Digital Certificates and Secure Web Access

Digital Certificates and Secure Web Access

Introduction

This paper describes the use of Digital Certificates as a mechanism for strongly authenticating users to web sites where identity information is required. Before the advent of digital certificates the only option for authenticating users to a site was to assign a username and password. Digital certificates on the other hand provide for much more robust access control and have a number of benefits over username and password.

Username and password authentication

Using username and password the process is generally as follows: each time a user wishes to access a web service the user navigates to the site and authenticate themselves to the application using unique username and password. This data is passed to the server (hopefully in an encrypted form), the application looks up the username and the password (or a representation of the password) in some form of access control list and provided the information matches the user is granted access.

This method has some obvious limitations:

* The username and password are passed over the web (encrypted or unencrypted) with the typical security concerns of interception.
* The systems administrator normally has unrestricted access to all usernames and passwords with associated security and liability concerns for the service provider (especially with confidential data)
* The user needs to remember as many usernames and passwords as are required by their applications leading to inevitable support issues to recover lost access data

Digital Certificate Authentication

The typical digital certificate web access process is:

The user navigates to the website. Before allowing access it checks the certificate against the access database. The user enters the password locally to confirming their access right to the certificate and is allowed to the website.

Benefits of certificates over username and password:

* General security is enhanced: the user needs both the certificate itself and the password to the certificate to gain access.
* The password is never passed over the web, not even during account set-up.
* At no stage do systems administrators have access to user passwords.
* The certificate can electronically sign data on the website with the benefit of non-repudiation.
* The user uses one digital identity with one password to access a range of applications (reduces passwords to remember).

Implementing Digital Certificates

All major web servers support client authentication via certificates. An SSL certificate on the web server (to support https) enables configuration of client authentication and only requires specification of the access rights for each directory served by the web server. Amend the web application to support client authentication by certificates. If any code was developed to handle user name and password, then the certificate credentials can be looked up in an access control list in just the same way. Client certificates are issued via a Public Key Infrastructure (PKI) You can choose implement your own or use the services of a Managed Service Provider such as Diginus Ltd.

Wider Use

Once customers or employees have digital certificates, the same certificates can be used to digitally sign email, PDF and web forms and Microsoft Word documents. With a few small steps a corporate website can be transformed into the centre of a powerful web services infrastructure, with single sign on to multiple web applications, signed email and forms data exchange, all the time knowing exactly who is accessing the resources and data.

Jonathan Gay BA(hons) CISA MBCS, is an IS Security professional specialising in identity management and Public Key Infrastructure (PKI) related matters. Jonathan works for Diginus Ltd the e-identity solutions company.

You can contact Jonathan via the Diginus Ltd web site www.diginus.com

How To Better Secure Your Windows

After the front door or one of your home’s back doors, your windows are the second most probable targets for any burglar. As doors are often well protected nowadays, with the advances in home security, most burglars won’t even try to pick their locks or break them down and turn directly to your windows. Often neglected in terms of protection, windows can easily be bypassed by a clever burglar who can try to break the frame of the window without making too much noise, try to unlock the window from the outside or, if you made the mistake of leaving one of your windows slightly opened, squeeze his hand in and unlock the window from inside.

Basic tips on securing your windows

Some of these tips are quite obvious and won’t require any sort of complicated home security systems, so if you use common sense you’ll see why they’re required and try to follow them.

Close and lock your windows when leaving home

Leaving your window opened to allow your room some fresh air while you’re off to work, school or whatnot automatically puts you at risk of burglary and it’s quite a high risk that shouldn’t be neglected. A skilled burglar will immediately spot the open window and work his way around taking advantage of it. Even if you leave your window open with just a small crack of free space, the burglar can work his way from there and open it completely with the help of various tools, or even his or her hand. This tip mostly refers to situations where you leave home for periods of time that exceed 1 hour, but then again it would be wise for your own home’s security if you don’t open windows widely in a room when you know you’ll be in the other side of the house for a while. It only takes a matter of minutes for a thief to see the open window, sneak in, loot your stuff and get back out, with you being in the house!

Don’t forget about upper floor windows

Now this is one common home security mistake. People secure their doors, enforce their main windows, install alarms on them but leave their upper floor windows wide open! That’s just saying “come in and take whatever you want” to a burglar. Don’t think that just because the window is up there a burglar won’t get to it. Take into consideration that burglars are usually agile and fast (2 of the essential qualities a burglar needs to have in order to not get caught, right?) and getting to the upper story won’t be a major problem to them. Sometimes they’ll use the tools you have laying around the house to get there, so make sure you lock your ladders in your garage or storage house whenever you’re not around.

Getting a home security system that protects your windows

You will have to choose your home security system depending on the number of windows, doors and other areas you want secured, as they come with a limited number of zones they can cover. Most modern home security systems offer window alarms that can be set to trigger every time a window is forced opened or when the lock is tinkered with. One of the most ingenious home security components for windows that can be found today is the wireless “trip wire”. This is a sensor that will be attached to the window and when the window will open, it will hit the invisible trip wire, triggering the alarm.

Planned Home Security Gives The Peace Of Mind You Deserve.

Fraser Wheaton is the founder and publisher of The Home Security Reports website.

http://www.HomeSecurityReports.com

We aim to be the worlds largest content provider for home security information on the internet. If you have a home security question, chances are, we have the answer.