Information Security Officer Question: Download Questions PDF
Explain what is SSL and why is it not enough when it comes to encryption?
Answer:
SSL is identity verification, not hard data encryption. It is designed to be able to prove that the person you are talking to on the other end is who they say they are. SSL and its big brother TLS are both used almost everyone online, but the problem is because of this it is a huge target and is mainly attacked via its implementation (The Heartbleed bug for example) and its known methodology. As a result, SSL can be stripped in certain circumstances, so additional protections for data-in-transit and data-at-rest are very good ideas.
Download Information Security Professional Interview Questions And Answers
PDF
| Previous Question | Next Question |
| Suppose what is the difference between a vulnerability and an exploit? | Tell me what are Linux’s strengths and weaknesses vs. Windows? |