Archive - November 2000
A Certified Lack of Confidence: The Threat of Rogue Certificate Authorities
For more than a decade, computer generated digital certificates have made it possible to authenticate the identity of computer systems, data, and web sites by connecting a public key with an identity such as an owner’s name. The process relies on trust. “Secure” websites utilize such a certificate to validate their identity. This digital certificate is usually procured from a company that will verify the identity of the company administrating the site. The digital certificate issued to them will be validated by a trusted root certificate authority or by a server that is trusted by the trusted root. This chain of certificates is called a certificate hierarchy. A small group of trusted certificate authorities is installed on computers within the operating system. These authorities include such names as Equifax, VeriSign and Thawte. So what happens when the system breaks down?
Achieving High Availability with Change Management
Eric Vanderburg
Change management is a key information security component of maintaining high availability systems. Change management involves requesting, approving, validating, and logging changes to systems. This process can bring significant benefits to an organization. Namely, it can strengthen the decision making ability of an organization by training personnel to fully think on and evaluate changes before they are made and it provides a knowledge base of past changes and the lessons learned from situations.
Developing a Virtualization Security Policy
Eric Vanderburg
Since many organizations are rapidly virtualizing servers and even desktops, there needs to be direction and guidance from top management in regards to information security. Organizations will need to develop a virtualization security policy that establishes the requirements for securely deploying, migrating, administering, and retiring virtual machines. In this way a proper information security framework can be followed in implementing a secure environment for hosts, virtual machines, and virtual management tools. This article is part two of a series on virtualization. The previous article was titled “Critical security considerations for server virtualization.”
