Production Considerations
The installation of a Public Key Infrastructure incorporating the ActivID Validation Suite requires close attention to security procedures.
As discussed previously, there are two server types involved in a full Validation Suite installation.
-
The back-end Validation Authority is a trusted system that must be protected from unauthorized use. Any compromise of the Validation Authority security will require an expensive revocation and “re-keying” of Validation Authority, with a resulting disruption in service.
-
The second server type, Validation Responder, does not hold sensitive secrets, but still must be protected from common network attacks which can degrade its ability to provide service to legitimate relying parties.
Validation Responders
-
Servers acting as Validation Responders contain no security-sensitive information. Therefore, the security requirements are not rigid.
-
An attack on a Validation Responder could result in a denial of service to relying parties until the system breach is rectified.
-
Using standard web server firewalls and intrusion detection systems, these servers should be treated as standard high-value servers and should be properly secured as such.
-
Ideally, Validation Responders should be dedicated servers, not performing other functions or running other applications. However, the Validation Responder may be co-hosted on the same server as other medium-security services in a less secure (and less expensive) configuration than a Validation Authority.