Difference between revisions of "Wild Card Certificates"
From MgmtWiki
(→Problems) |
(→Solutions) |
||
| Line 11: | Line 11: | ||
==Solutions== | ==Solutions== | ||
Most security solutions are not formulated as principles to adhere to but as checklists of things that developers must do or must avoid and so are written as heuristics that have proven valuable in the past to preventing loss. The following should be viewed as heuristics in that vein. | Most security solutions are not formulated as principles to adhere to but as checklists of things that developers must do or must avoid and so are written as heuristics that have proven valuable in the past to preventing loss. The following should be viewed as heuristics in that vein. | ||
| − | # View all the computers using the same certificate as operating in a secured enclave with the same security rules applied to every computer and every service within that enclave. While there is another heuristic that claims that security perimeters | + | # View all the computers using the same certificate as operating in a secured enclave with the same security rules applied to every computer and every service within that enclave. While there is another heuristic that claims that security perimeters no longer can be trusted, that heuristic cannot be applied to computers and services that depend on the same certificate. Otherwise the security of all can be compromised by the weakest security server in the enclave. |
==References== | ==References== | ||
Revision as of 15:57, 5 November 2021
Wild Card Certificates
Wild Card Certificates allows servers with different URLs, but the same origin to use the same security certificates.
Context
Web servers use digital certificates to establish a connection between the server and the user's computer also called the client computer, that is secure against a variety of attacks by malicious actors with a variety of motives.
Problems
- Acquiring and maintaining certificates and secured servers is an expensive and time consuming process. Such security is not put there to gain customers but to protect the providers from losses of both money and disgruntled customers.
- Mixed security sites allows both HTTP (unsecured) and HTTPS (secured) connections for a variety of good reasons including redirection of all traffic to a secured connection.
Solutions
Most security solutions are not formulated as principles to adhere to but as checklists of things that developers must do or must avoid and so are written as heuristics that have proven valuable in the past to preventing loss. The following should be viewed as heuristics in that vein.
- View all the computers using the same certificate as operating in a secured enclave with the same security rules applied to every computer and every service within that enclave. While there is another heuristic that claims that security perimeters no longer can be trusted, that heuristic cannot be applied to computers and services that depend on the same certificate. Otherwise the security of all can be compromised by the weakest security server in the enclave.
