in place so that if an issue occurs, it can be properly investigated. Treat CAs as a high-value systems and monitor them closely for suspicious activity. Monitor the following PKI-specific conditions: Changes to critical security groups that control access to the PKI Changes to account attributes for users who have privileged access to the PKI (for example, userPrincipalName and userAccountControl) Changes to certificate templates Changes to CA security settings Suspicious use of service accounts that have permission to enroll for others, or enroll for sensitive templates (for example, smart-card management system account or Network Device Enrollment Services account) Physical access events, such as opening a server rack, entering a cage, or accessing a safe 4 | Securing Public Key Infrastructure When creating a PKI monitoring plan, Microsoft IT took advantage of the built-in event mechanisms in Windows. These mechanisms include enabling Active Directory Certificate Services (AD CS) auditing, configuring the CA audit filter properly, and auditing specific registry values. Developing a Compromise Response As with any other critical piece of infrastructure, it's vital to have a plan of action in the event of a PKI compromise. Unfortunately, there is no standard formula for what to do when a PKI is compromised or presumed compromised. Depending on the type and severity of the compromise, you may have several response options. Each option has its own positive and negative attributes. The main types of compromise are: Full key compromise. The attacker has a copy of the private key and can sign anything that he or she wants. Full key access. The attacker has access to the private key such that the CA does not have sufficient information to determine the set of certificates that must be revoked. Limited key access. The attacker has access to an issuance system, but the system has full records of the unauthorized certificate that was issued. Other attack. An attack such as denial of service, theft of HSM without access tokens, or partial sets of HSM access tokens has occurred. When you're planning for compromise, ensure that you understand what relying parties and systems depend on the PKI. That way, any changes that you introduce will cause minimal interruption. Conclusion If a PKI is properly implemented, it becomes a foundational component for building effective security controls for information systems. A PKI plays a critical role in the protection of sensitive business data and is an enabling technology that helps promote the security of electronic business and electronic commerce. No IT infrastructure is immune from attack. However, implementing appropriate policies, procedures, and technical controls can limit the extent of a compromise and help keep critical systems, such as a PKI, protected. This article is a brief look at Microsoft IT’s best practices which are fully explained here: "Securing Public Key Infrastructure (PKI) For more information: http://aka.ms/securingpkidl. http://www.microsoft.com http://www.microsoft.com/microsoft-IT For more information about Microsoft products or services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Order Centre at (800) 933-4750. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information via the World Wide Web, go to: © 2014 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY