Computer equipment should be secured in a locked room. Wiring should be protected to prevent an unauthorized person from plugging in to it.

Software passwords need to be strong. They should also be stored and used securely. Access to the file system needs to be controlled.

The transmission of data within a network, which may occur over wires or a wireless connection, needs to be secure. This is where SSL Toolset applies. It is concerned with the transport, not the storage of data.

Third-party certificates, such as those from Certificate Authorities (CAs) VeriSign and Thawte, are installed with the browser. This requires trust in the browser installation program. If your company is acting as a CA, your signed client certificate(s) need to be separately installed in the user’s browser.

A certificate chain of trust allows you to create a CA (root) certificate, have it signed by a CA (or become your own CA), and then use that certificate to sign the certificate generated in each JACE.

Generating a key and certificate on a JACE is the most secure way to create the certificate for the JACE even though the generation process takes time.

Although it can be done, it is not recommended to generate a certificate (and key pair) on a local computer, and then download the certificate into the JACE. This is because the download may occur over a connection that is not secure. If you are going to implement SSL on each JACE using a certificate created elsewhere, enable SSL using the default certificate before you import the signed certificate into the station’s Key Store. The transmission will at least be encrypted.

You can export all certificates and keys from Workbench and one or more station(s). While the Key and Trust Stores are backed up with the station, they are not part of the station copy. To import the stores back into Workbench or a station, take the computer running Workbench or take the station off the network, import the stores, and put the computer or station back on the network.

To access the corporate JACE network from a remote location via the internet, use a VPN solution that incorporates RSA two-factor authentication.

For high traffic stations (especially stations that provide public access to a JACE network), secure Niagarad using a separate certificate from that used for Fox and Web Service.

Do not mix secure platforms with platforms that are not secure on the same network. Make sure that all JACEs and the Supervisor station(s) are secure.