Was a Smart Card Used for Logon?

Hello All, This has been discussed before and it recently hit my desk again.  Though the information is out there it seems most of it is a bit dated, circa 2007 and 2012.  The preferred method (for the majority) is to search the security event logs on domain controllers to make this determination and/or provide smart card usage…


MSFT OCSP Responder + New DoD Configs!

Hello All, wanted to jump in with a quick post on updating the Microsoft OCSP revocation providers for some new DoD certificate authorities that have been commissioned.  This is based on my post a while back on setting up our OCSP responder with DoD configurations here.  There are roughly about 20 or so new revocation configurations that…


MIM-CM 2016 + Virtual Smart Card Modern App Part I

Hello All and Happy New Year!  I hope everyone is recharged from a most excellent holiday season!  I'm back with another security focused topic, virtual smart cards and also taking a look at MIM CM 2016 to life cycle the credential.  The threat landscape today is more fluid and dynamic then ever before and organizations are…


Suite B Public Key Infrastructure Part III

Hey everyone, I'm back to grinding it out again! Here's another one for your "suite-tooth."  We've covered installing and configuring a Suite B Offline Root CA, and also issuing end-entity key agreement and digital signature certificates in accordance with RFC 5759 from an offline Root CA.  Let's go over the scenario of a two tier suite B…


Suite B Public Key Infrastructure Part II

Hello all, hopefully it was a good week in IT!  Lots going on this week in the field; most notably the Surface Pro 3 UEFI update that Ty posted about earlier!  This is certainly a welcome addition, especially for those who don’t seem to have good luck pxe-booting the SP3 or who are doing lots…


Suite B Public Key Infrastructure Part I

I hope everyone out there is gearing up for an excellent week!  Now then, the first order of business here on the blog is to get going on a quick post about commissioning a Server 2012 R2 offline root certificate authority in accordance with RFC 5759 (NSA Suite B cryptography).  Folks that operate in the…