• On All Site
  • Text Pages
  • Catalogue
  • News
  • News
    • Company news
    • IT news
  • About company
    • Company mission
    • Company structure
    • Team
    • Licenses and Certificates
    • Why our company
  • Services
    • DS Certification Authority
    • Custom Development
      • Software development
      • Hardware development
    • Consulting
    • Research
    • IT-outsourcing
  • Products
    • TOP 3
      • Social Card
      • Smart Reader Platform
      • PAC Crypto Readers
    • Software products
      • Secure Virtual Drive
      • Crypto Library
      • CryptoPhone
      • CryptoIM
    • Hardware products
      • IP-encryptor
      • cmToken
      • GOST Key Keeper
  • On-line Shop
    • Job opportunities
      • Open positions
      • Technologies
    • Contacts
      News Sections
      Company news
      IT news
      News Archive
      2009
      January (6)
      March (1)
      May (1)
      July (1)
      September (1)
      February (4)
      April (2)
      June (1)
      August (2)
      November (1)
      2008
      December (2)
      News posting
      Company news
      IT news
      Подписаться
      IT news
      When does it make sense to use a certificate authority on an internal network?
      2 November 2009

      While we have to use certificates, most applications will create a self-signed certificate. This is not a good practice at all, however. When do you decide to use a certificate authority (CA) server on your own network?

      This is a complicated question, but I will share some points that I have learned along the road about when it makes sense to install a local certificate authority. In many situations, people deploy the Windows Active Directory Certificate Services role. Having centralized management with Group Policy is a requirement to scale the reach of the policies to many users and computers. One trick is to deploy certificates through Group Policy, which is especially helpful with device certificates.

      One of the best examples is to configure a wireless network to require a computer (or device) certificate for access. This removes the risk of passing around passwords for accessing wireless networks. This would be applicable for organizations wishing to provide wireless access in an office setting to designated systems, instead of providing public access or using passwords.

      Having a CA in place can also address the friendly reminders from Internet Explorer’s certificate warning messages. If the local CA certificates are trusted on the domain, replacing self-signed certificates can make a much more pleasant experience for internal users.

      A certificate can also be the second factor for VPN access. If the VPN access policy checks for the device certificate on the computer in question, then that can be the additional factor outside of a username and password. Having multifactor authentication, of course, is much more secure than simply using a username and password (single factor), and having the computer certificate managed by authoritative policy allows additional protection.

      Installing a CA won’t help in every situation, however. Any external-facing systems won’t benefit from using the certificates created with the internal solution, even if they are located on the internal network and serve content to the external networks. This can include Web services or anything that uses secure socket layer (SSL) communication.

      What criteria do you use to determine if you need to start hosting a CA? Share your comments below.

      From: TechRepublic.

      ← Back
      -- -- - - - - - - -- - - - - -- - -- - - - - - -- - -- - - - - - - - - -- ------------ ---- -- - -- - - - - -- - - -- - - -- - - - - -- - -- - - - - - - -- - - - - -- -- --- -- --- -- --
      NewsAbout companyServicesProductsOn-line ShopJob opportunitiesContacts
      Copyright © 2009 Cryptomach LTD. All rights reserved.
      Development: Rireg.net