Abasebenzisi abanakwethenjwa. Ngokwengxenye enkulu, bayavilapha futhi bakhetha ukunethezeka esikhundleni sokulondeka. Ngokwezibalo, u-21% ubhala phansi amagama ayimfihlo ama-akhawunti omsebenzi ephepheni, u-50% ubonisa amagama ayimfihlo afanayo omsebenzi nezinkonzo zomuntu siqu.

Imvelo nayo inobutha. I-74% yezinhlangano ivumela ukuthi izinto zomuntu siqu zilethwe emsebenzini futhi zixhunywe kunethiwekhi yebhizinisi. Abasebenzisi abangu-94% abakwazi ukuhlukanisa i-imeyili yangempela neyobugebengu bokweba imininingwane ebucayi, u-11% uchofoze okunamathiselwe kwi-imeyili.

Zonke lezi zinkinga zixazululwa ingqalasizinda yokhiye womphakathi webhizinisi (i-PKI), ehlinzeka ngokubethela kanye nokuqinisekiswa kwemeyili, futhi imiselela amaphasiwedi ngezitifiketi zedijithali. Le ngqalasizinda ingaphakanyiswa ku-Windows Server. Ngokuvumelana ne incazelo evela kuMicrosoftI-Active Directory Certificate Services (AD CS) iyiseva ekuvumela ukuthi udale i-PKI enhlanganweni yakho futhi usebenzise i-cryptography yokhiye osesidlangalaleni, izitifiketi zedijithali, namasiginesha edijithali.

Kodwa isixazululo seMicrosoft sibiza kakhulu.

Isamba Sezindleko Zobunikazi Zesiphathimandla Sesitifiketi Esizimele esivela kwa-Microsoft

Ukuqhathaniswa kwezindleko zobunikazi be-Microsoft CA kanye ne-GlobalSign AEG. Umthombo

Ezimweni eziningi, kulula kakhulu futhi ishibhile ukudala igunya elifanayo lokunikeza izitifiketi eziyimfihlo, kodwa ngokuphathwa kwangaphandle. I-GlobalSign Auto Enrollment Gateway (AEG) ixazulula le nkinga. Imigqa yezindleko eminingana ayifakiwe ezindlekweni eziphelele zobunikazi (ukuthengwa kwezinto zokusebenza, izindleko zokusekela, ukuqeqeshwa kwezisebenzi, njll.). Ukonga kungadlula U-50% wezindleko eziphelele zobunikazi.

Yini i-AEG

Isango Lokubhalisa Ngokuzenzakalelayo (AEG) isevisi yesofthiwe esebenza njengesango phakathi kwezinsizakalo zesitifiketi se-GlobalSign sika-SaaS kanye nemvelo yebhizinisi le-Windows.

I-AEG ihlanganisa ne-Active Directory, ivumela izinhlangano ukuthi zizenzele ngokwazo ukubhaliswa, ukuhlinzeka nokuphathwa kwezitifiketi zedijithali ze-GlobalSign endaweni ye-Windows. Ngokufaka ama-CA angaphakathi esikhundleni samasevisi e-GlobalSign, amabhizinisi akhulisa ukuphepha futhi anciphisa izindleko zokuphatha i-Microsoft CA eyinkimbinkimbi nemba eqolo yangaphakathi.

I-GlobalSign SaaS Certificate Services iyindlela evikeleke kakhulu kunezitifiketi ezibuthaka nezingalawulwa kungqalasizinda yakho. Ukuqeda isidingo sokuphatha i-CA yangaphakathi enezinsiza kunciphisa izindleko eziphelele zobunikazi be-PKI kanye nengozi yokwehluleka kwesistimu.

Ukusekelwa kwezivumelwano ze-SCEP ne-ACME kudlulisa ukwesekwa ngale kwe-Windows, okuhlanganisa ukukhishwa kwesitifiketi okuzenzakalelayo kwamaseva e-Linux, iselula, inethiwekhi namanye amadivayisi, kanye namakhompyutha we-Apple OSX abhaliswe Ku-Active Directory.

Ukuvikeleka Okuthuthukisiwe

Ngokungeziwe ekongeni isabelomali, ukuphathwa kwe-PKI kwangaphandle kuthuthukisa ukuphepha kwesistimu. Njengoba kuphawuliwe ocwaningweni lweqembu le-Aberdeen, izitifiketi ziya ngokuya zikhonjwa abahlaseli, abasebenzisa ngempumelelo ubungozi obaziwayo njengezitifiketi zokuzisayina ezibuthakathaka, ukubethela okubuthakathaka nezindlela zokuhoxisa ezinzima. Ngaphezu kwalokho, abahlaseli baye baba yingcweti yezenzo zokuxhaphaza eziyinkimbinkimbi, njengokukhipha izitifiketi ngomgunyathi kuma-CA athembekile kanye nezitifiketi zokusayina zekhodi zokukhohlisa.

"Amabhizinisi amaningi awasukumeli ngokwanele ekulawuleni ubungozi obuhambisana nalokhu kuhlaselwa futhi awakulungele ukuphendula ngokushesha ekuhwebeni," wabhala U-Derek E. Brink uyisekela likamongameli kanye nozakwethu wezokuphepha kwe-IT e-Aberdeen Group. “Ngokuvumela amabhizinisi ukuthi abeke izici zokusebenza zokuphathwa kwesitifiketi ezandleni zochwepheshe kuyilapho egcina ukulawula kwebhizinisi phezu kwezinqubomgomo zeqembu ku-Active Directory, i-GlobalSign ihlose ukunika amandla ukukhula kwesikhathi esizayo ekusetshenzisweni kwesitifiketi ngokubhekana nezindaba zokuphepha nokuthembela ngendlela ephumelelayo, ebiza kakhulu- imodeli yokusabalalisa esebenzayo."

Isebenza kanjani i-AEG?

Isistimu ye-AEG evamile ihlanganisa izingxenye ezine ezibalulekile zokuqinisekisa ukuthi izitifiketi ezifanele zidluliselwa ezindaweni ezifanele zokufinyelela:

1. Isoftware ye-AEG kuseva yeWindows.
2. Amaseva ohlu lwemibhalo olusebenzayo noma izilawuli zesizinda ezivumela abalawuli ukuthi baphathe futhi bagcine ulwazi mayelana nezinsiza.
3. Amaphoyinti okugcina: abasebenzisi, amadivaysi, amaseva nezindawo zokusebenza—cishe noma iyiphi inhlangano “engumthengi” wezitifiketi zedijithali.
4. I-GlobalSign Certificate Authority noma i-GCC, ehlezi phezu kwesitifiketi esithembekile sokukhishwa kanye nenkundla yokuphatha. Yilapho izitifiketi zenziwa khona.

Izingxenye ezintathu kwezine ezibonisiwe zisendaweni ekhasimendeni, kanti eyesine isefwini.

Okokuqala, izindawo zokugcina zilungiswa kusengaphambili kusetshenziswa izinqubomgomo zeqembu: isibonelo, ukuqinisekiswa kwesitifiketi sokuqinisekiswa komsebenzisi, isicelo se-S/MIME sesitifiketi, nokunye, ngokuxhumeka okulandelayo kuseva ye-AEG. Uxhumano luvikelekile nge-HTTPS.

Iseva ye-AEG ibuza Uhla Lwemibhalo Olusebenzayo nge-LDAP ukuze ithole uhlu lwezifanekiso zesitifiketi zalawa maphoyinti okugcina, futhi ithumela uhlu kumakhasimende kanye nendawo yesiphathimandla sesitifiketi. Ngemva kokuthola le mithetho, amaphoyinti okugcina axhuma kuseva ye-AEG futhi, kulokhu ukucela izitifiketi zangempela. I-AEG yona idala ikholi ye-API ngamapharamitha acacisiwe bese iyithumela ku-GlobalSign Certificate Authority noma i-GCC ukuze icutshungulwe.

Okokugcina, i-backend ye-GCC icubungula izicelo, ngokuvamile phakathi kwamasekhondi ambalwa, futhi ithumela impendulo ku-API kanye nesitifiketi esizofakwa ezindaweni zokugcina uma isicelo.

Yonke le nqubo ithatha amasekhondi ambalwa futhi ingenziwa ngokuzenzakalelayo ngokugcwele ngokumisa izindawo zokugcina ukuze kutholwe izitifiketi ngokuzenzakalelayo kusetshenziswa izinqubomgomo zeqembu.

Izici ezihlukile ze-AEG

• Ungabhalisa ngokusebenzisa inkundla ye-MDM.
• Ithuthukiswe yizisebenzi zangaphambili ezivela eqenjini le-Microsoft Crypto.
• Isixazululo esingenaklayenti.
• Ukuqaliswa okulula nokuphathwa komjikelezo wempilo.

Izibonelo zezakhiwo

Ngakho-ke, ukuphathwa kwe-PKI yangaphandle ngesango le-GlobalSign AEG kusho ukuphepha okwengeziwe, ukonga izindleko kanye nengozi encishisiwe. Enye inzuzo ukulinganisa okulula kanye nokusebenza okwandisiwe. Ukuphathwa okufanelekile kwe-PKI kuqinisekisa isikhathi eside, kuqeda ukuphazamiseka kwemisebenzi ebalulekile yemishini ngenxa yezitifiketi ezingavumelekile, futhi kunikeza abasebenzi ukude, ukufinyelela okuvikelekile kumanethiwekhi enkampani.

AEG Isekela izinhlobonhlobo zokusebenzisa izimo ezidinga ukuqinisekiswa kwezinto ezimbili: kusukela kumakhasimende eqembu elikude afinyelela inethiwekhi nge-VPN ne-Wi-Fi, ukufinyelela okukhethekile kuzinsiza ezibucayi kakhulu ngamakhadi ahlakaniphile.

I-GlobalSign ingumholi womhlaba wonke ekuhlinzekeni ngobunikazi be-PKI benethiwekhi kanye nezixazululo zokuphatha ukufinyelela. Ukuze uthole ukwaziswa okwengeziwe mayelana nemikhiqizo, sicela uxhumane abaphathi bethu.

Source: www.habr.com