Windows 2000 Certificate Services and Public Key Infrastructure |
If intruders can access a CA computer either physically or through the network, they might decode the private key and then impersonate the CA to gain access to valuable network resources. Intruders who impersonate a CA can cause widespread damage by stealing information, disrupting network services, or destroying network resources. A compromised CA key undermines and invalidates all security protection provided by that CA and any CA hierarchy deployed below it. To reduce the risks of intruder attacks on CA keys, consider using the following practices.
Provide Security for Certification Authority Servers Provide security for CA servers as discussed earlier in this chapter. Providing physical security minimizes the risk that intruders can gain access to the CA server or the protected store (whether hardware-based or software-based) where the CA key resides. Providing network and server (software) security minimizes the risk that intruders can gain access to the CA server or exploit applications and services that are running on the server to compromise the CA key.
Provide Enhanced Security for Certification Authority Keys Use hardware-based CSPs when you want to provide maximum security for private keys because keys are stored on tamper-resistant hardware devices and keys are never exposed to the operating system. Use SysKey to provide extra protection for CAs' private keys that are stored by Microsoft CSPs.
Use Large Keys for Certification Authorities Large CA keys reduce the risks of key attacks, but large keys also require more storage space as well as more computer processing power to sign certificates. Consider using the largest key lengths that are feasible depending on key storage requirements and CA performance requirements.
For example, a 4,
However, a 4,
Use Appropriate Lifetimes for CA Keys The longer CA keys are valid, the greater the risk of key compromise because attackers have more time to attempt cracking the key. There is no simple formula to determine maximum key lifetimes. However, the adequacy of longer key lifetimes depends largely on how well protected the key is and how long the key is. In general, longer keys can have longer key lifetimes. Likewise, keys with more secure storage can have longer lifetimes. For example, keys stored in tamper-resistant hardware crypto-devices are safer than keys stored on local computer hard disks. Therefore, for the same-sized keys, keys stored in hardware crypto-devices usually can have longer safe key lifetimes than keys stored by software CSPs on hard disks.
For more information about the major risk factors for cryptographic keys, see "Cryptography for Network and Information Security" in this book.