An SSL/TLS private key is installed on a corporate web proxy in order to inspect HTTPS requests. Which of the following describes how this private key should be
stored so that it is protected from theft?
A.
Implement full disk encryption
B.
Store on encrypted removable media
C.
Utilize a hardware security module
D.
Store on web proxy file system
Explanation:
Hardware Security Module (HSM) hardware-based encryption solution that is usually used in conjunction with PKI to enhance security with certification authorities
(CAs). It is available as an expansion card and can cryptographic keys, passwords, or certificates.
Incorrect Answers:
A: Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be
stolen.
B: The SSL/TLS private key needs to be installed on the web proxy in order to inspect HTTPS requests. Moving it to removable media would not improve its
security as the removable media would need to be attacked to the web proxy if the SSL/TLS private keys are to be used effectively.
D: The SSL/TLS private key needs to be installed on the web proxy in order to inspect HTTPS requests. However, simply installing it on the file system does not
improve it’s security.Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 418-419
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 236,
A bit of an ambuguous question as there are twp possible answer. It should ask for the BEST option.
When you leave home do you lock the front door but leave the key in the lock? That’s the same thing as creating a private key but not protecting it. Access to a private key can let an attacker fraudulently sign application content or impersonate a site’s identity. Common sense would indicate that locking your front door and taking the key with you is a good thing so have you asked yourself if your private keys are secure?
#1 – Hardware Storage
The best way of securely storing private keys is to use a cryptographic hardware storage device such as:
USB Token (which is in fact tantamount to B-Store on encrypted removable media)
Smart Card
Hardware Storage Module (HSM) – Which is the BEST answer ( but not the only answer)
Using such a physical device means that attackers most first gain access to the physical device which can be difficult if the device has restricted access.
Hardware Security Module (HSM) hardware-based encryption solution that is usually used in conjunction with PKI to enhance security with certification authorities (CAs).
It is available as an expansion card and can cryptographic keys, passwords, or certificates.
A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server.
0
0