Specific functions that take place between a multi-campus company, or business transactions that use HTTPS(SSL), can now provide more security and integrity to transactions that take place using DNSSEC. It can provide for better origin authentication, data integrity, and authenticated denial of existence. One of the easy transition methods is the deployment of a DNSSEC appliance, which serves as a DNS signer for DNS zones. This can be a large, several thousand dollar appliance; or as inexpensive as a several hundred dollar, more portable device like a card or USB token.
In addition to accelerating DNSSEC compliance, These devices, known as Hardware Security Modules (HSM) provide support for other applications as well.
The applications are many, but are commonly deployed for such things as
1> Card Payment Systems
2> PKI Environments
3> Automated Teller Machines
4> POS Terminals
For these and other types of systems, the HSM provides an aid to securely encrypting data in a relatively unsecure database, verifying the integrity of the data in a database, and aids in verifying digital signatures.
The HSM provides FIPS 140-1 and 140-2 validation, and uses widely accepted algorithms for the most part. It is much more preferable to find a system that does not use a proprietary algorithm, so that the HSM can provide proven functionality for all necessary functions.
This is just one of many types of systems that can aid in an overall security solution. Providing that proper security processes, such as risk analysis, testing and careful administration of the device can ensure a better security posture for mid-sized businesses or greater integrity for financial transactions.
No comments:
Post a Comment