The decision to use an Internet Certificate Authority (CA) or to create a private CA depends on several factors. These factors include whom you want to have access to your intranet and how secure you want to keep your data.
The following scenarios depict different approaches to regulating access to your company's intranet.
Scenario 1: Using public digital certificates for public access to internal resources
Public certificates are certificates that are issued by a well-known Internet CA. Using public digital certificates to allow access to your corporate intranet is a practical choice under the following conditions:
If you work for an insurance company, for example, you might be responsible for maintaining different applications on your company's Intranet site. One particular application for which you are responsible is a rate-calculating application that allows agents to generate quotes for their clients. Although this application is not highly sensitive, you want to make sure that only registered agents can use it. Further, you do not trust the security that passwords provide because different agents can share them with each other.
To deal with this situation, you can require the agents to obtain a certificate from a known and trusted CA. Once he or she obtains a certificate, an approved agent can visit your company's Intranet site and request access to your rate-calculating application. Your server can then approve or reject the request. If your server approves the request, the agent is given access to the application.
Scenario 2: Using private digital certificates on an intranet
Using private (local) digital certificates on your intranet is a practical choice for your corporate intranet under the following conditions:
If you work for a large corporation, your human resources department is probably concerned with such issues as legal matters and privacy of records. Further, you realize that passwords are an inadequate method of protecting such sensitive data. After all, people can share, forget, and even steal them.
Therefore, you decide to set up a private CA and issue certificates to all employees. This allows for the authentication of users, the signing of information, and the encryption of e-mail. Ultimately, by issuing certificates yourself, you have increased the probability that your data remains secure.
The security that certificates provide is not limited to protecting your data from outside threats. You can also use certificates to restrict the access of certain employees to specific data as well. For example, you can use certificates to prevent software developers within your company from accessing the human resource records in the prior scenario. They can also prevent technical writers from using high-level, management applications. You can effectively use certificates to restrict or facilitate access across your entire network.
| [ Information Center Home Page | Feedback ] | [ Legal | AS/400 Glossary ] |