Assume a server which offers some information which must not be exposed publicly

Question

Assume a server which offers some information which must not be exposed publicly. A client of this which may be e.g. a windows service (or at least something executing headless) needs to access the information on the first server.

So the client needs to trust that he is talking to the correct server and the server needs to trust that he is talking to the correct (authenticated and authorized client).

The information transactions must be obscured, i.e. crypted.

What is the best strategy to achieve this kind of security when it is a requirement that the client is running silently, headless and cannot/shall not ask interactively for credentials from a user on the client site ?

Some kind of integration into AD (another forest) ?

Client certificate (number of clients is fairly low and the burden to handle this is not too big).

Other ?

Explanation / Answer

As per my understanding of your needs, use SSL/TLS with mutual authentication (ie. client cert):

- It will guaranty both ends identity,
- Protect the communication confidentiality and integrity,
- It is a well known standard, largely available allowing quick implementation.

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.