Case Study: Commercial vs. In-House PKI and WiFi Security
PKI stands for Public Key Infrastructure and before I begin to compare the differences between a commercial PKI and an in-house PKI, a good definition of PKI is necessary. Have you ever ordered tickets to a play or a sporting event and you choose to pick up your tickets at the will call office? Will call will not give you your tickets unless the security is breached or you provide some identification. PKI is a method to prove that the sender of the information is who they say they are and that the information is not harmful to the recipient. The sender has a digital certificate and the information is encrypted. When the recipient receives the message he/she/it will have the certificate along with the encrypted message. Usually, the certificate and the encryption and decryption are handled by a certificate server that is trusted on the network. Also, I will touch base on improving the security of our wireless network(s).
When comparing commercial PKI to in-house PKI, it depends on the size of the company, the nature of the data and the size of the data. Normally, commercial PKI are used for larger companies with large amount of sensitive data. It allows the company to not have to worry about PKI which in itself could be a department within your IT department. The responsibility is off of the company and placed on the consulting group. Most commercial PKI’s use outsourcing methods to drive cost down and this is beneficial to company.
When considering an in-house PKI numerous factors come into play. Trust of your own employees is the first that comes to mind. Anytime you build something in-house that has to do with sensitive data and security of your network, you want the top people involved. People that can be trusted and do not have shady backgrounds should be considered first for in-house projects. Normally, in-house PKI’s are for smaller companies that either trust their employees or express some ignorance about security on the networks. Also, the cost of an in-house PKI, the support and the maintenance of PKI’s can drive the total cost higher than a commercial PKI.
It can be very easy to improve the security of our wireless network as long as we follow these simple tips. Network security applications, including a firewall, to scan for malicious activities is a must have to prevent and report such activities. Turn on the WPA/WEP encryption and reset the SSID password on the router. Turning off the auto network connect will allow you to only connect to trusted networks and disallow intruders from just jumping on. Another way to improve the security is to put sensitive data on a VLAN network and have the rest of the network on the regular WLAN. What this does to the company is secure the data for special access and the rest of the network is available to the public. The rest of the data may be compromised but the sensitive data will not.
In this day an age of security and technology, it seems that the technology grows faster than the security can provide. Security features need to be proactive rather than reactive. There always seem to be a gap between the technology and the security that follows. My advice would be to be patient with a new technology and wait for all of the security measures to take place. As far as a commercial or in-house PKI’s, you need to evaluate the cost of the two and look at your employees to see if the trust is there for them to manage it.
Unknown (2007). PKI. Techweb, Retrieved February 22, 2009, from
C. Ellison and B. Schneier (Feb 2000). Risks of PKI: Electronic Commerce. Inside Risks 116, Communications of the ACM, vol 43, n 2, Retrieved February 22, 2009, from
Bradley Mitchell (2008). About.com: Wireless / Networking; 10 Tips for Wireless Home Network Security, Retrieved February 22, 2009, from