<div>
<div class="content wysiwyg-content">
Hi all,<br />
<br />
Considering the following server config for a group based in Europe:<br />
2 load balanced web servers<br />
2 DB servers (1 live 1 backup)<br />
2 File servers (1 live 1 backup)<br />
<br />
Where all machines are hosted at the same ISP and will be accessed via the internet. &nbsp;Some portions of the website will be free and others member only; (e.g., registration/login and web forms for users to input various data). &nbsp; Data won't be financial but will be considered sensitive.<br />
<br />
1. What is the best certificate config here? &nbsp;Assuming the top level domain name is <a href="http://www.group.org" rel="ugc">www.group.org</a>, would I have a FQDN like secure.group.org? &nbsp;In other words, users would access the site at <a href="http://www.group.org" rel="ugc">http://www.group.org</a>&nbsp;but as soon as they wanted to do any member specific stuff, (login or register, input data) should they be redirected to <a href="https://secure.group.org?" rel="ugc">https://secure.group.org?</a>&nbsp; <br />
<br />
2. Do I need certificates for all machines?<br />
<br />
Is what I mentioned above atypical for a .org TLD? &nbsp;<br />
<br />
Thanks...<br />
<br />
<br />

</div>
</div>


Hi all,

Considering the following server config for a group based in Europe:
2 load balanced web servers
2 DB servers (1 live 1 backup)
2 File servers (1 live 1 backup)

Where all machines are hosted at the same ISP and will be accessed via the internet.  Some portions of the website will be free and others member only; (e.g., registration/login and web forms for users to input various data).   Data won't be financial but will be considered sensitive.

1. What is the best certificate config here?  Assuming the top level domain name is www.group.org, would I have a FQDN like secure.group.org?  In other words, users would access the site at http://www.group.org but as soon as they wanted to do any member specific stuff, (login or register, input data) should they be redirected to https://secure.group.org?  

2. Do I need certificates for all machines?

Is what I mentioned above atypical for a .org TLD?  

Thanks...




Basic SSL/Certificate question

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Encryption

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.