问题描述
我的任务是为命令行软件开发 Intranet 界面,现在我正在研究安全选项.我们的命令行应用程序已经完成,但我还没有开始编写 Web 界面.我不确切知道潜在客户的安全要求是什么,尽管我相信 ssh
通常对于命令行界面是可以接受的.考虑到这一点,我请求帮助开发一个包含相关优缺点的选择菜单.有一天,我们可能会考虑将我们的 Web 界面发布到互联网上,所以如果它简单且/或免费,我愿意考虑比目前所需的更多安全性.
I've been tasked with development of an intranet interface for command line software, and now I'm researching security options. Our command line application is finished, but I haven't started writing the web interface. I don't know exactly what the security requirements are for potential customers, although I believe ssh
is generally acceptable for the command line interface. With this in mind, I'm asking for help developing a menu of choices with their associated pros/cons. Some day, we may consider releasing our web interface to the internet, so I'm willing to consider more security than currently necessary if it's easy and/or free.
我已经做了很多阅读,我的初步结论是,没有证书的 SSL 安全性是最好的方法,不是因为安全性较低是不可接受的,而是因为 SSL 是标准,而且它似乎不是很难设置.我,一个非安全专家,不需要解释为什么安全非专家可以接受的安全性较低.如有必要,我可以升级我的应用程序以在将来使用证书.
I've been doing a lot of reading, and my tentative conclusion is that SSL security with no certificate is the best approach, not because less security is unacceptable, but because SSL is the standard and because it doesn't appear to be difficult to set up. I, a security non-expert, wouldn't need to explain why less security is acceptable to security non-experts. I could upgrade my application to use a certificate in the future if necessary.
以下是 SSL 相关安全选项列表,按我对安全级别的看法和我的评论排序.我需要什么级别的保护?
Here's a list of SSL related security choices, sorted by my perception of security level with my comments. What level of protection do I need?
无 SSL. 如果我们的客户不担心他们的员工看到/更改彼此的数据,这可能是可以接受的.无论如何,他们的员工可能希望彼此分享结果,而我可以使用基于 IP 的访问控制和/或密码来确保安全.
No SSL. This might be acceptable if our customers aren't worried about their employees seeing/changing each others' data. Their employees might want to share results with each other anyway, and I could use IP based access control and/or passwords for security.
在没有证书的情况下执行 SSL. 这会加密通信,这至少可以保护数据不被未经授权的员工读取.使用密码,这与命令行上的 ssh
的安全级别相同,对吧?我不需要担心 Intranet 中的中间人攻击,对吗?如果存在大量浏览器警告消息,则此方法的缺点是.
Do SSL with no certificate. This encrypts the communication, which at least protects the data from being read by unauthorized employees. Using a password, this is the same level of security as ssh
on the command line, right? I don't need to worry about man-in-the-middle attacks in an intranet, right? A con for this approach would be if there were loads of browser warning messages.
使用自签名证书进行 SSL. 这给了我什么没有证书给我的东西?如果 DNS 可以不恰当地更改,那么客户然后我的应用程序是他们最不关心的问题.换一种说法,如果 DNS 可以更改,那么我认为 ssh
也会容易受到攻击.
Do SSL with a self-signed certificate. What does this give me that no certificate gives me? If the DNS can be changed inappropriately, then the customer then my application is the least of their concerns. Worded another way, if the DNS can change, then I think ssh
would be vulnerable too.
使用本地证书颁发机构进行 SSL. OpenSSL 让我可以创建自己的证书颁发机构.这给了我什么是自签名证书没有的?我假设在 LAN 上,验证服务器的重要性较低.
Do SSL with a local Certificate Authority. OpenSSL lets me make my own Certificate Authority. What does this give me that a self-signed certificate does not? I'm assuming that on a LAN, it's less important for the server to be verified.
使用外部证书颁发机构进行 SSL. 是否有理由为 Intranet 走这条路线?我找到了一些在线销售的内联网证书"——但不清楚他们提供的内容是我自己做不到的.
Do SSL with an external Certificate Authority. Is there ever a reason to go this route for an intranet? I found some "intranet certificates" for sale online -- but it's not clear what they're offering I can't do myself.
作为参考,此页面可能有助于比较证书:
For reference, this page might be useful for comparing certificates:
http://httpd.apache.org/docs/trunk/ssl/ssl_faq.html#aboutcerts
[更新]
这里一篇讨论从公共 CA 获取内部证书的风险和规则的文章.
Here's an article discussing the risks and rules of obtaining an internal certificate from a public CA.
推荐答案
是的,证书对 Intranet SSL 仍然有用.
Yes, certificates are still useful for Intranet SSL.
SSH 和 SSL-without-a-certificate 之间有一个重要区别:当您首次使用 SSH 连接到服务器时,您的 SSH 会存储服务器的指纹.如果您随后尝试连接到 SSH 客户端认为是同一台机器但返回不同指纹的机器,它会提醒您可能有人拦截了您的通信.
There's an important difference between SSH and SSL-without-a-certificate: when you first connect to a server with SSH, your SSH stores the server's fingerprint. If you then try to connect to what the SSH client believes to be the same machine but gets back a different fingerprint, it alerts you that there might be someone intercepting your communications.
另一方面,SSL-without-a-certificate 不存储服务器的指纹.您的通信仍将被加密,但如果有人以某种方式劫持了您提到的 DNS 服务器,或者,Rushyo 指出,如果 ARP 中毒或类似情况,他们将能够执行中间人攻击.如前所述,SSH 会(假设您在过去某个时间连接到正确的服务器)注意到指纹已更改并提醒您.
SSL-without-a-certificate, on the other hand, does not store the server's fingerprint. Your communications will still be encrypted, but if someone somehow hijacks the DNS server as you mentioned, or, as Rushyo notes, does ARP poisoning or something similar, they would be able to perform a man-in-the-middle attack. SSH, as previously mentioned, would (supposing you had connected to the correct server some time in the past) notice that the fingerprint had changed and alert you.
自签名证书的安全性与 SSH 相当.中间人可以生成他们自己的自签名证书,但只要您的应用程序配置为仅接受 那个 自签名证书,您应该会收到类似于 SSH 将发出的警报你.
A self-signed certificate would be comparable in security to SSH. A man in the middle could generate their own self-signed certificate, but as long as your applications are configured to only accept that self-signed certificate, you should get an alert similar to that that SSH will give you.
本地证书颁发机构为您提供类似于自签名证书的安全性,但可能更具可扩展性.如果您有多个服务器,每个服务器都可以拥有自己的证书,但客户端只需要顶级服务器即可信任所有服务器.如果服务器受到威胁,您可以撤销其证书,而不必更改每台服务器的证书.
A local certificate authority gives you security similar to self-signed certificates, but may be more scalable. Should you have multiple servers, each can have their own certificate, but a client only needs the top-level one to trust all of them. If a server is compromised, you can revoke its certificate rather than having to change every server's certificate.
我不认为外部证书颁发机构有任何优势,除了如果您的机器已经拥有受信任的证书颁发机构可能会减少配置.
I don't believe an external certificate authority has any advantages, other than possibly less configuration if your machines already have the certificate authority trusted.
最后,我对两因素身份验证的了解还不够,无法对其进行评估,但对于大多数应用程序来说,SSL 应该就足够了.
Lastly, I don't know enough about two-factor authentication to evaluate it, but for most applications, SSL should be sufficient.
这篇关于证书对 Intranet SSL 有用吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!