|
|
| Guide To Securing Intranet And Extranet Servers | |
|
|
|
Summary
Over the last four years, organizations have embraced
Intranets and Extranets enthusiastically. This is not surprising. Intranets and Extranets offer clear
cost savings and ease of installation compared with older leased line networks or WANS based on
proprietary technology. Furthermore, they enable highly productive and cost effective new ways of
working. Organizations can use Intranets and Extranets to distribute information more cost effectively
and in a more timely manner. They can use them to build a wide range of self-service applications that
help reduce administrative costs. And, they can use them to improve collaboration among employees across
the organization and with business partners.
As Intranets and Extranets have become more widely deployed, new security challenges have emerged. While
many organizations have deployed firewalls and access control technology to improve security, these
technologies leave many security issues unaddressed.
This guide will give an overview of the main security risks of deploying Intranets and Extranets and
will discuss the five fundamental goals of a security system: Privacy, Authentication, Content
Integrity, Non-repudiation, and Ease-of-use. The guide will also describe how an intelligently deployed
Public Key Infrastructure (PKI)system, based on the digital certificate technology, addresses
these security goals. Finally, the guide will give an overview of how VeriSign’s OnSite family
of products can help your organization quickly and effectively deploy a PKI.
The Growth of the Intranet and Extranet
Few technologies have been accepted as rapidly as Intranets within organizations. Virtually unknown
four years ago, Intranets are now ubiquitous. Analysts at Zona Research predict that the Intranet
market will exceed the Internet market by a ratio of 2 to 1 by 1999. Killen & Associates estimated
the market for Intranet software, equipment, and services in the US would exceed $20 billion by the
year 2000. Early in 1997, Booz Allen & Hamilton reported that nearly every member of the Fortune
500 had deployed an Intranet or was in the process of doing so.
Many of these organizations are now extending their Intranets to reach key customers and/or business
partners via Extranets. A 1998 survey of 1,400 chief information officers by market research firm RHI
Consulting showed that 38 percent of respondents expect the popularity of Extranets to "increase
significantly" during the next three years. Another 44 percent said they expect their popularity to
"increase somewhat" during the same period.
Figure 1: The Expanding Network
Benefits of the Intranet
and Extranet
The reasons for this growth are clear. Compared with earlier wide area networks (WANs) based on
proprietary technology or expensive leased lines, Intranets and Extranets are significantly easier and
less expensive to set up and operate. Intranets can offer organizations numerous operational
efficiencies, and, as a result, they can generate staggering returns on investment.
Where WANs required expensive leased lines, Intranets and Extranets allow users to communicate over
vast distances using inexpensive public Internet lines. When organizations tried to link local area
networks(LANs) over the WAN, diverse communications protocols (including ipx/spx, netbios, netbui, and
DECnet) often limited applications’ ability to talk to each other. By adhering to TCP/IP, the standard
Internet protocol, Intranets and Extranets make it easy for different computer systems within or even
outside an organization to speak to each other. Using the hypertext language and browser model of the
World Wide Web, Intranets provide users with tools that are graphic and easy to operate.
Once up and running, Intranets and Extranets reduce costs and improve operations in many ways,
including:
The sum total of these benefits can mean a staggering boost to an organization’s bottom line. A recent
article in the Intranet Journal cites dramatic returns on companies’ Intranet and Extranet investments.
For example, Lockheed Martin’s implementation of an Intranet gave a staggering 1,562 % return on
investment; Cadence, Inc. 1,766 %; and US West more than 1,000 %.
Industry Extranets show similar promise. For example, within the automotive and retail industries,
many companies are establishing Extranet-based supply chain networks, allowing real-time inventory,
order, and delivery information to be communicated between retailers, distributors, manufacturers, and
suppliers. This helps dramatically improve the ability of all organizations within the supply chain to
match the supply of goods for the demand of goods, while simultaneously decreasing inventories. This
improves efficiency, inventory management, and, ultimately, profitability throughout the entire supply
chain.
As the use of Intranets and Extranets has grown, so has the need for security. The TCP/IP protocols
and technology are inherently designed to be open. TCP/IP is a connectionless protocol; data is
broken up into packets which travel freely over the network, seeking the best possible route to reach
their final destination. Therefore, unless proper precautions are taken, data can readily be
intercepted and/or altered—often without either the sending or the receiving party being aware of the
security breach. Because dedicated links between the parties in a communication usually are not
established in advance, it is easy for one party to impersonate another party.
Figure 2: Expanding Networks Increase Possible Points of Attack
Figure 2 illustrates the growth in network complexity has increased the potential points of attack
both from outside and from within organizations. Fortunately, the methods of protecting against these
attacks have also expanded.
Two of the most common security precautions in use today are firewalls and passwords.
Passwords are designed to prevent unauthorized individuals from directly gaining access to sensitive
data stored on servers. Firewalls, by contrast, are designed to provide a perimeter defense mechanism,
preventing unauthorized individuals outside the organization from gaining access to sensitive data
inside the organization. According to a recent IDC study, virtually 100% of Fortune 500 organizations
have already deployed firewalls.
Despite their important role in network security and widespread adoption, firewalls provide only a
partial solution. As shown in Figure 2, perimeter defenses can do little to prevent against attacks by
insiders (e.g. disgruntled employees, contractors, or others). Passwords are also largely ineffective
against inside attacks. Most passwords are notoriously easy to guess; where passwords are not guessed,
they can often be discovered on sticky pads on employee’s computers or intercepted as they pass, in the
clear, over corporate networks.
Even when passwords are not guessed, or when more sophisticated access control methods are used, it is
important to note that access control alone can not ensure that information remains confidential. While
a good password system might prevent someone from directly entering a server to obtain confidential
information, passwords do not protect data as it passes "over the wire" between the server and the
client.
The same general problem applies to data that passes outside the firewall, between corporate
servers and branch offices, customers, suppliers, and remote employees. Any time that data is sent
between your servers and organizations outside your firewall, the data can be intercepted using
"sniffers." Hackers do not need to get "in" to your system, if you are sending data outside the
perimeter.
Types of Security Risks Encountered on an Intranet and Extranet Intranet and
Extranet security breaches can take a variety of forms. For example,
These are not merely theoretical concerns. While computer hackers breaking into corporate computer
systems over the Internet have received a great deal of press in recent years, in reality, corporate
insiders—such as employees, former employees, contractors working onsite, and other suppliers—are far
more likely to attack their own company’s computer systems over an Intranet. In a 1998 survey of 520
security practitioners in U.S. corporations and other institutions conducted by the Computer Security
Institute of San Francisco with the participation of the FBI, 44 percent reported unauthorized access
by employees compared with 24 percent reporting system penetration from the outside.
Such insider security breaches are likely to result in greater losses than attacks from the outside.
Of the organizations that were able to quantify their losses, the Computer Security Institute survey
found that the most serious financial losses occurred through unauthorized access by insiders, with 18
companies reporting total losses of $50,565,000 as compared with losses of $86,257,000 for the
remaining 223 companies that were able to put a dollar value on their losses. As organizations
increasingly install Intranets and Extranets, therefore, it is becoming critical for them to secure
these systems from inside attacks.
Figure 3: Average Losses from Various Types of Attacks
Source: CSI/FBI 1998 Survey of Computer Security
Goals of Intranet and Extranet
Security Systems Fortunately, there are a variety of techniques available to address these security holes within
Extranets and Intranets. Before choosing a particular technology, however, it is important to understand
the full range of issues that security systems should address:
This last goal is frequently overlooked. Organizations must not only develop sound security measures,
they must also find a way to ensure consistent compliance with them. If users find security measures
cumbersome and time consuming to use, they are likely to find ways to circumvent them— thereby putting
your Intranet and Extranet at risk. Organizations can ensure the consistent compliance to their
security policy through:
Certificates and PKI:
The Optimal Technology Solution for Achieving Your Security Objectives Figure 4. Public Key Infrastructure Provides Tools for Achieving Security Objectives
Fortunately, a set of technologies have been developed over the past fifteen years that are
particular well suited to meeting these five security goals. Broadly called Public Key
Infrastructure (PKI), this technology allows organizations using open networks, such as TCP/IP
Intranets and Extranets, to replicate or even improve on the mechanisms used to ensure security in the
physical world. Envelopes and secure couriers are replaced with sophisticated methods of data
encryption, which can ensure that messages are only read by their intended recipients. Physical
signatures and seals are replaced with digital signatures which, in addition to ensuring that
messages came from a particular entity, can also ensure that message was not altered by as much as one
bit during transit. Identity documents, such as passports, employee ID cards, and business licenses,
can be replaced with digital certificates (also known as Digital IDs). Finally, the various
mechanisms for centralized control, audit, and authorization, such as those provided by corporate
governance structures, industry boards, or trusted third parties such as accountants, can be replicated
in the digital world through the infrastructure used to managed encryption, digital signatures, and
Digital IDs.
What is a Digital Certificate
Understanding digital certificates is central to understanding public key infrastructure systems. A
digital certificate, also known as a Digital ID, is the electronic equivalent of a passport or
business license. It is a credential, issued by a trusted authority, that individuals or organizations
can present electronically to prove their identity or their right to access information.
When a Certification Authority (CA) such as VeriSign issues Digital IDs, it verifies that the owner is
not claiming a false identity. Just as when a government issues a passport, it is officially vouching
for the identity of the holder, when a CA gives your business a digital certificate, it is putting its
name behind your right to use your company name and Web address.
How digital certificates work
In physical transactions, the challenges of identification, authentication, and privacy are solved with
physical marks, such as seals or signatures. In electronic transactions, the equivalent of a seal must
be coded into the information itself. By checking that the electronic "seal" is present and has not
been broken, the recipient can confirm the identify of the message sender and ensure that the message
content was not altered in transit. To create an electronic equivalent of physical security, digital
certificates use advanced cryptography.
Cryptographic systems have been used to protect valuable information for thousands of years.
Traditionally, cryptographic systems have attempted to ensure security using some variant of the
secret key system. Secret key systems require that both parties in a communication scheme have a copy
of the same secret code or "key." When two people wanted to share information, the sender would
encrypt the information using his copy of the secret key. The recipient could decrypt the message only
by using her copy of the same key. If somebody intercepted the message, that person could not decipher
it without the key.
Despite their widespread use, secret key systems have several critical limitations. First, simply
transmitting the secret key poses risks, because the key can be intercepted in transit by unauthorized
parties. Second, if one of the sharing parties uses the key maliciously, that party can deny or
repudiate, the transaction. Alternatively, the malicious party can impersonate the sender, or can use
the secret key to decrypt other sensitive information. To prevent against this sort of attack,
organizations must require users to have different secret keys for each party with whom they
communicate. If an organization has a hundred people, literally millions of different secret keys will
need to be used to accommodate all possible combinations.
Digital certificates employ the more advanced public key cryptography system, which does not involve
the sharing of secret keys. Rather than using the same key to both encrypt and decrypt data, a digital
certificate uses a matched pair of keys that uniquely complement each other. When a message is
encrypted by one key, only the complementary key can decrypt it.
In public key cryptography systems, when your key-pair is generated, you keep one key private. This key
is called the "private key," and nobody other than you, as the rightful owner, should ever have access
to it. However, the matching "public key," can be freely distributed as part of a digital certificate.
You can share your digital certificate with anyone, and can even publish your certificate in
directories. If someone wants to communicate with you privately, they use the public key in your
digital certificate to encrypt information before sending it to you. Only you can decrypt the
information, because only you have your private key.
Figure 5. Encrypting Information Using Digital Certificates
Conversely, you can use your key pair to digitally sign a message. To sign a message, you simply
encrypt the message with your private key. The message can be decrypted using the public key contained
within your certificate. While many people have access to your certificate, only you could have signed
the message, because only you have access to your private key.
A digital certificate is a binary file. Your digital certificate contains your name and your
identifying information along with your public key-- it tells correspondents that your public key
belongs to you. Digital certificates generally also contain a serial number, an expiration date, and
information about the rights, uses, and privileges associated with the certificate. Finally, the
digital certificate contains information about the certificate authority (CA) who issued the
certificate. All certificates are digitally signed using the private key of the Certificate Authority.
(Generally, the Certification Authorities’ own certificate (called a root certificate) is widely
deployed in software packages, allowing people to seamlessly identify legitimate certificates issued
by the certification authority.) If the CA maintains good security protection of their private key, it
is virtually impossible for anyone to forge a digital certificate.
It is important to note that certificates are not only issued to individuals. Organizations, as well
as entities such as servers and routers, can also be issued certificates.
Figure 6. Secure Communications Using Certificates
Digital certificates meet your security objectives Given the ease and versatility of
PKI, security technology based on Digital Certificates has been deployed widely over the past several
years. These widely used security protocols include:
The following table provides a summary of how these various protocols can be deployed in securing your
Intranet or Extranet.
Figure 6: Security Protocols for Various Types of Secure Communications
The Central Role of the
Certificate Authority
Requirements for CA’s: Technology, Infrastructure, and Practices Deploying a
successful Public Key Infrastructure requires looking beyond technology. As you might imagine, when
deploying a full scale PKI system, there may be dozens or hundreds of servers and routers, as well as
thousands or tens of thousands of users with certificates. These certificates form the basis of trust
and interoperability for the entire network. As a result, the quality, integrity, and trustworthiness
of a public key infrastructure depends on the technology, infrastructure, and practices of the
Certificate Authority who issues and manages these certificates.
Certificates Authorities have several important duties. First and foremost, they must determine the
policies and procedures which govern the use of certificates throughout the system. These policies and
procedures are generally encapsulated in a document called a Certification Practices Statement (CPS).
A CPS will generally determine how the CA fulfills the following duties:
Figure 7: The Role of the Certificate Authority
As the leading provider of certificates and certificate-based services, VeriSign helps meet these
requirements in two different ways. First, VeriSign itself serves as a Certificate Authority for
the Internet. Second, VeriSign has a broad range of solutions to allow other organizations to
establish themselves as Certificate Authorities for their Intranets and Extranets.
VeriSign as the Internet’s CA
As the Certificate Authority for the Internet, VeriSign has issued over 3,000,000 Digital IDs to
individuals for use in identifying themselves on the Internet and in sending signed and encrypted
e-mail. VeriSign has also issued more than 75,000 IDs for use on servers, which enable people to
conduct secure and authenticated e-commerce and other forms of communication with those servers. The
Public Key Infrastructure that VeriSign has helped establish for the Internet will secure billions of
dollars in transactions this year. In order to maintain the trustworthiness of this commerce,
VeriSign has invested heavily in its own infrastructure and practices, as summarized in Figure 8.
VeriSign has published the industries leading Certification Practices Statement, available on line at
www.verisign.com/repository. VeriSign is regularly
audited by a professional accounting firm to ensure compliance with this CPS and all certificate
issuance and management takes place within a 5-tier military grade secure facility, by employees who
have undergone rigorous background checks. As an example of this security, all VeriSign CA private
keys are stored using the same technology that is used to protect nuclear missile codes. To build the
acceptance of the PKI, VeriSign has gone to great lengths to ensure that its CA public keys are
embedded in all of the major browsers, servers, and other applications. VeriSign has also worked with
legislatures around the world to promote the legal acceptance of digital signatures and digital
transactions. Finally, to promote trust, VeriSign introduced the NetSure ™ program, which backs
each VeriSign Server IDs with $100,000 of coverage against theft, loss, or impersonation.
Figure 8: VeriSign’s Technology, Infrastructure, and Practices
Establishing the PKI for your Intranet or Extranet
When your organization looks to establish its own Public Key Infrastructure, it is important that
you be able to establish a high quality set of technology, infrastructure, and practices. While there
are several products on the market today that purport to offer stand-alone solutions for generating
and managing certificates, these "software-only" solutions can at best offer only the technology that
is needed for a robust PKI. As a result, an independent study by the Aberdeen group recently concluded
that organizations buying off-the-shelf certificate software solutions end up spending $1M-$11M to
hire the personnel and build the surrounding infrastructure and practices necessary for a complete
solution
By contrast, VeriSign OnSite offers a more cost-effective and practical solution, called VeriSign
OnSite. . As indicated in Figure 9, OnSite allows your organization to leverage VeriSign’s
existing infrastructure and practices. Your organization maintains complete control over the front-end
functions—determining who gets certificates, whose certificates get revoked, etc. However, all of the
back-end functions of generating certificates, managing security, maintaining systems, backing up data,
auditing security, etc. is handled by VeriSign within VeriSign’s secure facilities.
Figure 9: The VeriSign OnSite Solution
How OnSite Works
VeriSign OnSite consists of customized end-user enrollment Web pages, administrative control and
management of Web pages, and a certificate directory distribution service. End users interact with
customized, Web-based enrollment forms to request and receive their certificates. These forms support
the latest browsers from Microsoft and Netscape, as well as a rapidly growing list of other networked
software products. The enrollment forms, along with the other lifecycle Web pages, can be hosted at
the customer’s site or optionally by VeriSign.
Administrators utilize a second set of Web pages to control user authentication, to approve
certificate requests and renewals, to revoke certificates, to view reports on CA activity, and other
management tasks. Administrators are authenticated before they access the system, using specialized
certificates and VeriSign-provided smart cards and readers.
VeriSign OnSite also includes a complete certificate directory and the ability to interface that
directory with a customer’s corporate directory in a number of ways. A customer can choose to have
VeriSign download certificate information directly into their LDAP-compliant directory, or they can
periodically fetch that information from VeriSign and integrate it with their directory themselves.
All of the computer and telecommunications infrastructure, cryptographic software and hardware,
and on-going key management services required is hosted and operated by VeriSign in our highly secure
Operations facilities. In addition, for customers desiring the easiest possible solution, VeriSign
can host all of the necessary Web pages. Customers seeking more control over, or full customization
of, their pages can host them locally with a minimum of effort.
OnSite Benefits
OnSite benefits include:
Figure 10: High Level Result from Aberdeen cost of ownership study
When deploying Security for your organization, VeriSign recommends you proceed in the following
stages:
Deploying SSL across your Intranet and Extranet Servers
Digital certificates allow Intranet and Extranet servers to implement the Secure Sockets Layer (SSL)
protocol, the standard technology for secure Web-based communications. SSL support is built into
virtually all web server software. To enable this server security, though, you must install a digital
certificate on your Web server
Figure 11: A Sample Secure Server ID
Figure 11. shows a typical digital certificate for a server. As you will note, certificates are
issued to a particular web address (in this example: banking1.wellsfargo.com) run under the auspices
of a particular, legally incorporated organization (in this example: Wells Fargo Bank of San Francisco,
CA). The certificate contains a serial number, and expiration date, various cryptographic extensions
and, of course, the public key for the web server. The certificate is then signed with the private key
of the CA who issued the Certificate. (Note: Most Secure Server IDs are signed with the private key of
VeriSign’s parent company, RSA Data Security, Inc.)
Together with SSL, Digital certificates secure Intranet communications through:
Figure 12 shows the technical detail of what happens during an SSL session.
VeriSign Solutions for Implementing SSL
VeriSign offers a range of solutions that meet the needs of organizations wishing to secure their
Intranet and Extranet applications.
Retail Certificates
Organizations requiring certificates for just a handful of servers can obtain their certificates
directly from VeriSign. VeriSign offers a full set of lifecycle services for these Secure Server ID
customers.
As of September 1998, VeriSign has issued more than 75,000 Server IDs had been issued, to
organizations across the retail, health care, education, automobile, government, and manufacturing
industries. 95 of the Fortune 100 companies and all of the 20 leading e-commerce sites on the web
use a VeriSign Secure Server ID to secure communications and transactions. You can secure your
servers one-by-one by obtaining Secure Server IDs for them from the VeriSign website
(www.verisign.com/server)
OnSite
Organizations that wish to secure 10s or 100s of secure Intranet or Extranet servers across
multiple departments or geographic regions will want to consider VeriSign’s Server OnSite. OnSite
for Secure server IDs provides organizations with an easy way to manage the issuance, renewal,
revocation, and usage of Server IDs. Using the OnSite model discussed above, organizations can
request, approve, and install their certificates in minutes, providing the utmost in flexibility.
Furthermore, because Server OnSite allows organizations to order multiple Server IDs for multiple
servers, you can avoid multiple Purchase Orders and expiration dates. (For more information, please
visit www.verisign.com/serveronsite).
Next Steps: Using Client IDs and
VPN IDs
Since SSL does not require that the client have a certificate, some organizations initially limit
access to servers using passwords. However, many organizations find that assigning Digital IDs to end
users provides a much better long-term solution. Your organization can centrally administer the
issuance, revocation and renewal of Digital IDs. Unlike passwords, you can use Digital IDs to enable
document signing, secure e-mail, and other useful applications. In addition, you can easily augment
the web servers that have been configured for SSL using Server IDs to require Client IDs for end-user
authentication.
Over the next year, organizations deploying Extranets may also wish to consider the use of VeriSign
OnSite to deploy that enable the IPSEC protocol within Virtual Private Networks (VPN’s). IPSEC enables
secured, authenticated communication between routers and firewalls.
As your organizations moves to Intranet and Extranet solutions, you will need to be careful to
ensure that your organization implements a robust security solution. Industry standards solutions
based on Public Key Infrastructure can provide a framework for ensuring that the goals of privacy,
authentication, content integrity, non-repudiation, and ease of use. To implement a proper PKI
requires, however, that your Certificate Authority function is implemented with the highest quality
technology, infrastructure, and practices.
VeriSign PKI solutions have allowed hundreds of organizations across multiple industries to quickly
and effectively deploy PKI solutions. In particular, VeriSign’s OnSite solution allows your
organization to gain the benefits of a full-scale PKI at a fraction of the normal cost and investment,
by leveraging VeriSign’s existing technology, infrastructure, and practices.
As a first step, VeriSign recommends securing all of the servers within your Intranet and Extranet
with Server IDs and the SSL protocol. This can be done quickly and efficiently using VeriSign’s
OnSite for Server ID product. This product provides organizations with large numbers of Intranet and
Extranet servers the utmost control over the issuance and management of these servers in a way that
is easy to use, rapid to deploy, and relatively inexpensive to operate.
To learn more about VeriSign’s OnSite for Server ID solutions, you may obtain trial certificates,
white papers, data sheets, and pricing information at
www.verisign.com/onsite/server
To speak to a VeriSign account representative, please call 650-429-3522
For more information about VeriSign’s OnSite offerings for Client IDs and VPN’s, visit
www.verisign.com/onsite
Finally, to schedule an in-depth security assessment for your company, please visit VeriSign’s
newest subsidiary, SecureIT, at www.secureit.com. This group of 40
professional security consultant can help you organization develop its long range security plans.
VeriSign OnSite Secures Pyxis Automated Medication Dispensing System
More than 10 years ago, San Diego-based Pyxis Corporation pioneered a new product category in
healthcare—automated medication dispensing—which enables pharmacies and hospitals to streamline the
process of distributing medications and medical supplies. One of Pyxis’ products is the MEDSTATION
System 2000 Rx System, which Pyxis operates on a turnkey basis for nearly 2,500 customers.
Pharmacists stock the MEDSTATION with the medications required by patients in a particular area of
the hospital. By logging onto the MEDSTATION with a secure password, nurses assigned to that area
can access a patient file detailing the medications and dosages that patient is to receive. The
MEDSTATION then physically dispenses the medication and tracks the medications the patient has
received for billing purposes.
Recently, Pyxis added a new module to the system that keeps track of medications for patients who
come into the hospital unconscious and unidentified—once the patient is identified, his or her
record is sent to the main MEDSTATION database. This new module, which resides on a server called
Procar, can be accessed from desktop workstations equipped with a browser. Communications between the
workstations and Procar are secured with digital certificates using VeriSign’s Onsite. "Since we knew
that for some time, our application would be used only on the hospital’s on-premises Intranet, we were
tempted to build it to run in that highly secure environment. But then we thought, ‘wouldn’t it be
nice for pharmacists to eventually be able to dial in and access the system from home.’ So we built in
the maximum security we would get for a Web enabled application," says James H. King, Pyxis’ Director
of Interface Development.
Pyxis selected VeriSign Onsite for its digital certificates says King, "Because of the volume of
digital certificates we needed. We plan to deploy 500 of these systems in the next 12 to 18 months, so
OnSite’s volume certificate issuing features were an attractive feature, trying to acquire those one
by one takes too long. We also got a big volume discount."
In the future, Pyxis has even bigger plans for Onsite. Pyxis plans to use the Procar server as a
gateway between the hospitals main patient database and a new data warehouse that will provide online
analytical processing. The new system will allow hospitals to access that data warehouse through a Web
enabled application. And VeriSign Onsite’s digital certificate’s will be there to secure it.
Deere & Company Secures Intranet with VeriSign OnSite
Deere & Company of Moline, Illinois is the world’s leading provider of agricultural equipment and
a major producer of equipment for a wide range of industries. The company also provides financial
services such as credit, insurance, and managed health care plans. With 35,500 employees and offices
in 160 countries, Deere & Company’s total sales and revenues were $12.79 billion in 1997.
Deere & Company uses OnSite to secure its Intranet systems because, says Farhan Ahmed Siddiq, a
consultant at Deere, "For information about salary and benefits that we would not want employees to
get unauthorized access to, personal IDs and passwords do not provide enough security. A network
administrator could put a network sniffer on the wire and start sniffing to get that information. SSL
provides encryption to prevent a sniffer from deciphering confidential information."
The company uses VeriSign OnSite for Secure Server IDs to issue and manage the Digital certificates
that enable SSL on its Intranet systems because VeriSign offers the most complete solution on the
market. "We wanted to be able to issue certificates quickly and have more control over them,"
explains Siddiq. "Previously, requesting certificates introduced a lag time of about a week, as POs
were cut, and so on. It was a hassle. Using VeriSign Onsite lets us manage the certificates ourselves.
And since we request a couple of certificates every week, it made sense to purchase them in bulk."
|
