Securing and backing up a certificate server
In part 1 and part 2 of this series, I've explained why and how to set up a certificate server. After the certificate server is online, you'll then need to deal with the important issues of security and backup. However, you'll have to deal with some very important issues even after the certificate server is online and your network clients are using it. These issues are security and backup. In this article, I'll provide you with some information about how to safeguard your certificate server.
Why should you safeguard your certificate server?Because the whole point in setting up a certificate server is to enhance your network's security, it may seem strange to think that you need to implement additional security procedures to protect it. However, it's absolutely critical that you closely guard your certificate server. Keep in mind that your certificate server represents the backbone of your entire security system. If an intruder can break into the certificate server and steal a few certificates, there's no limit to the mayhem they can unleash upon your network. Therefore, your certificate server needs to be the most closely guarded component in your entire network. It would be easy to write a very large book on network security, but space prohibits me from going into this kind of detail. Therefore, I'll cover some of the more important techniques that you should use to protect your certificate server.
Physical securityThe first thing you need to guard against is physical damage: tampering and vandalism to the physical hardware. One of the more effective measures is to place the server in an isolated room behind a locked door. I recommend choosing a room with no windows, so a would-be hacker would have trouble gathering any sort of information by observing the server. The room should also have adequate surge protection and fire suppression equipment. It may sound obvious to put the server behind a locked door, but you'd be surprised how many companies I've seen in which the servers are kept in the open. In these environments, half of the staff often knows the Administrator's password. Therefore, when you set up a certificate server, carefully control access to the room and to the passwords. (I personally recommend not even allowing the cleaning people into the server room. About seven years ago I had a bad experience in which the custodian unplugged a server to plug in a vacuum cleaner. Since then, I've always cleaned my own server room.) In addition to protecting the room containing the server, you should protect the server itself. By default, Windows 2000 stores all the private keys in an encrypted form. However, you can do better. The big certificate providers, such as VeriSign and CyberTrust, go so far as to use special hardware that's designed to be tamper proof. For example, you can use titanium computer cases that are almost impossible to open without a key.
Data securityYou also need to protect your certificate server against data loss. This means backing up the server as often as possible and verifying the integrity of those backups. Remember, in the event of a crash, you may not be able to recover the certificates the server has issued without the backup. In such a situation, once you bring the server back online, you'll have to manually reissue every certificate the server has ever issued. I'll discuss some backup techniques a little later.
Protection against viruses and hardware failureFinally, I recommend protecting your certificate server against viruses and hardware failure. Protecting against viruses shouldn't be a big problem. The main thing is to use a reputable antivirus program that automatically downloads such as Norton Antivirus. Norton Antivirus will automatically download the latest virus definition files and apply them to your server (many other packages do this as well). I recommend setting the automatic update feature to scan for new virus definitions every few hours. If you keep your antivirus software up to date, you shouldn't have to worry about viruses on the certificate server--after all, absolutely no one should be using the server for anything except for requesting certificates. Usually, servers become infected when users store infected files on them, or when an administrator tries to uses the server as their own personal workstation and opens infected documents directly from the server console or uses the server to downloads infected files from the Internet. You can't really do anything to prevent hardware failure, but you can keep your server from going down when it happens. To do so, implement devices such as RAID arrays, UPS systems, and redundant power supplies. You could even implement a cluster server environment to protect against hardware failure.
Backing up your certificate serverAs I mentioned earlier, backing up your certificate server should be a top priority. Backing up the certificate server is a little tricky because to do so, the certificate authority services must be stopped during the backup. You must also use a Windows 2000-aware backup program, such as the one that comes with Windows 2000. If you normally run an automated backup at night, you can set up batch files to stop and restart the certificate authority. You can then call these batch files from the task scheduler. To start and stop the certificate authority from a command line or a batch file, simply use the CERTSRV.EXE file. You can use a number of command-line switches with this command to accomplish the task at hand. Another method of backing up the certificate server is through the Certificate Authority Backup Wizard. This wizard works a little differently than the usual backup program in that it actually requires the certificate authority services to be running. If the services aren't running when you run the wizard, the wizard will start them for you. As with any backup wizard, the Certificate Authority Backup Wizard asks several easy questions about what you want backed up and to where. Once you've answered all the questions, the wizard will copy everything you've specified into a folder of your choice. Because this folder is merely a copy of the live certificates, you're free to back it up or archive it at your leisure without stopping the certificate authority services. If you need to leave the certificate authority services running at all times, then this is the backup method for you. Unfortunately, there's no way of getting around manually running the wizard. However, if you're concerned about your server's hard disk filling up, you'll be happy to know that the wizard can create incremental backups.
As you can see, there are a variety of ways to protect and back up your certificate server. However, all I can do is give you guidelines. To truly protect your certificate server, the best thing to do is combine the techniques I've suggested with the knowledge of your own physical environment and some imagination to form your own security plan. //Brien M. Posey is an MCSE who works as a freelance writer. His past experience includes working as the Director director of Information information Systems systems for a national chain of health care facilities and as a network engineer for the Department of Defense. Because of the extremely high volume of e-mail that Brien receives, it's impossible for him to respond to every message, although he does read them all.