ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Local website purchase SSL or self signed?

    IT Discussion
    iis
    9
    49
    9.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Dashrender
      last edited by

      This is a situation where Let's Encrypt would be all that I need.

      D 1 Reply Last reply Reply Quote 1
      • D
        DustinB3403
        last edited by DustinB3403

        Yeah users need to shut it...

        You're in the corporate network, which is heavily monitor'd.

        So as Scott said, they need to shut it.

        J J 2 Replies Last reply Reply Quote 0
        • D
          dafyre @Dashrender
          last edited by

          @Dashrender said:

          This is a situation where Let's Encrypt would be all that I need.

          Have they started issuing certificates yet?

          D 1 Reply Last reply Reply Quote 0
          • D
            Dashrender @dafyre
            last edited by

            @dafyre said:

            @Dashrender said:

            This is a situation where Let's Encrypt would be all that I need.

            Have they started issuing certificates yet?

            They are in a Beta stage now.

            1 Reply Last reply Reply Quote 0
            • D
              Dashrender
              last edited by

              and they don't currently have a Windows client.. yeah!

              1 Reply Last reply Reply Quote 0
              • J
                JaredBusch @DustinB3403
                last edited by

                @DustinB3403 said:

                Yeah users need to shut it...

                You're in the corporate network, which is heavily monitor'd.

                So as Scott said, they need to shut it.

                I completely disagree with this. I do not want users to have to ever get used to clicking through an error screen. Doing so on an internal site means instructing them to do so whenever they see it. Do you honestly expect general users to have the level of knowledge to properly read the error and confirm the internal URL?

                S J 2 Replies Last reply Reply Quote 1
                • D
                  Dashrender
                  last edited by

                  Awesome, that's the kind of thing I was looking for.

                  With NTG I can totally understand this.. they are all technical people.. but here, they are all the technical Luddites.

                  S 1 Reply Last reply Reply Quote 0
                  • S
                    scottalanmiller @JaredBusch
                    last edited by

                    @JaredBusch said:

                    @DustinB3403 said:

                    Yeah users need to shut it...

                    You're in the corporate network, which is heavily monitor'd.

                    So as Scott said, they need to shut it.

                    I completely disagree with this. I do not want users to have to ever get used to clicking through an error screen. Doing so on an internal site means instructing them to do so whenever they see it. Do you honestly expect general users to have the level of knowledge to properly read the error and confirm the internal URL?

                    That's an excellent point. I often forget that one but it does matter a lot in most cases.

                    1 Reply Last reply Reply Quote 0
                    • S
                      scottalanmiller @Dashrender
                      last edited by

                      @Dashrender said:

                      Awesome, that's the kind of thing I was looking for.

                      With NTG I can totally understand this.. they are all technical people.. but here, they are all the technical Luddites.

                      Right, that's why we often go that route internally.

                      1 Reply Last reply Reply Quote 0
                      • D
                        Deleted74295 Banned
                        last edited by

                        As @JaredBusch said.

                        Why would you ever tell users to ignore such a fundamental error message? If they get that error when logging into say, Office 365, do you want them typing in their credentials to a bogus website?

                        1 Reply Last reply Reply Quote 0
                        • J
                          Jason Banned @JaredBusch
                          last edited by

                          @JaredBusch said:

                          @DustinB3403 said:

                          Yeah users need to shut it...

                          You're in the corporate network, which is heavily monitor'd.

                          So as Scott said, they need to shut it.

                          I completely disagree with this. I do not want users to have to ever get used to clicking through an error screen. Doing so on an internal site means instructing them to do so whenever they see it. Do you honestly expect general users to have the level of knowledge to properly read the error and confirm the internal URL?

                          Exactly. That's promoting bad habits. We use self-signed ones in places however push the Certs out as trusted via GPOs fixes any errors in browsers.

                          1 Reply Last reply Reply Quote 0
                          • J
                            Jason Banned @DustinB3403
                            last edited by

                            @DustinB3403 said:

                            You're in the corporate network, which is heavily monitor'd.

                            Heavily monitored doesn't mean protected from stupid actions, which is how most things get in. You can't rely on a single point to protect you from vulnerabilities. You need good user training in addition to AV and network firewalls. User training is the most important.

                            D 1 Reply Last reply Reply Quote 0
                            • S
                              stacksofplates
                              last edited by

                              If you just need the SSL, StartSSL offers free certs. You don't have the insurance of a paid cert, but it's still encrypted and it's still green.

                              D 1 Reply Last reply Reply Quote 0
                              • D
                                DustinB3403 @Jason
                                last edited by

                                @Jason said:

                                You need good user training in addition to AV and network firewalls. User training is the most important.

                                User training..... hahaha.... 😛

                                So as with anything lets perform a math exercise and calculate the continuing cost of effectively training users, versus the cost of build a good security policy with backup and recovery functionality (not excluding cost to upgrade it and maintain it)

                                D 1 Reply Last reply Reply Quote 0
                                • D
                                  Deleted74295 Banned @DustinB3403
                                  last edited by

                                  @DustinB3403 said:

                                  @Jason said:

                                  You need good user training in addition to AV and network firewalls. User training is the most important.

                                  User training..... hahaha.... 😛

                                  So as with anything lets perform a math exercise and calculate the continuing cost of effectively training users, versus the cost of build a good security policy with backup and recovery functionality (not excluding cost to upgrade it and maintain it)

                                  Don't forget to add the cost of a breach.

                                  Reputation
                                  Fines

                                  J coliverC 2 Replies Last reply Reply Quote 1
                                  • J
                                    Jason Banned @Deleted74295
                                    last edited by

                                    @Breffni-Potter said:

                                    Don't forget to add the cost of a breach.

                                    Reputation
                                    Fines

                                    Loss of stock value, investors etc.

                                    1 Reply Last reply Reply Quote 0
                                    • coliverC
                                      coliver @Deleted74295
                                      last edited by

                                      @Breffni-Potter said:

                                      @DustinB3403 said:

                                      @Jason said:

                                      You need good user training in addition to AV and network firewalls. User training is the most important.

                                      User training..... hahaha.... 😛

                                      So as with anything lets perform a math exercise and calculate the continuing cost of effectively training users, versus the cost of build a good security policy with backup and recovery functionality (not excluding cost to upgrade it and maintain it)

                                      Don't forget to add the cost of a breach.

                                      Reputation
                                      Fines

                                      I really hate to be the pessimist... but do companies really care about loss of reputation after a breach? To the average consumer I don't think they really understand or care that their data has been stolen... For us sure it matters but everyone else?

                                      J 1 Reply Last reply Reply Quote 0
                                      • J
                                        Jason Banned @coliver
                                        last edited by

                                        @coliver said:

                                        I really hate to be the pessimist... but do companies really care about loss of reputation after a breach? To the average consumer I don't think they really understand or care that their data has been stolen... For us sure it matters but everyone else?

                                        I know many people who aren't IT or security minded at all who won't shop at Kmart & Target now. So I guess they do.

                                        S 1 Reply Last reply Reply Quote 0
                                        • S
                                          scottalanmiller @Jason
                                          last edited by

                                          @Jason said:

                                          @coliver said:

                                          I really hate to be the pessimist... but do companies really care about loss of reputation after a breach? To the average consumer I don't think they really understand or care that their data has been stolen... For us sure it matters but everyone else?

                                          I know many people who aren't IT or security minded at all who won't shop at Kmart & Target now. So I guess they do.

                                          But is it enough to impact their sales? TJ Maxx did this stuff too, but has that stopped people shopping there? People forget really, really quickly. Investing in company reputation is often worthless as consumers just don't remember.

                                          1 Reply Last reply Reply Quote 0
                                          • D
                                            Dashrender @stacksofplates
                                            last edited by

                                            @johnhooks said:

                                            If you just need the SSL, StartSSL offers free certs. You don't have the insurance of a paid cert, but it's still encrypted and it's still green.

                                            what insurance would that be?

                                            And you get green? That doesn't seem right. Green is suppose to mean extended validation. I can't imagine that StartSSL is doing that for free.

                                            S 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 1 / 3
                                            • First post
                                              Last post