Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Rare peek: Inside Symantec's security fortress

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 24 Aug 2012 08:09:11 -0500 (CDT)
http://news.cnet.com/8301-1009_3-57498393-83/rare-peek-inside-symantecs-security-fortress/

By Elinor Mills
Security & Privacy
CNET News
August 23, 2012
MOUNTAIN VIEW, Calif. -- The journey to the heart of the operation reminded me of the late '60s TV show "Get Smart," where one heavily fortified door leads to another locked entryway followed by more complicated defenses in a seemingly never ending series of entry points requiring PINs, badges, and irises or fingers scans. I balked at the DNA test. Joking. Actually, I was just along for the exclusive tour, flanked by a group of engineers and executives with high-level security clearances.
This is the belly of Symantec's Certificate Authority operations, where the company creates digital certificates and keys that prove Web sites are who they say they are and not an impostor trying to steal your data or spy on you.
Picture the scene. There's a building with no signage tucked amid a cluster of beige buildings on the Symantec campus. Your generic office park, but one that houses vital data that pretty much anyone who surfs the Net comes into contact with in one way or another. Nestled within safety deposit boxes, hidden in nine safes, locked in a cage, housed in a secret room in the middle of the building are stored a million digital keys and cryptographic certificates.
You likely don't know they are there, but these digital keys are exchanged and verified behind the scenes in fractions of a second, the time it takes to open a Web site. Usually, the only visible representation showing this is going on is a green URL bar or padlock symbol at the top of the browser when you use "https" (Hypertext Transfer Protocol Secure), indicating that the communication is taking advantage of the SSL (Secure Sockets Layer) cryptographic protocol. Most Internet users take it for granted that when they click on a URL they are going to the site they intend to visit, but underlying that action is a complex infrastructure for assigning the digital equivalent of identity papers to companies, government agencies and organizations running Web sites that require a high level of trust. Without this assurance, people couldn't trust that the site they are visiting that advertises itself as their bank is really their bank. 

[...]
Previous By Date Next
Previous By Thread Next

Current thread: