One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 613605 |
| Date de publication | 2018-04-25 13:00:00 (vue: 2018-04-25 16:01:11) |
| Titre | Certificate Lifecycle Management: People, Process and Technology |
| Texte |
Trust and Digital Certificates
Trust is a valuable commodity in the age of data proliferation. An abundance of information makes it possible for bad actors to impersonate trusted brands using fake websites and accounts. Organizations therefore need a way to ensure that potential customers can trust their identity when visiting their official website, especially if they decide to purchase their goods or services.
To address this issue of trust online, organizations look to the Public Key Infrastructure (PKI). This framework enables the issuance of public key certificates, otherwise known as digital certificates. These documents use security technology called Transport Layer Security (TLS) and previously Secure Sockets Layer (SSL) to encrypt a connection between a company's web server and a user's browser. As such, digital certificates provide a way for web users to trust that a website domain owner is who they say they are and that the transmission of their information with the website is secure.
Challenges of Certificate Management
It's not difficult for organizations to obtain a digital certificate. Depending on the level of trust they want to build with users, they can obtain a domain validation (DV), organization validation (OV) or extended validation (EV) certificate. These different types of electronic documents require that domain owners submit to validation checks conducted by trusted Certificate Authorities (CAs). In the case of DV certificates, CAs look to confirm the contact listed in the WHOIS record of a domain. EV certification is comparatively more thorough, requiring steps to confirm legal and physical operation. For those that obtain EV certificates, web browsers display their names in green along with a padlock indicating HTTPS protection in the address bar.
(Source: Quora)
Difficulties in Certificate Management
By contrast, managing a certificate can be difficult. This is especially true for enterprises that use numerous certificates issued by multiple CAs to protect their web resources. Here are some of the biggest enterprise certificate management challenges identified by DigiCert, a trusted CA, in a useful web guide (PDF):
Keeping Certificates Up-to-Date: TLS certificates suffer from security vulnerabilities just like other software. The problem could arise from misconfigurations, such as missing fields and the use of internal names, or they could owe their existence of out-of-date hashing algorithms. Organizations need to be able to discover these flaws and remediate them to prevent bad actors from compromising and abusing their certificates.
Ensuring Complete Visibility Over All Certificates: In an enterprise, some users may have the authority to request, approve and issue a certificate. This level of access is fine as long as the organization can maintain complete visibility over its certificates. Without it, bad actors can seize upon an overlooked certificate and use it to their advantage.
Managing Certificate Expirations: Besides suffering from vulnerabilities, all certificates have an expiration date. That maximum validity period for a certificate is |
| Envoyé | Oui |
| Condensat | 2018 able abundance abusing access accounting accounts across actors add address adequately administrators advantage against age alert algorithms all allow along always and/or applications approach approve approvers are arise assign audit authorities authority automate automation: available bad bar become besides between biggest brands browser browsers build building but called can cas case centrally certificate certificates certificates: certification challenges chance checks clearly commodity companies company's comparatively complete compromising conducted confirm connection consider contact contrast controls could creation customers data date date: dates dealing decide deciding depending different difficult difficulties digicert digital discover discovery display documents domain domains each electronic employee's employees enables encrypt end ensure ensuring enterprise enterprises entire entrust's entrusted environment especially etc exchanged existence existing expiration expirations: expiring extended fake fields fine flaws follows framework from future goods green guide hashing have help here holistic https identified identify identities identity impending impersonate implementing important indicating information infrastructure internal inventories inventory inventory: invest investing involves issuance issue issued it's its just keeping key known layer legal level leverage lifecycle lifecycle: lifecycles like listed long look maintain make makes manage managed management management: managing manually march maximum may misconfigurations miss missing moment monitor more multiple names need new not notifications now numerous obtain official online operation organization organization's organizations organizations' other otherwise out over overlooked oversee owe owner owners padlock part pdf people period person phase physical pki place plan possible potential prevent previously privileges problem process processes proliferation properly protect protection provide public purchase quora reason receive recommendations: record remediate renew renewal renewal/expiration request require required requires requiring resources responsible risk roles roles: say scenario secure security seize server services should sockets software solution some source: ssl stay steal step steps streamline submit such suffer suffering super sure system technology them then there's therefore these they're thorough those tls top towards transmission transport true trust trusted two types unencrypted upon use useful user user's users users' uses using usually validation validity valuable visibility visiting vulnerabilities want way web website websites well what when which who whois will without workflows years |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.