Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam...
-
Upload
darren-moore -
Category
Documents
-
view
213 -
download
0
Transcript of Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam...
Best Practices in Deploying a PKI Solution
BIEN Nguyen Thanh
Product Consultant – M.Tech Vietnam
Agenda
About RSA
Business Drivers
Implementation Considerations
Technology Considerations
Project process
PKI enabled applications
About RSA
RSA, The Security Division of EMC
EMC is the world leading information infrastructure company
enabling organizations to bring the power of their information to life
RSA is the world leader in securing information infrastructure ensuring that information is always an
asset and never a liability
AddIntelligence
Virtualize& Automate
StoreProtect
Information
RSA Security Leadership
Inventors of RSA algorithm
1st
yearlegacy
25+
organizationsprotected
35K +
phishing attacks shut down
175K+
250M +
online identities protected
1B +
productsshipped with RSA
BSAFE® encryption
World’s Largest
information security industry
event
yearlegacy
25+
Business Drivers
Business Drivers
Organizations leverage e-business to:• Enable users to access information
• Improve relationships with customers, suppliers, partners…
• New/enhanced revenue generation opportunities
• Reduce costs
• Enhance compliancy
Big question: “How can we do this securely?”
e-Business TransformationUnlocking the Potential of e-Business
Trusted e-business require parties to know:• Who they are doing business with
• Communications are confidential
• Transactions cannot be altered in transit
• Support for non-repudiation is available
Implementation Considerations
Implementation Considerations
Setting up a PKI• Long process
• Mainly organisational and business
Establishing a PKI service• Business cases
• Business drivers
Implementing the CA• Secure and highly available infrastructure
• Operations team to support 24*7*365
PKI-enabled applications
Technology Considerations
RSA Digital Certificate ManagementProducts & Solutions
Products
RSA Certificate Manager • Industry leading CA
RSA Validation Solution• Ensure high-levels of trust &
protection for organizations
RSA Root Signing Service
Solutions
Web Server SSL• Enables cost effective trusted
server authentication
Secure Digital Signing• Enables trusted transactions and
communications for streamlining processes
Secure e-Mail• Enables trusted messaging for
streamlining processes
Secure VPN• Cost effectives, easy to use strong
authentication of users and devices
RSA Digital Certificate Management Components
User
RSA Certificate Manager
RSA Key Recovery Manager
Web Server
RSARoot Signing Service
RSA Validation Clients
RSA Validation Manager
RSA Registration Manager
RSA Keon Root Signing Service
RSA Root Signing ServiceExtending the Value of Digital Certificates
Company ABC End User Browser
Company ABC Certificate Authority
External Business Partner
Actions Invisible to the End User
End User Certificate
Signed e-Mail / Web transaction
RSA Key Recovery Manager“m of n” Collaborative Encryption Key Recovery
RSA Certificate Manager
RSA Key Recovery Manager
Smart Cards
nCipher HSM
Key Recovery Mgr
Key Recovery Operators
Key Recovery Server
Other considerations
Infrastructure• Secure network
• Operating platforms (Windows/Solaris systems)
• System LDAP
• Public LDAP
• RA Stations
Secure computer centre
Systems and security monitoring
RSA BSAFE
Cryptographic toolkits• Java
• C / C ++
Project Process
Business Project set-up
Define project organisation • Business control
• Security
• Operations
• Administration
Define RSA project organisation
Define organization business cases, operational processes, etc.
Business Discovery and Analysis, Planning
Requirements collection and analysis• Business
• Information Security
Project planning• PKI operations department
• Processes and policies development
PKI project set-up
Requirements collection • Infrastructure/CA/RA
• IT Security
Project planning• PKI operations
• Processes and policies
• WebTrust
Solution design
Architecture• Systems
• Infrastructure
• Security
Physical Security
Development
Test plan and test cases
Policies and Processes• Information Security
• CP & CPS
• Operations
Pre-Production Infrastructure
Installation of test system
System and integration testing according to test plan
System documentation
Test run
Production Infrastructure
Installation of production system
Testing according to test plan
WebTrust
Boot strap
Root sign
Pilot
PKI-enabled Applications
PKI-enabled Applications
Using PKI with existing and new applications
Digital Signatures and Document Security
PKI-enabled Applications
PKI-enabled Applications
Thank you!