Introduction
Compound business applications, e-commerce, and transaction automation demand tough and accurate security procedures. Corporations employing the Internet as a means to carry out business operations can be more productive and successful if their decisions uphold the requirements of security-conscious consumers. At present Internet, consumers insist on strict security protocols to safeguard their welfare, privacy, interactions, and resources.
Public key cryptography facilitates security aspects like privacy, reliability, validation, and non-repudiation. Nevertheless, to effectively implement such security factors, a carefully drafted management plan is required to monitor the security infrastructure. The public key infrastructure (PKI) provides a keystone, based on which other systems, modules, applications, and security components are developed. A PKI is an indispensable element of the general security policy which is aligned with other security aspects, business operations, and risk management initiatives. (Conklin, 2004)
In this document, we look at the issues which require attention when deciding on whether the PKI infrastructure should be provided by in-house facilities or commercial services.
Discussion
The Public Key Infrastructure (PKI) involves a set of computer hardware, software, personnel, strategies, and required to generate, control, store, allocate, and validate digital certificates. It links cryptographically generated public keys with user identities through a certificate authority (CA). This linkage is ascertained through the registration and issuance procedure. The PKI functionality that warrants this linkage is known as the Registration Authority (RA). In some cases, the expression trusted third party (TTP) is synonymous with a certificate authority (CA). (Rothke, 2005)
When a corporation’s network security necessities require them to use digital certificates for transactions, then it has to decide from where to procure the certificates. The certificates may be purchased from a commercial or third-party certificate authority like VeriSign or Thawte, or instead, an in-house facility may be set up to issue one’s certificate. The three primary issues when deciding on whether to set up an internal PKI or use commercial PKI are cost, liability, and repute. (Conklin, 2004)
For a medium-sized enterprise, like in this case, an external commercial PKI is highly recommended for reasons discussed in this paragraph. Procuring a large number of certificates from a commercial provider can be a costly issue wherein an in-house facility could cut costs. However, in this case, where only a few certificates are to be issued a commercial facility is a much more feasible option. Secondly, in case there is a disaster such as data loss or system failure the liability is owned by the certificate issuer. Thus, implementing risk management frameworks to deal with such a crisis is a painstaking and costly affair. For an in-house facility, such frameworks have to be designed by a dedicated team. Hence, employing the services of a commercial provider is a better choice for a medium-sized company.
Lastly, a dedicated commercial provider is better known and their reputation is much higher throughout the markets. Consequently, the level of trust, in the case of a commercial outfit is much higher than its in-house counterpart. Thus more customers would be assured to use the system if it is warranted by a reputed commercial provider. (Rothke, 2005)
To protect a wireless network and enhance security measures the following measures should be in place
- The default values of the System ID called the Service Set Identifier (SSID) or Extended Service Set Identifier (ESSID) should be changed.
- Identifier Broadcasting should be disabled.
- Wi-Fi Protected Access (WPA) encryption standards must be met.
- Hardware, as well as Software Firewalls, needs to be installed.
- Anti-hacking tools need to be installed in the systems using wireless connectivity as a last line of defense. (Conklin, 2004)
Conclusion
Medium-sized companies like in this case should prefer a commercial PKI over an in-house approach as it decreases costs, transfers the liability, and takes advantage of the repute and level of trust enjoyed by dedicated commercial service providers. In addition, wireless networks must be secured by following a strict, understandable, and clearly communicated policy and ensuring that basic security measures are in place.
References
Conklin, A. (2004). Principles of Computer Security: Security and Beyond. NY: McGraw-Hill Technology Education.
Rothke, B. (2005). Computer security: 20 things every employee should know. NY: McGraw Hill Professional.