Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Portal: The Reality of Building Secure Private Networks - Part Two

Aug 07, 2000, 07:31 (0 Talkback[s])
(Other stories by Rick Allen)

"IPSec is beginning to support key business and technology objectives such as B2B extranet backbones and dial access VPN's for remote computing. Despite the security and operational benefits of a VPN, the problem of authenticating client entities for access control decisions remains a risk management issue. Providing needed protection in specific situations, many system designers have recommended authorization services be placed at the application layer. This approach using security specific API's to shunt security services into existing application code can be a lengthy process. Conducting identity authentication and authorization of client entities (a person or program) within the encrypted network tunnel, similar to the (SSL) Secure Sockets Layer model has widespread application and works to protect specialized content (such as a login dialogue box) on Web servers."

"But safeguarding access to critical infrastructure such as B2B extranet gateways requires a finer grain solution. Enter the role of digital certificates for securing and controlling access to enterprise resources."

"As Network engineers are gaining experience in securing point-to-point IPSec tunnels with "pre-shared secrets", a number of security and operational gaps remain. One is the need for a certificate management protocol that Public Key Infrastructure (PKI) clients and Certificate Authorities can use to support digital certificate life cycle. Critical operations include certificate enrollment and distribution. Also processing data and queries for certificate revocation lists (CRL) will be required as VPN's are positioned to secure an increasing array of key enterprise level business initiatives. The arrival of Cisco's Simple Certificate Enrollment Protocol (SCEP) is a good first step to achieving this goal."

Complete Story

Related Stories: