Domain: certalertsoftware.com
Stories and comments across the archive that link to certalertsoftware.com.
Comments · 7
-
Re:Entrust's SSL certificate, and its problems
You are totally correct. This could have been done better. In fact, as an ISV in the cert space, we have found it quite interesting that during the enforcement of these certificates many have the problems that you describe. For our product, which scans networks and maps the SSL infrastructure to customer defined policy this is problematic as these HA certs often are incorrectly set up. I fully agree that if this was done a bit smoother it would make the adoption that much easier - and ultimately the enforcement and related benefits would be more wide spread. http://www.certalertsoftware.com/
-
we run into this ALL THE TIME
I work for a company that provides software for deployment/configuration management http://www.certalertsoftware.com/. Whenever we engage with a new company we always have to do the dance for who owns what and where the line is for ownership. What we see more often then not is that IT owns the deployemnt - until it is broken. Then it goes back to Dev.
Some of the other comments that talk about the Agile approaches with rapid iterative builds and deployments are interesting. We have run into a few larger companies (F500) that are using Agile or derivitives. In these cases the dev and IT guys seem to have made peace with each other. I would guess - sometime after Agile was forced on them ;) However, organizations that are EARLY in the Agile adoption or change are seriously challenging to deal with. There is still tons of turf wars and property disputes. -
A Combination of Solutions....
I work in Security for a very large financial institution. We do not have break ins
;)
Seriously, we have taken a bunch of time to implement several policies. Policies around; passwords, data at rest, data in transit, physical access and two factor authentication (in some areas). We feel very good about what we have in place, but we also realize that it can never totally protect us. We have also done things like phase out any rogue operating systems (win 98) that we may find hidden inside the walls of this company.
In short security is really the assembly of multiple disciplines (at least for us) and we are constantly getting better at it. We have recently become quite interested in being able to handle what happens AFTER some sort of breech occurs. The industry is calling this Resolution Management. This seems like a newer addition to the security pyramid, but a practical one. The idea is that an organization should be able to respond quickly and cost effectively to a breech and provide the same level of system service as before the breech - quickly. One of the innovators in that space is http://www.certalertsoftware.com/. I am sure there are others too, but worth investigating. -
This is great!
We run into this ALL THE TIME. I work at a small software startup http://www.certalertsoftware.com/ and everytime we present/install to a cuatomer this very issue comes up. Our software performs network monitoring of several security metrics including the validity of SSL certificates. So, from a scanning prespective, agent-less monitoring gets us 90%+ of what we need and is fully acceptable by many of the customers.
Where it gets interesting is when the customer finds out that our software has the ability to UPDATE those remote certificates in an agent/agentless fashion. This is why it gets interesting, because there are SO MANY polocies in corporate America that we never run into the same rationalization for either way to do things.
Lastly, and most interesting to me is some of our customers have suggested that we champion a standard for Agent Monitors where the agent monitor can be installed once and have the properties like polling, summation, and communication. Then all the different network monitoring packages they have could adopt this spec and be way more manigable by them. Easier to implement by us. And standards based for everyone.
Seems like a great idea, and we are exploring how to do this, but I ask slashdoters .... would this be of any benefit to you? -
LAMP and SSL Management
I too am a admin at a government institution. We have some serious LAMP deployments here, as it can be automated very nicely. Whereas the SSL features of IIS still feel very propretary to me. We use a third party tool http://www.certalertsoftware.com/ to manage about 1000 SSL certificates all on Apache here, but Apache makes it seamless.
Long live Apache! -
Watching the registration list for certs
This company CertAlert http://www.certalertsoftware.com/ was presenting to my team about their SSL Certificate management solution. They were saying that they are trying to gain access to the list of registered certs from the CA's to provide third party external authentication checks. IE - their theory was that an organization would likey have people and processes in place for brand management type activities and that this is an extension of that. However, best I understood, the CA's do not offer that list to anyone public or private.
-
CertAlert Software
We use Certalert for managing our digital certificate lifecycle and CRL's. This is a nice add on solution to MSFT PKI. This does not do anything on the 2 factor authentication side however, so we are still looking for a solution there. For my money the Certalert guys really provide a great solution for managing your server side certificate environment. http://www.certalertsoftware.com/
,if your interested.