PKI Security In The New Extranet Marketplace.Like a gold rush, electronic commerce promises hidden riches. Forrester Research Forrester Research is an independent technology and market research company that provides its clients with advice about technology's impact on business and consumers. Corporate facts
Address: Connecticut, USA. predicts that companies will spend $9 billion a year on systems to enable this commerce. Many companies have begun using the Internet to cut business-to-business costs, add services and value to transactions, and build and retain strategic relationships. To achieve its full potential, however, e-commerce must deliver the same levels of privacy, integrity, and trust that traditional business practices enjoy. Furthermore, online business processes using the Internet must mirror the binding, contractual qualities of existing paper processes. Several security technologies have been applied to e-commerce to secure transactions: passwords, firewalls, and Virtual Private Networks (VPNs) all contribute to partial online success (Fig 1). Yet only the recent developments of digital certificates and secure extranets permit companies to conduct online business as safely as if it involved traditional paper. When remote communications (1) Communicating via long distances. (2) See remote control software. policies were introduced, corporations initially played a defensive game. Remote users proliferated and local users wanted email access to the outside world. Corporations, therefore, looked at their internal operations and asked, "How do we defend our employee desktops, company files, and internal operations from intrusions? How do we protect our enterprise-centric world from viruses, hackers, and thieves?" The defensive answer was flrewalls--a hardware and software buffer between an internal corporate network and external users. Corporate intranets use firewalls, Personal Identification Numbers (PINs), and passwords to block unauthorized remote users. These methods are not fully secure for several reasons: they do not offer a strong proof of identity, they do not provide a comprehensive audit trail of user activities, and they are easily lost, shared, or stolen. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. one study, 40 percent of all help desk calls involve lost or forgotten PINs/passwords--a lot of overhead for a system with incomplete security. Corporate intranets also posed business problems. Corporations wondered if they were being too defensive to take full advantage of the Web. Might companies profit from an offensive, e-commerce strategy that welcomed outsiders--customers, suppliers, and partners--into internal systems? Might online business processes--that is, changing internal systems from static and protected to dynamic and open--be more efficient? Extranets And VPNs Extranets use the Internet to take business--and the internal systems that support business--online. Extranet users ideally have access to company systems that reflect their involvement in the company's business such as paying invoices, placing orders, or collaborating on product designs. With such important information being placed online, extranets ought to be secure. Security, however, initially took a back seat to economy as companies fashioned e-strategies. Businesses looked for a way to replace costly private leased lines A private communications channel leased from a common carrier. Most digital lines require four wires (two pairs) for full-duplex transmission. (communications, networking) leased line with the public Internet. If they could achieve the same level of security available with passwords and leased lines by using the public network, they were saving money and making progress. Hence, Virtual Private Networks (VPNs) were born. VPNs offer a rudimentary rudimentary /ru·di·men·ta·ry/ (roo?di-men´tah-re) 1. imperfectly developed. 2. vestigial. ru·di·men·ta·ry adj. 1. extranet. They use an assortment of protocols to encrypt See encryption. a private path for business over the Internet. The VPN (Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. path is so much cheaper to use than the dial-in technology of leased lines that some companies estimate they save between $1,000 and $2,000 per employee per month with a VPN. Information exchange across a VPN, however, is only protected as long as businesses control both ends of the path. Organizations using either leased lines or a VPN, therefore, take a risk: they trust remote users not to pry into a corporate database where they don't belong and not to edit data inappropriately. Businesses are eager, therefore, to take e-commerce security to a higher level. What makes an extranet truly secure is a set of technologies that implements trust. This business trust--traditionally implemented by paper documents--is characterized char·ac·ter·ize tr.v. character·ized, character·iz·ing, character·iz·es 1. To describe the qualities or peculiarities of: characterized the warden as ruthless. 2. by four elements: * Data confidentiality and integrity * Finely grained access control * Audit trails * Non-repudiation, or the guarantee that once a transaction occurs, neither the originator Originator A bank, savings and loan, or mortgage banker that initially made a mortgage loan that is part of a pool. Also, an investment bank that has worked with the issuer of a new securities offering from the beginning and is usually appointed manager of the underwriting nor the recipient of the transaction can deny that it took place. These elements are available through digital certificates. Chosen at first by institutions with high-level security needs such as governments and banks, digital certificates are becoming more popular as a broad range of businesses seeks Internet security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. . The digital certificate is a passport to the extranet. Installed in a browser browser Software that allows a computer user to find and view information on the Internet. The first text-based browser for the World Wide Web became available in 1991; Web use expanded rapidly after the release in 1993 of a browser called Mosaic, which used or on a smart card, a digital certificate authenticates the certificate holder. These certificates extend extranet access and authority to users based on their roles and business privileges, while the certificates ensure confidentiality and integrity of the data that users send, receive, and access. Digital certificates use a Public Key Infrastructure (PKI (Public Key Infrastructure) A framework for creating a secure method for exchanging information based on public key cryptography. The foundation of a PKI is the certificate authority (CA), which issues digital certificates that authenticate the identity of ). The most robust security technology established to date, a PKI is a collection of Internet technologies that manage mathematically related public and private keys and digital certificates. Within a PKI, a Certificate Authority (CA) issues digital certificates in the same way the Department of Motor Vehicles In the United States of America, Department of Motor Vehicles (or DMV) is a commonly used name of the government agency of a U.S. state which administers the registration of automobiles (e.g., by issuing license plates), and/or the licensing of drivers (e.g. issues legal documents authenticating both institutions and individuals. Certificate-based authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. offers greater data confidentiality and integrity than regular PIN/password systems because its algorithms would take even the most sophisticated hackers years to crack. Digital certificates improve upon VPN-based access control by granting users access that can be as particular as reading one file. Digital certificates also offer the security of audit trails. Audit trails tell network managers who is doing business on the network and what users are doing. Unlike VPNs, which may offer some level of audit trails, digital certificates support the following kind of record: John Smith from Company X accessed the site of Company Y at 9:40 a.m. on Monday, September 13th. Smith read Company Y files 1,2, and 3, and updated Company Y files 4 and 5. Because Smith's digital certificate does not authorize To empower another with the legal right to perform an action. The Constitution authorizes Congress to regulate interstate commerce. authorize v. to officially empower someone to act. (See: authority) him to read or modify files other than 1-5, Company Y's data and processes are protected (Fig 2). The data integrity, access controls, and audit trails provided by digital certificates are not available through firewalls, passwords, and VPNs. But digital certificates contain another critical feature for online commerce: the digital signature. A digital signature allows business partners to sign binding documents electronically, while it prohibits unauthorized parties from becoming involved. Benefits Of A Secure Extranet Secure extranets also offer additional benefits aside from essential security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security . These include the ability to: * Cement business relationships by giving trading partners online access to important transactions, business processes, and information. * Increase profitability and competitive advantage by managing mission-critical knowledge in the most timely, cost-effective manner. * Preserve the integrity of physical-world processes and bind transactions online with signing capabilities and audit trails. * Manage security risks through data confidentiality and integrity. * Identify online partners and customers irrefutably. * Increase satisfaction among clients and trading partners by providing enriched usability and service. * Implement an e-commerce strategy through a tested, open, security platform that grows with a client base. Secure extranet applications will continue to redefine Verb 1. redefine - give a new or different definition to; "She redefined his duties" define, delimit, delimitate, delineate, specify - determine the essential quality of 2. the electronic marketplace. They will safeguard the transfer of electronic funds, preserve the confidentiality of medical records, exchange confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job" steer, tip, wind, hint, lead between vendors and suppliers, and protect classified government information. As more organizations employ secure extranets, virtually anything that can be done face-to-face and with pen and paper will be possible to do online. Peter J. Hussey is the president of GTE GTE General Telephone & Electronics GTE Génie Thermique et Énergie (French) GTE Gas Turbine Engine GTE Global Tropospheric Experiment GTE Geothermal Energy GTE Gas Turbine Efficiency plc (Sweden & USA) CyberTrust (Needham Heights, MA). |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion