Ba za a iya amincewa da masu amfani ba. Ga mafi yawancin, suna da kasala kuma suna zaɓar ta'aziyya maimakon tsaro. Dangane da kididdiga, 21% suna rubuta kalmomin shiga don asusun aiki akan takarda, 50% suna nuna kalmar sirri iri ɗaya don aiki da sabis na sirri.
Mahalli kuma yana da gaba. Kashi 74% na ƙungiyoyi suna ba da izinin kawo na'urorin sirri don aiki kuma a haɗa su zuwa cibiyar sadarwar kamfani. Kashi 94% na masu amfani ba za su iya bambance ainihin imel ɗin daga mai phishing ba, 11% an danna haɗe-haɗe.
Duk waɗannan matsalolin ana magance su ta hanyar haɗin gwiwar maɓalli na jama'a (PKI), wanda ke ba da ɓoyewa da tantance saƙo, kuma yana maye gurbin kalmomin shiga da takaddun shaida na dijital. Ana iya haɓaka wannan kayan aikin akan Windows Server. Bisa lafazin
Amma maganin Microsoft yana da tsada sosai.
Jimlar Kudin Mallaka don Hukumar Takaddun Shaida ta Keɓaɓɓu daga Microsoft
Kwatanta farashin mallakar Microsoft CA da GlobalSign AEG.
A cikin yanayi da yawa, ya fi dacewa da rahusa don ƙirƙirar ikon takaddun shaida iri ɗaya, amma tare da sarrafa waje. GlobalSign Auto Enrollment Gateway (AEG) yana magance daidai wannan matsalar. An cire layukan tsada da yawa daga jimlar farashin mallakar (siyan kayan aiki, farashin tallafi, horar da ma'aikata, da sauransu). Ajiye na iya wuce gona da iri
Menene AEG
AEG yana haɗawa tare da Active Directory, yana bawa ƙungiyoyi damar sarrafa rajista, samarwa da sarrafa takaddun dijital na GlobalSign a cikin yanayin Windows. Ta hanyar maye gurbin CA na ciki tare da ayyukan GlobalSign, kamfanoni suna haɓaka tsaro da rage farashin sarrafa hadadden Microsoft CA na ciki mai tsada.
GlobalSign SaaS Certificate Services zaɓi ne mafi amintaccen zaɓi fiye da rarrauna da takaddun shaida mara sarrafa kan kayan aikin ku. Kawar da buƙatun sarrafa kayan aiki na ciki CA yana rage jimillar kuɗin mallakar PKI da kuma haɗarin gazawar tsarin.
Taimako don ka'idojin SCEP da ACME yana ƙara tallafi fiye da Windows, gami da bayar da takaddun shaida ta atomatik don sabar Linux, wayar hannu, cibiyar sadarwa da sauran na'urori, da kuma kwamfutocin Apple OSX masu rijista a Active Directory.
Ingantaccen tsaro
Baya ga tanadin kasafin kuɗi, sarrafa PKI na waje yana inganta tsaro na tsarin. Kamar yadda aka gani a cikin binciken rukunin Aberdeen, maharan suna ƙara kai hari kan takaddun shaida, waɗanda suka yi nasarar yin amfani da lahani da aka sani kamar su takaddun shaida mai rauni, raunin ɓoyewa da hanyoyin sokewa. Bugu da kari, maharan sun ƙware mafi nagartattun ayyuka, kamar bayar da takaddun shaida na zamba daga amintattun CAs da ƙirƙira takaddun sa hannu na lamba.
"Yawancin kamfanoni ba su da himma wajen tafiyar da hadurran da ke tattare da waɗannan hare-haren kuma ba su shirya yin gaggawar mayar da martani ga cinikin,"
Ta yaya AEG ke aiki?
Tsarin AEG na yau da kullun ya haɗa da maɓalli guda huɗu don tabbatar da cewa an ƙaddamar da ingantattun takaddun shaida zuwa wuraren samun dama daidai:
- AEG software akan uwar garken Windows.
- Sabar Directory Active ko masu kula da yanki waɗanda ke ba masu gudanarwa damar sarrafa da adana bayanai game da albarkatu.
- Ƙarshen Ƙarshen: masu amfani, na'urori, sabar da wuraren aiki - kusan duk wani mahaluƙi da ke "masu amfani" na takaddun shaida na dijital.
- GlobalSign Certificate Authority ko GCC, wanda ke zaune a saman amintaccen bayar da takaddun shaida da dandamalin gudanarwa. Anan ne ake samar da takaddun shaida.
Uku daga cikin abubuwan guda huɗu da aka nuna suna kan-gida a abokin ciniki, kuma na huɗu yana cikin gajimare.
Na farko, an riga an saita wuraren ƙarshen ta amfani da manufofin rukuni: misali, tabbatar da takaddun shaida don tabbatar da mai amfani, buƙatar S/MIME don takaddun shaida, da sauransu, don haɗin gaba zuwa uwar garken AEG. Haɗin yana amintacce ta HTTPS.
Sabar AEG tana buƙatar Active Directory ta hanyar LDAP don samun jerin samfuran takaddun shaida don waɗannan wuraren ƙarshen, kuma suna aika jerin ga abokan ciniki tare da wurin da ikon takaddun shaida. Bayan karɓar waɗannan ƙa'idodin, ƙarshen ƙarshen suna haɗi zuwa uwar garken AEG, wannan lokacin don buƙatar ainihin takaddun shaida. AEG kuma yana ƙirƙirar kiran API tare da ƙayyadaddun sigogi kuma aika shi zuwa GlobalSign Certificate Authority ko GCC don sarrafawa.
A ƙarshe, GCC backend yana aiwatar da buƙatun, yawanci a cikin ƴan daƙiƙa kaɗan, kuma yana aika da amsa ga API tare da takardar shaidar da za a shigar akan ƙarshen buƙatun.
Gabaɗayan tsarin yana ɗaukar ƴan daƙiƙa kaɗan kuma ana iya sarrafa shi gabaɗaya ta hanyar daidaita wuraren ƙarewa don samun takaddun shaida ta atomatik ta amfani da manufofin rukuni.
Musamman AEG Features
- Kuna iya yin rajista ta hanyar dandalin MDM.
- Tsoffin ma'aikata ne suka haɓaka daga ƙungiyar Microsoft Crypto.
- Maganin mara amfani.
- Sauƙaƙe aiwatarwa da sarrafa rayuwar rayuwa.
Misalai na gine-gine
Don haka, sarrafa PKI na waje ta hanyar GlobalSign AEG ƙofar yana nufin haɓaka tsaro, ajiyar kuɗi da rage haɗari. Wani fa'ida shine sauƙin haɓakawa da haɓaka aiki. Gudanar da PKI da ya dace yana tabbatar da dogon lokaci, yana kawar da katsewar ayyuka masu mahimmanci saboda takaddun shaida, kuma yana ba wa ma'aikata nesa, amintaccen damar shiga hanyoyin sadarwar kamfani.
GlobalSign shine jagora na duniya wajen samar da girgije da kuma hanyar sadarwa ta PKI da hanyoyin samun damar gudanarwa. Don ƙarin cikakkun bayanai game da samfuran, tuntuɓi
source: www.habr.com