ProHoster > Π‘Π»ΠΎΠ³ > Kev tswj hwm > Microsoft's Alternative to a Certificate Authority

Microsoft's Alternative to a Certificate Authority

Cov neeg siv tsis tuaj yeem ntseeg tau. Rau feem ntau, lawv tub nkeeg thiab xaiv kev nplij siab tshaj kev nyab xeeb. Raws li kev txheeb cais, 21% sau lawv cov passwords rau cov nyiaj ua haujlwm ntawm daim ntawv, 50% qhia tib lo lus zais rau kev ua haujlwm thiab kev pabcuam tus kheej.

Ib puag ncig kuj yog hostile. 74% ntawm cov koom haum tso cai rau tus kheej cov cuab yeej coj mus ua haujlwm thiab txuas nrog lub tuam txhab network. 94% ntawm cov neeg siv tsis tuaj yeem paub qhov txawv ntawm email tiag thiab phishing ib qho, 11% tau nyem rau ntawm cov ntawv txuas.

Tag nrho cov teeb meem no tau daws los ntawm lub koom haum pej xeem tseem ceeb (PKI), uas muab kev xa ntawv encryption thiab authentication, thiab hloov cov passwords nrog cov ntawv pov thawj digital. Cov txheej txheem no tuaj yeem raug tsa los ntawm Windows Server. Raws li piav qhia los ntawm Microsoft, Active Directory Certificate Services (AD CS) yog lub server uas tso cai rau koj los tsim PKI hauv koj lub koom haum thiab siv cov ntaub ntawv tseem ceeb rau pej xeem, daim ntawv pov thawj digital, thiab kos npe digital.

Tab sis Microsoft txoj kev daws teeb meem yog kim heev.

Tus Nqi Tag Nrho Cov Tswv Cuab rau Microsoft Private CA

Microsoft's Alternative to a Certificate Authority
Tus nqi ntawm cov tswv cuab sib piv ntawm Microsoft CA thiab GlobalSign AEG. Tau qhov twg los

Nyob rau hauv ntau qhov xwm txheej, nws yooj yim dua thiab pheej yig dua los tsim tib daim ntawv pov thawj ntiag tug, tab sis nrog kev tswj hwm sab nraud. Qhov no yog qhov teeb meem uas GlobalSign Auto Enrollment Gateway (AEG) daws. Ob peb kab ntawm cov nuj nqis raug cais tawm ntawm tag nrho cov nqi ntawm cov tswv cuab (kev yuav khoom, cov nqi txhawb nqa, kev cob qhia cov neeg ua haujlwm, thiab lwm yam). Txuag tau tshaj 50% ntawm tag nrho cov nqi ntawm cov tswv cuab.

Dab tsi yog AEG

Microsoft's Alternative to a Certificate Authority

Auto Enrollment Gateway (AEG) yog qhov kev pabcuam software uas ua haujlwm ntawm SaaS GlobalSign daim ntawv pov thawj cov kev pabcuam thiab ib puag ncig kev lag luam Windows.

AEG koom ua ke nrog Active Directory, tso cai rau cov koom haum ua haujlwm rau kev sau npe, kev npaj thiab kev tswj hwm ntawm GlobalSign digital daim ntawv pov thawj hauv ib puag ncig Windows. Los ntawm kev hloov CAs sab hauv nrog GlobalSign cov kev pabcuam, cov tuam txhab nce kev ruaj ntseg thiab txo tus nqi ntawm kev tswj hwm qhov nyuaj thiab kim sab hauv Microsoft CA.

GlobalSign SaaS Certificate Services yog qhov kev xaiv txhim khu kev qha dua li cov ntawv pov thawj tsis muaj zog thiab tsis muaj kev tswj hwm ntawm koj tus kheej cov txheej txheem. Kev tshem tawm qhov xav tau los tswj cov peev txheej hauv CA txo qis tag nrho cov nqi ntawm cov tswv cuab ntawm PKI, nrog rau kev pheej hmoo ntawm kev ua tsis tiav.

Kev them nyiaj yug rau SCEP thiab ACME cov txheej txheem txuas ntxiv kev txhawb nqa dhau ntawm Windows, suav nrog kev muab daim ntawv pov thawj automated rau Linux servers, mobile devices, network devices, and other devices, as well as Apple OSX computers register in Active Directory.

Txhim kho kev ruaj ntseg

Ntxiv nrog rau kev txuag nyiaj, kev tswj hwm ntawm PKI pab txhim kho kev ruaj ntseg. Raws li Aberdeen Group txoj kev tshawb fawb sau tseg, daim ntawv pov thawj tau nce zuj zus los ntawm cov neeg tawm tsam uas ua tiav siv cov kev paub tsis zoo xws li daim ntawv pov thawj tus kheej tsis muaj kev ntseeg siab, tsis muaj zog encryption, thiab cov txheej txheem tshem tawm cumbersome. Tsis tas li ntawd, cov neeg tawm tsam tau paub txog kev siv dag zog ntau dua, xws li kev dag ntxias muab daim ntawv pov thawj los ntawm CAs ntseeg siab thiab forging code-signing daim ntawv pov thawj.

"Feem ntau cov lag luam tsis nquag tswj hwm cov kev pheej hmoo cuam tshuam nrog cov kev tawm tsam no thiab tsis tau npaj los teb sai sai rau kev lag luam tawm," sau tau Derek E. Brink, Tus Lwm Thawj Coj thiab IT Security Fellow ntawm Aberdeen Group. "Los ntawm kev ua kom cov lag luam tso cov haujlwm ua haujlwm ntawm kev tswj hwm daim ntawv pov thawj ntawm tes ntawm cov kws tshaj lij thaum tswj hwm kev tswj hwm ntawm pawg tswj hwm hauv Active Directory, GlobalSign lub hom phiaj kom muaj kev ruaj ntseg rau yav tom ntej kev loj hlob ntawm kev siv daim ntawv pov thawj los ntawm kev daws teeb meem kev nyab xeeb thiab kev ntseeg siab hauv kev ua tau zoo, tus nqi. - Cov qauv siv tau zoo."

Yuav ua li cas AEG ua haujlwm

Microsoft's Alternative to a Certificate Authority

Ib qho kev sib raug zoo nrog AEG suav nrog plaub yam tseem ceeb los xyuas kom meej tias cov ntawv pov thawj raug raug xa mus rau cov ntsiab lus raug:

  1. AEG software ntawm Windows server.
  2. Active Directory servers lossis domain controllers uas tso cai rau cov thawj coj tswj hwm thiab khaws cov ntaub ntawv hais txog cov peev txheej.
  3. Endpoints: cov neeg siv, cov khoom siv, servers thiab chaw ua haujlwm - txhua qhov chaw uas yog "cov neeg siv khoom" ntawm daim ntawv pov thawj digital.
  4. Lub Koom Haum GlobalSign Certification Authority, los yog GCC, uas yog nyob rau sab saum toj ntawm daim ntawv pov thawj kev ntseeg siab thiab kev tswj hwm platform. Qhov no yog qhov uas daim ntawv pov thawj generated.

Peb ntawm plaub yam uas tau qhia yog nyob rau hauv qhov chaw ntawm tus neeg siv khoom, thiab plaub yog nyob rau hauv huab.

Ua ntej, cov ntsiab lus kawg yog pre-configured siv pab pawg neeg txoj cai: piv txwv li, daim ntawv pov thawj validation rau cov neeg siv authentication, S / MIME thov rau daim ntawv pov thawj, thiab hais txog - rau tom ntej kev twb kev txuas mus rau lub AEG neeg rau zaub mov. Kev sib txuas yog ruaj ntseg ntawm HTTPS.

AEG neeg rau zaub mov nug Active Directory ntawm LDAP rau cov npe ntawm daim ntawv pov thawj templates rau cov ntsiab lus kawg no thiab xa cov npe rau cov neeg siv khoom nrog rau qhov chaw ntawm CA. Tom qab tau txais cov cai no, cov ntsiab lus kawg txuas mus rau AEG server dua, lub sijhawm no los thov cov ntawv pov thawj tiag. AEG, nyob rau hauv lem, tsim ib qho API hu nrog cov kev txwv tsis pub dhau thiab xa mus rau GlobalSign Certification Authority lossis GCC rau kev ua haujlwm.

Thaum kawg, GCC rov qab ua tiav cov kev thov, feem ntau nyob rau hauv ob peb vib nas this, thiab xa cov lus teb API nrog rau daim ntawv pov thawj uas yuav raug ntsia rau ntawm qhov kawg thaum thov.

Tag nrho cov txheej txheem yuav siv sij hawm ob peb feeb thiab tuaj yeem ua tiav tag nrho los ntawm kev teeb tsa cov ntsiab lus kawg kom tau txais daim ntawv pov thawj siv cov cai ntawm pawg.

AEG Unique Features

  • Koj tuaj yeem tso npe los ntawm MDM platform.
  • Tsim los ntawm cov neeg ua haujlwm qub los ntawm pab pawg Microsoft Crypto.
  • Kev daws yam tsis muaj tus neeg siv khoom.
  • Kev siv yooj yim thiab kev tswj hwm lub neej.

Microsoft's Alternative to a Certificate Authority
Architecture piv txwv

Yog li, kev tswj hwm PKI sab nraud los ntawm lub rooj vag GlobalSign AEG txhais tau tias muaj kev ruaj ntseg ntxiv, kev txuag nqi thiab txo kev pheej hmoo. Lwm qhov txiaj ntsig yog qhov yooj yim scalability thiab txhim kho kev ua haujlwm. PKI tswj xyuas kom zoo ua kom lub sijhawm ua haujlwm ntev, tshem tawm kev cuam tshuam rau kev ua haujlwm tseem ceeb vim muaj daim ntawv pov thawj tsis raug, thiab muab cov neeg ua haujlwm nyob deb, nkag mus rau hauv tuam txhab network.

AEG txhawb nqa ntau yam kev siv uas yuav tsum tau muaj ob qhov kev lees paub, los ntawm cov neeg ua haujlwm nyob deb ntawm cov neeg siv khoom nkag mus rau lub network ntawm VPN thiab Wi-Fi, kom muaj cai nkag mus rau cov peev txheej muaj txiaj ntsig zoo ntawm daim npav ntse.

GlobalSign yog tus thawj coj thoob ntiaj teb hauv kev muab huab thiab network PKI kev daws teeb meem rau tus kheej thiab kev tswj hwm kev nkag. Yog xav paub ntxiv txog cov khoom, thov hu rau peb cov thawj coj.

Tau qhov twg los: www.hab.com

Ntxiv ib saib