Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

OPSEC Partners

Microsoft

Product Version Certified: Public Key and Active Directory in Windows 2003 Server
Certified for use with: Check Point Next Generation

Product Description: Microsoft Windows 2003 server contains multiple authentication and directory related technologies, including the following which have been tested with Check Point:

Windows Server 2003 Active Directory presents organizations with an LDAP V3 compliant directory service designed for distributed computing environments. Active Directory allows organizations to centrally manage and share information on network resources and users while acting as the central authority for network security. Active Directory is designed to be a consolidation point for centrally managing, and reducing the number of directories that companies require. In addition to the normal operating mode of Active Directory it can optionally be run as a user service in Active Directory Application Mode (ADAM).

Windows Server 2003 Public Key Infrastructure (PKI) provides an integrated public key infrastructure that enables customers to secure and exchange information with strong security and easy administration across the Internet, extranets, intranets and applications.
 
Key Features and Benefits
OPSEC Integration 		Microsoft
     
Company Description: Microsoft's vision is to empower people through great software - any time, any place and on any device. As the worldwide leader in software for personal and business computing, Microsoft strives to produce innovative products and services that meet our customers' evolving needs.
   
 

 
Key Features and Benefits

Active Directory
A crucial component of the Windows platform, Active Directory provides the means to manage the identities and relationships that make up network environments.

Configuration information for Check Point and Active Directory is found in the standard Check Point documentation. However, configuration information for Check Point and ADAM is available in this guide.

  • Active Directory centrally manages Windows users, clients, and servers through a single consistent management interface, reducing redundancy and maintenance costs.
  • Group Policy allows administrators to define and control the policies governing groups of computers and users within their organization.
  • Active Directory lets developers and administrators extend the directory schema and create new properties and objects. Using the directory as a data store, developers can use this feature to create their own data structures for applications. In addition, users on the network can publish important information in the directory so other users can easily find it.
  • Active Directory is implemented as a native LDAP server and supports DNS naming. No request translation is required to ensure interoperability in extranet environments and e-commerce applications.

Public Key Service
A public key infrastructure, often shortened to PKI, is a system of digital certificates, certification authorities (CAs) and other registration authorities (RAs) that verify and authenticate the validity of each party involved in an electronic transaction through the use of public key cryptography. Microsoft's support for x.509 certificates and other PKI standards ensures interoperability with applications and devices which rely on certificates for communication.

You can use Certificate Services in the Windows® operating system to create a certification authority (CA) which will receive certificate requests, verify the information in the request and the identity of the requester, issue certificates, revoke certificates, and publish a certificate revocation list (CRL). Certificate Services can also be used to:

  • Enroll users for certificates from the CA using the Web or the Certificates Microsoft Management Console (MMC) snap-in, or transparently through autoenrollment
  • Use certificate templates to help simplify the choices a certificate requester has to make when requesting a certificate, depending upon the policy used by the CA
  • Take advantage of the Active Directory® directory service for publishing trusted root certificates, publishing issued certificates, and publishing CRLs
OPSEC Integration

Through the use of the LDAP protocol, VPN-1/FireWall-1 Next Generation administrators can leverage Active Directory as their single authentication and user directory store. Administrators no longer have to maintain separate user databases on the firewall, thus reducing management overhead and significantly improving overall network security within a Microsoft environment.

In addition to LDAP, Check Point also supports X.509-based PKI solutions such as Microsoft's. This combined solution of Microsoft Certificate services and VPN-1 allows customers to easily establish trust relationships between VPN modules.

The VPN-1/FireWall-1 Next Generation products support Microsoft Active Directory and Certificate Services "out of the box" allowing you to take advantage of these features and benefits immediately.