Abasebenzisi abanakuthenjwa. Ubukhulu becala, bangamavila kwaye bakhetha intuthuzelo endaweni yokhuseleko. Ngokwezibalo, i-21% ibhala ii-passwords zabo kwii-akhawunti zomsebenzi kwiphepha, i-50% ibonisa iiphasiwedi ezifanayo zomsebenzi kunye neenkonzo zomntu.
Imekobume nayo inobutshaba. I-74% yemibutho ivumela izixhobo zomntu ukuba ziziswe emsebenzini kwaye zixhunywe kwinethiwekhi yenkampani. I-94% yabasebenzisi abanako ukwahlula i-imeyile yokwenyani kwi-phishing, i-11% icofe kwizinamathiselo.
Zonke ezi ngxaki zisonjululwa yi-corporate public key infrastructure (PKI), ebonelela nge-encryption kunye nokuqinisekiswa kweposi, kwaye ithatha indawo yamagama ayimfihlo ngezatifikethi zedijithali. Esi sibonelelo sinokuphakanyiswa kwi-Windows Server. Ngoku ka
Kodwa isisombululo seMicrosoft sibiza kakhulu.
Iindleko zizonke zoBunini kwiGunya leSatifikethi saBucala esivela kwaMicrosoft
Ukuthelekiswa kweendleko zobunini beMicrosoft CA kunye neGlobalSign AEG.
Kwiimeko ezininzi, kulula ngakumbi kwaye kuyabiza ukwenza igunya elifanayo lesatifikethi sabucala, kodwa ngolawulo lwangaphandle. I-GlobalSign Auto Enrollment Gateway (AEG) isombulula kanye le ngxaki. Iindleko ezininzi zeendleko azibandakanywa kwiindleko ezipheleleyo zobunini (ukuthengwa kwezixhobo, iindleko zenkxaso, uqeqesho lwabasebenzi, njl. njl.). Ugcino lunokugqithisa
Yintoni i-AEG
I-AEG idibanisa ne-Active Directory, ivumela imibutho ukuba izenzele ngokuzenzekelayo ukubhaliswa, ukubonelela kunye nolawulo lwezatifikethi zedijithali ze-GlobalSign kwindawo yeWindows. Ngokutshintsha ii-CAs zangaphakathi ngeenkonzo ze-GlobalSign, amashishini anyusa ukhuseleko kwaye anciphise iindleko zokulawula i-Microsoft CA entsonkothileyo kunye neendleko zangaphakathi.
Iinkonzo zeSatifikethi se-GlobalSign SaaS lukhetho olukhuselekileyo kunezatifikethi ezibuthathaka nezingalawulwayo kwiziseko zakho. Ukuphelisa imfuneko yokulawula i-CA yangaphakathi yobutyebi kunciphisa ixabiso lilonke lobunini be-PKI kunye nomngcipheko wokungaphumeleli kwenkqubo.
Inkxaso ye-SCEP kunye neeprothokholi ze-ACME zandisa inkxaso ngaphaya kwe-Windows, kubandakanywa ukukhutshwa kwesatifikethi esizenzekelayo kwiiseva ze-Linux, iselula, inethiwekhi kunye nezinye izixhobo, kunye neekhompyutha ze-Apple OSX ezibhaliswe kwi-Active Directory.
Ukhuseleko olomeleziweyo
Ukongeza kwibhajethi yokulondoloza, ulawulo lwe-PKI lwangaphandle luphucula ukhuseleko lwenkqubo. Njengoko kuphawuliwe kuphononongo lweQela le-Aberdeen, izatifikethi ziya zijoliswa ngakumbi ngabahlaseli, abasebenzisa ngempumelelo ubuthathaka obaziwayo njengezatifikethi ezibuthathaka zokuzisayina, uguqulelo oluntsonkothileyo kunye neendlela ezinzima zokurhoxisa. Ukongeza, abahlaseli baye bakwazi ukwenza izinto ezintsonkothileyo, ezinjengokukhupha izatifikethi ngobuqhetseba kwii-CA ezithenjiweyo kunye nezatifikethi zokutyikitya ngekhowudi.
"Uninzi lwamashishini alusebenzi ngokwaneleyo ekulawuleni imingcipheko ehambelana nolu hlaselo kwaye akakulungelanga ukuphendula ngokukhawuleza kurhwebo,"
Isebenza njani iAEG?
Inkqubo ye-AEG eqhelekileyo ibandakanya amacandelo amane aphambili ukuqinisekisa ukuba izatifikethi ezichanekileyo zigqithiselwa kwiindawo ezichanekileyo zofikelelo:
- Isoftware yeAEG kwiseva yeWindows.
- Iiseva zikaVimba osebenzayo okanye abalawuli besizinda abavumela abalawuli ukuba balawule kwaye bagcine ulwazi malunga nezixhobo.
- Amanqaku okugqibela: abasebenzisi, izixhobo, iiseva kunye neendawo zokusebenza-phantse naliphi na iqumrhu "elingumthengi" wezatifikethi zedijithali.
- I-GlobalSign Certificate Authority okanye i-GCC, ehleli phezu kokukhutshwa kwesatifikethi esithembekileyo kunye neqonga lolawulo. Apha kulapho iziqinisekiso zenziwa khona.
Ezintathu kumacandelo amane abonisiwe akwindawo kumthengi, kwaye isine sisefini.
Okokuqala, iindawo zokugqibela ziqwalaselwe kwangaphambili kusetyenziswa imigaqo-nkqubo yeqela: umzekelo, ukuqinisekiswa kwesatifikethi sokuqinisekiswa komsebenzisi, isicelo se-S/MIME sesatifikethi, njalo njalo, ukwenzela uxhulumaniso olulandelayo kumncedisi we-AEG. Uqhagamshelwano lukhuselekile nge-HTTPS.
Iseva ye-AEG ibuza i-Active Directory nge-LDAP ukufumana uluhlu lwezifanekiso zesatifikethi zezi siphelo, kwaye ithumela uluhlu kubaxhasi kunye nendawo yogunyaziwe wesatifikethi. Emva kokufumana le mithetho, i-endpoints idibanisa kwi-server ye-AEG kwakhona, ngeli xesha ukucela izatifikethi zangempela. I-AEG yenza umnxeba we-API kunye neeparamitha ezikhankanyiweyo kwaye iyithumele kwiGlobalSign Certificate Authority okanye i-GCC ukuze iqhutywe.
Ekugqibeleni, i-backend ye-GCC iqhuba izicelo, ngokuqhelekileyo ngaphakathi kwemizuzwana embalwa, kwaye ithumela impendulo kwi-API kunye nesatifikethi esiya kufakwa kwiindawo zokuphela xa kuceliwe.
Yonke le nkqubo ithatha imizuzwana embalwa kwaye inokuzenzekela ngokupheleleyo ngokuqwalasela iindawo zokuphela ukufumana izatifikethi ngokuzenzekelayo usebenzisa imigaqo-nkqubo yeqela.
Iimpawu ze-AEG ezizodwa
- Unokubhalisa ngeqonga le-MDM.
- Iphuhliswe ngabasebenzi bangaphambili kwiqela le-Microsoft Crypto.
- Isisombululo esingenamxhasi.
- Uphumezo olulula kunye nolawulo lomjikelo wobomi.
Imizekelo yoyilo lwezakhiwo
Ngaloo ndlela, ulawulo lwe-PKI lwangaphandle ngesango le-GlobalSign AEG lithetha ukhuseleko olongezelelweyo, ukugcinwa kweendleko kunye nokunciphisa umngcipheko. Enye inzuzo kukulinganisa okulula kunye nokusebenza okwandisiweyo. Ulawulo olululo lwe-PKI luqinisekisa ixesha elide, luphelisa ukuphazamiseka kwemisebenzi ebalulekileyo yobuthunywa ngenxa yezatifikethi ezingasebenziyo, kwaye inikezela abasebenzi bekude, ukufikelela okukhuselekileyo kwiinethiwekhi zenkampani.
I-GlobalSign yinkokeli yehlabathi ekuboneleleni ngelifu kunye nenethiwekhi ye-PKI yesazisi kunye nezisombululo zolawulo lokufikelela. Ngolwazi oluthe vetshe malunga neemveliso, nceda uqhagamshelane
umthombo: www.habr.com