ProHoster > Ibhulogi > Ulawulo > Eyenye yeMicrosoft kwiGunya lesatifikethi

Eyenye yeMicrosoft kwiGunya lesatifikethi

Abasebenzisi abanakuthenjwa. Ubukhulu becala, bangamavila kwaye bakhetha intuthuzelo endaweni yokhuseleko. Ngokwezibalo, i-21% ibhala ii-passwords zabo kwii-akhawunti zomsebenzi kwiphepha, i-50% ibonisa iiphasiwedi ezifanayo zomsebenzi kunye neenkonzo zomntu.

Imekobume nayo inobutshaba. I-74% yemibutho ivumela izixhobo zomntu ukuba ziziswe emsebenzini kwaye zixhunywe kwinethiwekhi yenkampani. I-94% yabasebenzisi abanako ukwahlula i-imeyile yokwenyani kwi-phishing, i-11% icofe kwizinamathiselo.

Zonke ezi ngxaki zisonjululwa yi-corporate public key infrastructure (PKI), ebonelela nge-encryption kunye nokuqinisekiswa kweposi, kwaye ithatha indawo yamagama ayimfihlo ngezatifikethi zedijithali. Esi sibonelelo sinokuphakanyiswa kwi-Windows Server. Ngoku ka inkcazelo evela kuMicrosoftIinkonzo zeSatifikethi soLawulo oluSebenzayo (AD CS) yiseva ekuvumela ukuba wenze i-PKI kumbutho wakho kwaye usebenzise i-cryptography yesitshixo sikawonke-wonke, izatifikethi zedijithali, kunye notyikityo lwedijithali.

Kodwa isisombululo seMicrosoft sibiza kakhulu.

Iindleko zizonke zoBunini kwiGunya leSatifikethi saBucala esivela kwaMicrosoft

Eyenye yeMicrosoft kwiGunya lesatifikethi
Ukuthelekiswa kweendleko zobunini beMicrosoft CA kunye neGlobalSign AEG. Umthombo

Kwiimeko ezininzi, kulula ngakumbi kwaye kuyabiza ukwenza igunya elifanayo lesatifikethi sabucala, kodwa ngolawulo lwangaphandle. I-GlobalSign Auto Enrollment Gateway (AEG) isombulula kanye le ngxaki. Iindleko ezininzi zeendleko azibandakanywa kwiindleko ezipheleleyo zobunini (ukuthengwa kwezixhobo, iindleko zenkxaso, uqeqesho lwabasebenzi, njl. njl.). Ugcino lunokugqithisa I-50% yeendleko zizonke zobunini.

Yintoni i-AEG

Eyenye yeMicrosoft kwiGunya lesatifikethi

Isango lokuBhalisa ngokuzenzekela (I-AEG) yinkonzo yesoftware esebenza njengesango phakathi kweenkonzo zesatifikethi se-GlobalSign ye-SaaS kunye nemekobume yeshishini le-Windows.

I-AEG idibanisa ne-Active Directory, ivumela imibutho ukuba izenzele ngokuzenzekelayo ukubhaliswa, ukubonelela kunye nolawulo lwezatifikethi zedijithali ze-GlobalSign kwindawo yeWindows. Ngokutshintsha ii-CAs zangaphakathi ngeenkonzo ze-GlobalSign, amashishini anyusa ukhuseleko kwaye anciphise iindleko zokulawula i-Microsoft CA entsonkothileyo kunye neendleko zangaphakathi.

Iinkonzo zeSatifikethi se-GlobalSign SaaS lukhetho olukhuselekileyo kunezatifikethi ezibuthathaka nezingalawulwayo kwiziseko zakho. Ukuphelisa imfuneko yokulawula i-CA yangaphakathi yobutyebi kunciphisa ixabiso lilonke lobunini be-PKI kunye nomngcipheko wokungaphumeleli kwenkqubo.

Inkxaso ye-SCEP kunye neeprothokholi ze-ACME zandisa inkxaso ngaphaya kwe-Windows, kubandakanywa ukukhutshwa kwesatifikethi esizenzekelayo kwiiseva ze-Linux, iselula, inethiwekhi kunye nezinye izixhobo, kunye neekhompyutha ze-Apple OSX ezibhaliswe kwi-Active Directory.

Ukhuseleko olomeleziweyo

Ukongeza kwibhajethi yokulondoloza, ulawulo lwe-PKI lwangaphandle luphucula ukhuseleko lwenkqubo. Njengoko kuphawuliwe kuphononongo lweQela le-Aberdeen, izatifikethi ziya zijoliswa ngakumbi ngabahlaseli, abasebenzisa ngempumelelo ubuthathaka obaziwayo njengezatifikethi ezibuthathaka zokuzisayina, uguqulelo oluntsonkothileyo kunye neendlela ezinzima zokurhoxisa. Ukongeza, abahlaseli baye bakwazi ukwenza izinto ezintsonkothileyo, ezinjengokukhupha izatifikethi ngobuqhetseba kwii-CA ezithenjiweyo kunye nezatifikethi zokutyikitya ngekhowudi.

"Uninzi lwamashishini alusebenzi ngokwaneleyo ekulawuleni imingcipheko ehambelana nolu hlaselo kwaye akakulungelanga ukuphendula ngokukhawuleza kurhwebo," wabhala U-Derek E. Brink yi-vice-president kunye nokhuseleko lwe-IT kwi-Aberdeen Group. "Ngokwenza ukuba amashishini abeke imiba yokusebenza yolawulo lwesatifikethi ezandleni zeengcali ngelixa egcina ulawulo lwenkampani kwimigaqo-nkqubo yeqela kwi-Active Directory, i-GlobalSign ijolise ekukhuliseni ukukhula kwexesha elizayo kusetyenziso lwesatifikethi ngokujongana nemiba yokhuseleko olusebenzayo kunye nentembeko ngendlela esebenzayo, yeendleko- imodeli yokuhambisa esebenzayo. "

Isebenza njani iAEG?

Eyenye yeMicrosoft kwiGunya lesatifikethi

Inkqubo ye-AEG eqhelekileyo ibandakanya amacandelo amane aphambili ukuqinisekisa ukuba izatifikethi ezichanekileyo zigqithiselwa kwiindawo ezichanekileyo zofikelelo:

  1. Isoftware yeAEG kwiseva yeWindows.
  2. Iiseva zikaVimba osebenzayo okanye abalawuli besizinda abavumela abalawuli ukuba balawule kwaye bagcine ulwazi malunga nezixhobo.
  3. Amanqaku okugqibela: abasebenzisi, izixhobo, iiseva kunye neendawo zokusebenza-phantse naliphi na iqumrhu "elingumthengi" wezatifikethi zedijithali.
  4. I-GlobalSign Certificate Authority okanye i-GCC, ehleli phezu kokukhutshwa kwesatifikethi esithembekileyo kunye neqonga lolawulo. Apha kulapho iziqinisekiso zenziwa khona.

Ezintathu kumacandelo amane abonisiwe akwindawo kumthengi, kwaye isine sisefini.

Okokuqala, iindawo zokugqibela ziqwalaselwe kwangaphambili kusetyenziswa imigaqo-nkqubo yeqela: umzekelo, ukuqinisekiswa kwesatifikethi sokuqinisekiswa komsebenzisi, isicelo se-S/MIME sesatifikethi, njalo njalo, ukwenzela uxhulumaniso olulandelayo kumncedisi we-AEG. Uqhagamshelwano lukhuselekile nge-HTTPS.

Iseva ye-AEG ibuza i-Active Directory nge-LDAP ukufumana uluhlu lwezifanekiso zesatifikethi zezi siphelo, kwaye ithumela uluhlu kubaxhasi kunye nendawo yogunyaziwe wesatifikethi. Emva kokufumana le mithetho, i-endpoints idibanisa kwi-server ye-AEG kwakhona, ngeli xesha ukucela izatifikethi zangempela. I-AEG yenza umnxeba we-API kunye neeparamitha ezikhankanyiweyo kwaye iyithumele kwiGlobalSign Certificate Authority okanye i-GCC ukuze iqhutywe.

Ekugqibeleni, i-backend ye-GCC iqhuba izicelo, ngokuqhelekileyo ngaphakathi kwemizuzwana embalwa, kwaye ithumela impendulo kwi-API kunye nesatifikethi esiya kufakwa kwiindawo zokuphela xa kuceliwe.

Yonke le nkqubo ithatha imizuzwana embalwa kwaye inokuzenzekela ngokupheleleyo ngokuqwalasela iindawo zokuphela ukufumana izatifikethi ngokuzenzekelayo usebenzisa imigaqo-nkqubo yeqela.

Iimpawu ze-AEG ezizodwa

  • Unokubhalisa ngeqonga le-MDM.
  • Iphuhliswe ngabasebenzi bangaphambili kwiqela le-Microsoft Crypto.
  • Isisombululo esingenamxhasi.
  • Uphumezo olulula kunye nolawulo lomjikelo wobomi.

Eyenye yeMicrosoft kwiGunya lesatifikethi
Imizekelo yoyilo lwezakhiwo

Ngaloo ndlela, ulawulo lwe-PKI lwangaphandle ngesango le-GlobalSign AEG lithetha ukhuseleko olongezelelweyo, ukugcinwa kweendleko kunye nokunciphisa umngcipheko. Enye inzuzo kukulinganisa okulula kunye nokusebenza okwandisiweyo. Ulawulo olululo lwe-PKI luqinisekisa ixesha elide, luphelisa ukuphazamiseka kwemisebenzi ebalulekileyo yobuthunywa ngenxa yezatifikethi ezingasebenziyo, kwaye inikezela abasebenzi bekude, ukufikelela okukhuselekileyo kwiinethiwekhi zenkampani.

AEG Ixhasa uluhlu olubanzi lweemeko zokusetyenziswa ezifuna ukuqinisekiswa kwezinto ezimbini: ukusuka kubaxhasi beqela elikude bafikelela kwinethiwekhi nge-VPN kunye ne-Wi-Fi, ukufikelela okunelungelo kwizibonelelo ezibuthathaka kakhulu ngokusebenzisa amakhadi ahlakaniphile.

I-GlobalSign yinkokeli yehlabathi ekuboneleleni ngelifu kunye nenethiwekhi ye-PKI yesazisi kunye nezisombululo zolawulo lokufikelela. Ngolwazi oluthe vetshe malunga neemveliso, nceda uqhagamshelane abaphathi bethu.

umthombo: www.habr.com

Yongeza izimvo