Utility Company - Access Security
Digi-CA™ for Digi-Access™
The two largest providers of natural gas in the British Isles shared similar difficulties in communicating and co-operating with external service providers and Gas Installers.
Both companies are responsible for the transmission, distribution and supply of natural gas and are also responsible for the development and maintenance of the various gas transportation systems. As gas producers and distributors, both organizations are also directly involved in gas procurement and supply on the open market.
Utility companies clearly understand the need for tight cost control across the entire organization. IT expenditure is considered to be a part of the total operational costs. Any expenditure must clearly demonstrate cost reduction in the shortest possible time. Total Cost of Ownership [TCO] is usually examined in terms of twelve months or less.
As an industry dealing in fossil fuels, technological advances were more evident in the drilling fields than in the IT Department.
In less than a decade, both organizations experienced exponential growth in their respective customer bases. This business progression demanded that the manual gas consumption and billing procedures be replaced with sophisticated computerised systems. SQL based data servers using Oracle®/IBM® were selected for their efficiency, flexibility and the overall stability of the software’s providers. As with most large organizations, the clear benefits and cost savings of this computerisation prompted further investment in IT.
By the end of the 1990’s, the IT Department was a wholly integrated and essential component in the management of most aspects of day-to-day operations. The storage of all business critical data was centralised and secured in data centres. Access to this data was restricted to proprietory private networks and local area access only.
The technological boom of the Internet, in early 2000, was initially viewed with scepticism by both companies. The only tangible reaction was a heightened concern surrounding the hardening of existing security and the possible use of the basic Internet infrastructure to help reduce costs. Typically this involved little more than replacing frame relay networks with Virtual Private Networks [VPNs].
As consumers and businesses began to understand the difference between Internet ‘hype’ and its true business benefits, the same enthusiasm for IT that was evident in the early 1990’s was reinvigorated by the introduction of Internet based business applications. Because the SQL providers, like Oracle® and IBM® had rapidly integrated Internet technologies in their software and servers, this meant that both organizations could easily ‘open up’ more and more parts of the network and its information.
The business case was obvious. By providing access to external users, these commercial customers could process purchases in ‘real time’ for the area required. This reduced cumbersome paper-based processes with instant accounting and effectively removed the ‘human element’. Therefore, it was consistent with the TCO business principles of the organizations. However, this business opportunity presented a new set of problems for the two IT Departments. Opening up any part of the network on the Internet required good planning, hardening the perimeter and monitoring internal traffic to ensure that IT security remained unaffected.
Firewalls like Cisco® and Check Point® required regular monitoring and updating so that the Firewall Policy protected the principle point of entry. Intrusion Detection Systems [IDS] such as ISS® and Cisco® were used to monitor ‘unusual packets’ on the network and servers were protected with additional advice from security consultants. Combining all of these, the security of the total environment is maintained. In one of the organizations, it was HP® that raised the all-important issue of ‘who’ rather than just how’.
Examining one particular company in more detail, HP® had clearly defined how the network infrastructure was secured, but who had access to it presented them with several problems. Knowing, with certainty, the identity of each user was a new security issue. It was clear that usernames and passwords would not provide sufficient authentication of the end user.
Dial-in software from the firewall was considered as an alternative, however each of the commercial customers experienced conflicts with their own firewalls. There were many software variants available, but the customer did not want to be responsible for distributing and upgrading software.
Tokens using asynchronous authentication like RSA® SecurID® were too expensive. Digital Certificates were considered, but the server software was not capable of working with x.509v3 Certificates or of handling additional x.509 extension fields.
Most Traditional Certificate Authority [CA] providers’ systems are Unix based. In some cases, the core technology of these Traditional CAs is more than ten years old. A decade ago, Unix was necessary to ensure high levels of security and overall system integrity. Unfortunately, the ‘trade off’ means that these, albeit highly secure, systems are not very flexible. Making even minor alterations (such as changing Certificate
extension fields) proved prohibitively expensive.
This is not the case with Digi-CA™. Digi-CA™ Digital Certificates use the latest in CA technology. By combining its proprietary technology with Open Source technology and security hardened Linux, every aspect of Digi-CA™ can be changed and customised easily and usually at a minimal cost to the customer.
Digi-Sign is probably the only CA provider in the world that offers both types of Certificate Authority [CA]: Managed CA and CA Software.
A Managed CA is located in a secure data centre and the customer accesses the solution over a highly secure Internet connection. The solution is charged on an annual recurring subscription basis depending on the number of end users or seats, the customer wishes to use the CA for. Digi-CA™ Service is the Managed CA.
CA Software is like most software in that it is sold ‘in a box’ and is usually delivered and installed at the customer’s site. CA Software is life-time software purchased in Year-1 with an annual maintenance fee thereafter. Digi-Sign’s CA Software is called Digi-CA™ Server.
In this specific customer case study, the requirement was small (less than 2,500 users). Although Service™ was the obvious choice, the legal liabilities in the Digi-Sign Certificate Practice Statement [Digi-CPS™], meant that although technically Digi-CA™ Service could be modified, legally it could not. Therefore, Digi-CA™ Server was selected so that the entire Certificate Chain could be modified to meet the precise requirements of the customer environment.
If the Digital Certificates issued by a CA are to have any legal standing or real business purpose, they must have, what is called, non-repudiation. Non-repudiation is deniability. If the recipient of a Digital Certificate can show that the organization that issued the Certificate does not operate the CA in accordance with internationally accredited standards and local laws for Digital Signatures, then any transaction conducted using any Certificate from that CA has no non-repudiation. In other words, all the transactions can be denied and have no legal standing. For non-repudiation to exist, that CA must document its operation using a Certificate Practice Statement [CPS] and a Certificate Policy. The Digital Certificate Policy is a ‘who’, ‘what’, ‘where’ and ‘how’ document that describes the principles of the Digital Certificate usage; how they are issued and under what conditions; how an end user receives or applies for a Digital Certificate; and then references the CPS for issues relating to law, location, security, insurance and other operational matters.
Digi-Sign has simplified producing this complex series of documents using a single ‘intelligent’ questionnaire that is used to generate the Certificate Policy easily. The Policy stipulates that the CA is secure, cannot be compromised and that the end users are correctly identified. This Policy ensures that all Certificates have the non-repudiation the organization requires.
There are two primary ways that Digi-CA™ Certificates can be delivered to the end user. The first method is the Package Method, where both the public and the private key are generated together and delivered together – in a ‘package’. In the second method, the Process Method, there are two stages, or processes, in getting the Certificate. With the Process Method, the private key never leaves the users device (floating text box/Alt tab text: PC Registry, Smartcard, USB Token or other Certificate storage media device).
The Certificate Policy agreed with the gas company, when combined with the uniqueness of the specific environment, meant that the Certificates needed to be delivered using the Package Method. It was further agreed that each Certificate would be delivered using the Total Trust Management™ [TTM™] service.
When an organization wants all the benefits of using Digi-CA™ Certificates but does not have either the time or the resources to manage them, then Total Trust Management™ [TTM™] is the best option. TTM™ is a unique service offering from Digi-Sign that means every aspect of the Digi-CA™ environment is Totally Managed by Digi-Sign personnel - exactly as the customer instructs. Referencing the Certificate Policy, all aspects of the initial deployment, the day-to-day administration of the CA and the life-cycle management of every Certificate is totally managed for the customer by Digi-Sign.
For the gas company, given its unique combination of ‘problems’, it elected to use Digi-CA™ Server and to have Digi-Sign host and manage it under an expanded version of TTM™. Combining all of their requirements into a single offering, from a single vendor, solved every aspect of their requirement in every detail. As a standard provision of TTM™, Digi-Sign also manages the Help Desk function for the environment meaning that no resources are taken from the gas company.
Configuring a server to work with strong two-factor authentication using Certificates is called Digi-Access™. Once the server is configured, Digi-Access™ controls who has access to the data stored on the server. Most web servers from Apache to Zeus work with Digi-CA™ Certificates. In addition, integrated server software like that found on Oracle®, IBM® and other branded servers are also compliant.
Prior to the initial deployment of the solution, Digi-Sign Professional Services ensured every aspect of the gas company’s environment was correctly configured to work with Digi-CA™.
For the deployment, the gas company prepared a simple Excel® spreadsheet with the details of the initial ‘block’ of users. The Digi-Sign TTM™ Team then issued each end user with a Digi-CA™ .p12 file by email (a .p12 file is one type of Package used when sending Certificates using the Package Method). On opening the received file, the user was invited to apply for a Personal Identification Number [PIN] to unlock and install the Certificate.
In accordance with the Certificate Policy, the PIN was supplied using a pre-defined set of protocols, either by telephone or to a specified email address within the end user organization. If the request conformed to the protocol, the PIN was issued. When the end user entered the PIN, the Certificate was then automatically installed in the Certificate Store of Microsoft’s® browser, Internet Explorer.
As more and more customers of the gas company require access, using the same predefined security protocols, it simply emails or telephones in the end user details to the Digi-Sign TTM™ Team. The request protocols are verified and if they match those in the Policy, the Certificate is dispatched.
All technical support issues, all Help Desk functions and every aspect of the Certificate life-cycle is managed by Digi-Sign under TTM™.
The customer continues to save costs, increase productivity and communicate more efficiently with its customers, safe in the knowledge that Digi-Sign’s total solution protects the environment in a way that was previously believed to be impossible.