Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Guides - Privacy & Security Tips
How to protect your head-less home server with smart card authentication and a Yubikey
Message
<blockquote data-quote="Amelith Nargothrond" data-source="post: 624821" data-attributes="member: 60405"><p>Don't forget to test recovery options, simulate as many worst case scenarios as you can, as losing Yubikeys, revoked certificates, unreachable CAs/DCs, untrusted CAs, how to create trust between the DC/CA and non-joined machines (you need this in some cases, especially for executive people's laptops), corrupt CA dbs, backup and restore CA dbs, different time zones (and automatic adjustments), remote access from portable devices like phones or tablets etc. etc...</p><p></p><p>When dealing with cryptography, Macrium images might not help in all the cases, you have to get ready for anything, know ahead what to do/try, to minimize downtime as much as you can. Also, you can distribute workload if you have hundreds of users, by installing the CA on a different machine, and so forth.</p><p>Think about all of these, as smart cards can be occasionally a pain in the *ss if you are not prepared for stuff.</p><p></p><p>I'm not trying to scare you off, just to prepare you for what may come in the future.</p><p></p><p>I suggest not to enforce the use of smart cards right from the very beginning, but rather give the users time to accommodate. After a while, you can enforce it.</p></blockquote><p></p>
[QUOTE="Amelith Nargothrond, post: 624821, member: 60405"] Don't forget to test recovery options, simulate as many worst case scenarios as you can, as losing Yubikeys, revoked certificates, unreachable CAs/DCs, untrusted CAs, how to create trust between the DC/CA and non-joined machines (you need this in some cases, especially for executive people's laptops), corrupt CA dbs, backup and restore CA dbs, different time zones (and automatic adjustments), remote access from portable devices like phones or tablets etc. etc... When dealing with cryptography, Macrium images might not help in all the cases, you have to get ready for anything, know ahead what to do/try, to minimize downtime as much as you can. Also, you can distribute workload if you have hundreds of users, by installing the CA on a different machine, and so forth. Think about all of these, as smart cards can be occasionally a pain in the *ss if you are not prepared for stuff. I'm not trying to scare you off, just to prepare you for what may come in the future. I suggest not to enforce the use of smart cards right from the very beginning, but rather give the users time to accommodate. After a while, you can enforce it. [/QUOTE]
Insert quotes…
Verification
Post reply
Top