Does Your Company Use a PKI Solution?

punkrokk asks: "I am doing an Independent study of the feasibility of a Microsoft Certificate Services PKI in a distributed company. So far, it appears from my research that MS has the best supported implementation of a X.509 based PKI solution, for the Windows environment. While there are a few major weaknesses in a X.509 Public Key Infrastructure, one of which being Certificate Revocation Lists, using one is better than nothing. You do get a tangible security benefit, in addition to doing switch port authentication, and VPN quarantines. The problem is the cost of implementation is pretty steep, from the planning side. What do you guys do for dual factor authentication? Has anyone had Verisign sign their Certificate Authority? If you have implemented a MS Certificate Service infrastructure, I would appreciate your comments."

Security through obscurity

[BadAnalogyGuy]

If you're going to expose your encryption method using a public key, you're about as safe as a CTU agent travelling with Jack Bauer and Tony Almeida. In other words, just think of yourself as Ensign Johnson beaming down to the planet with Kirk and McCoy.

Security is good, but only as good as the weakest link in the chain. If you have humans working for you, they are the weakest link. It's a lot like a car with a flat tire. You should change to the spare, but realistically, the spare is probably a small tire that isn't really designed to be run on for long distances and will cause you to lose control if you rely on it too much.

Re:Security through obscurity

[usafa87]

I was gonna argue with your analogies until I saw your userid. Turns out that's like lighting a fire under the bandwagon.

Re:Security through obscurity

[accessdeniednsp]

Eh?

Hard of hearing, there, grand pa? Here, have some oatmeal and your coffee. The Price Is Right is gonna be on shortly. Let me push you up to about 3 inches away from the TV and crank the volume to max for you. Here's your blanket.

In a word...

[necro2607]

In a word... no.

I didn't notice that I there...

[BeneathTheVeil]

...and misread it as "does your company use a PK solution?" ...yeah, I wish they would... some PKing around the office might not be a bad thing.

public keys, go figure...

[revery]

My company believed that we had a private key infrastructure, but it seems that our moss green frog hide-a-key was a layer of deception far too easily pierced by even the most novice criminal mind...

we now use a terra-cotta sleeping bunny key safe and feel much more secure.

In C++ terms

That would be a protected infrastructure.

BTW, the "Images" shown at the bottom of the screen are completely irrelevant to the bunny picture.

You bet yer ass we do!

[BandwidthHog]

Our passwords are so bad that John Q. Public could have root in about four minutes.

Does that count?

No

[Threni]

But I know if we were to implement some sort of security solution we'd go straight to Microsoft for a fairly priced product from a company with a proven track record of putting security first.

yes, yes we do

we use a Psycho Kinetic Interface on all our hardware. It has serious improved productivity, and the games are out this world.

Re:other PKI options

[this+great+guy]

(and don't run Windows for our infrastructure...well, unless you could Halflife as infrastructure).

Is your company currently searching for new talents ? I am quite good at this game. And Quake too. 5 years experience. Have managed team of 3+ player. I deserve this job !

Huh?

[TallMatthew]

You do get a tangible security benefit, in addition to doing switch port authentication, and VPN quarantines.

Switch port authentication? You don't need a certificate to authenticate someone plugging into your switch port. Just look at the dude and see you recognize him.

Although I guess we could pin our public keys on our shirts like nametags and walk around that way.