Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

Re: SSL
From: Brian Hatch <bri () ifokr org>
Date: Sat, 31 Jan 2004 01:24:05 -0800



Do you know a way to restrict admins of the web server (ISS) from backing
up server certificate (and private key)? I am trying to ensure that only
security admins of my company can back up the certificate, not the web
admins. this can be via an authentication definition or via a password
protection.


You could always just keep the private key protected with a strong
passphrase.  Then even if they can access it, the file is encrypted
and they can't get in.  If the passphrase is strong enough, then
an offline attack should be futile.  This does mean you'd not be
able to reboot unattended though.

--
Brian Hatch                  "I am become Grey. I stand between
   Systems and                the darkness and the light.
   Security Engineer          Between the candle and the star."
http://www.ifokr.org/bri/

Every message PGP signed

Attachment: signature.asc
Description: Digital signature

  By Date           By Thread  

Current thread:
  • Re: SSL VolkanPekince (Jan 30)
    • Re: SSL Brian Hatch (Feb 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]