News and blog
NXLog main page
  • Products
    NXLog Platform
    Log collection
    Log management and analytics
    Log storage
    NXLog Community Edition
    Integrations
    Professional Services
  • Solutions
    Use cases
    Specific OS support
    SCADA/ICS
    Windows event log
    DNS logging
    MacOS logging
    Solutions by industry
    Financial Services
    Government & Education
    Entertainment & Gambling
    Telecommunications
    Medical & Healthcare
    Military & Defense
    Law Firms & Legal Counsel
    Industrial & Manufacturing
  • Plans
  • Partners
    Find a Reseller
    Partner Program
  • Resources
    Documentation
    Blog
    White papers
    Videos
    Webinars
    Case Studies
    Community Program
    Community Forum
  • About
    Company
    Careers
  • Support
    Support portals
    Contact us

NXLog Platform
Log collection
Log management and analytics
Log storage
NXLog Community Edition
Integrations
Professional Services

Use Cases
Specific OS support
SCADA/ICS
Windows event log
DNS logging
MacOS logging
Solutions by industry
Financial Services
Government & Education
Entertainment & Gambling
Telecommunications
Medical & Healthcare
Military & Defense
Law Firms & Legal Counsel
Industrial & Manufacturing


Find a Reseller
Partner Program

Documentation
Blog
White papers
Videos
Webinars
Case Studies
Community Program
Community Forum

Company
Careers

Support portals
Contact us
Let's Talk Start free
NXLog search
  • Loading...
Let's Talk Start free
May 14, 2024 securitystrategy

Harnessing TPM encryption with NXLog

By Tamás Burtics

Share
ALL SIEM STRATEGY SECURITY ANNOUNCEMENT DEPLOYMENT COMPLIANCE COMPARISON RSS

In an increasingly digitalized world, protecting your business’s digital assets is becoming more urgent by the day. Realizing the need to protect data from malicious actors, researchers created encryption. And I am not talking about the Enigma here, but software-based encryption algorithms, with their public and private signing keys, and so on.

Like every other technology, encryption methods have evolved throughout the years. However, the goal remained the same: encryption is there to secure our digital communications. In the race against the "bad guys", the "good guys" came up with TPM-based (Trusted Platform Module) encryption in an attempt to advance data protection methods.

This blog post explores the benefits of using these secure keys, how to use them with NXLog, and their impact on strengthening security measures and meeting compliance requirements.

What is a TPM?

tpm encryption

TPM is a chip usually soldered to the motherboard. Simply put, it is a place you should consider safe, even if other computer parts are compromised. Modern x86 computers all have this built-in security device (TPM) that you can use to store keys safely. The crux is that the keys in TPM are not exportable but accessible via the Cryptography API: Next Generation (CNG). Their non-exportable nature makes them a more secure option.

Although TPM is most renowned for encrypting hard drives, it has many other uses. One of these is encrypting communication over the network—yes, even when you transfer logs containing sensitive information between nodes.

TPM recently gained some attention in tech circles because Windows 11 requires the latest TPM implementation, TMP 2.0, to run.

Why you should use TPM

As you can see, there are numerous reasons to use Trusted Platform Modules in your organization. Let’s look at them one by one.

Improve security

Well, I know "improving security" sounds like a platitude, but that is what it’s all about—helping to make your system and data safer. TPMs implement some very clever features to make that happen.

Some of the most notable benefits include:

  • Non-exportable encryption keys strengthen security by ensuring that private keys cannot be removed or copied.

  • Hardware-based cryptographic storage is less prone to external attacks.

  • Enhances security by providing hardware-based protection for encryption keys.

  • TPM keeps encryption keys isolated from other system components.

  • Ensures system integrity by monitoring for unauthorized software and hardware changes.

By supporting TPM-based encryption keys, NXLog offers a robust way to protect your logs during transfer.

There are numerous reasons to employ Trusted Platform Modules in your organization. Let’s look at them.

Compliance requirements and regulations

Fulfilling regulation requirements is an important yet tedious job for any organization. One may feel that there is an ever-growing list of things to comply with. You will be happy to know that TPM-based encryption can also help you tick a few boxes.

Several regulations and compliance mandates either require TPMs or include security requirements for cryptographic modules with the characteristics of TPM chips, especially TPM 2.0.

  • FIPS 140-2 — Security Requirements for Cryptographic Modules
    Quoting SSL.com: "As of June 1, 2023, all Code Signing Certificates must comply with the new CA/B Forum regulations to ensure that the subscriber’s private key is generated, stored, and used in a suitable FIPS-compliant hardware." — Meaning that this Federal Information Processing Standard (140-2) specifies the security requirements for cryptographic modules.

  • NIST Special Publication 800-63B — Digital Identity Guidelines
    The National Institute of Standards and Technology (NIST) in the U.S. recognizes hardware cryptographic modules like TPMs in its digital authentication guidelines. For example, NIST SP 800-63B acknowledges the use of hardware crypto authenticators in securing cryptographic keys and managing authentication mechanisms.

  • Common Criteria Certification
    The Common Criteria Recognition Arrangement (CCRA) is an international framework that provides standards for evaluating TPM products. The framework is available for both TPM 1.2 and TPM 2.0, which outline specific protection profiles and security requirements for the evaluation criteria.

  • Windows requirements
    Microsoft does not allow upgrading computers to its Windows 11 operating system in the absence of a TPM 2.0 chip. For more details, see the Microsoft Support article Enable TPM 2.0 on your PC.

Using TPM-encrypted keys with NXLog

You can use TPM-based encryption with all NXLog modules that support TLS/SSL, such as the SSL and HTTPS input and output modules. I will now show you how easy it is to transfer logs securely using TPM-encrypted keys and NXLog.

Example 1. Configuring NXLog to use certificates with non-exportable keys

This configuration listens for log data via NXLog’s im_ssl module. The connection is secured with a certificate read from the Local Computer/Personal certificate storage, while its key is read from a TPM chip. This is done by setting thumbprints for the Certificate Authority (CA) and the certificate.

That’s it. No private keys and no passwords are needed.

<Input in>
    Module                im_ssl                                      (1)
    ListenAddr            192.168.1.10:1514                           (2)
    UseCNGCertificates    TRUE                                        (3)
    CAThumbprint          60baa2372191f0d59e68c1fc419d3a61679a0977    (4)
    CertThumbprint        cb48c5f9662c7ea8d90dbd40c283453395492408    (5)
</Input>
1 Specifies that SSL/TSL transport is used in the connection via the im_ssl module. For more details, see the im_ssl documentation in the NXLog Agent Reference Manual.
2 It specifies the address and port to listen to. For more details, see the ListenAddr directive in the im_ssl documentation.
3 This directive instructs the configuration to use CNG certificates. For more information, see the UseCNGCertificates directive in the NXLog Enterprise Edition Reference Manual.
4 Specifies the thumbprint of the certificate authority (CA) certificate. The CAThumbprint directive is in the im_ssl documentation.
5 Specifies the certificate’s thumbprint that is presented to the remote client during the SSL handshake. See the CertThumbprint directive in the NXLog agent Reference Manual.

Conclusion

As discussed in this blog post, TPM encryption and non-exportable keys offer a more secure method for transferring log data over the network. The inherent design of TMP chips ensures that encryption keys are kept safe even if other measures fail. However, using hardware-based encryption keys is not only a technical improvement but is also becoming a regulatory requirement.

An increasing number of compliance regulations list the necessity to keep encryption keys in FIPS-compliant hardware. This trend will likely continue and the number of compliance mandates with such requirements will likely grow over time.

At NXLog, everything revolves around security. We are dedicated to supporting the latest security standards to safeguard the integrity of our clients' log data. By integrating TPM-based encryption into our software, we ensure that your data is compliant with current regulations and secured against malicious threats.

NXLog Platform is an on-premises solution for centralized log management with
versatile processing forming the backbone of security monitoring.

With our industry-leading expertise in log collection and agent management, we comprehensively
address your security log-related tasks, including collection, parsing, processing, enrichment, storage, management, and analytics.

Start free Contact us
  • encryption
  • TPM
  • compliance
  • encryption
Share

Facebook Twitter LinkedIn Reddit Mail
Related Posts

GLBA Compliance in 2024 - Reporting directly to the FTC
6 minutes | January 23, 2024
The story of the $1,900,000 penalty for insufficient log management
4 minutes | January 11, 2024
Log management for maritime cybersecurity compliance regulations
4 minutes | October 17, 2023

Stay connected:

Sign up

Keep up to date with our monthly digest of articles.

By clicking singing up, I agree to the use of my personal data in accordance with NXLog Privacy Policy.

Featured posts

Announcing NXLog Platform 1.6
April 22, 2025
Announcing NXLog Platform 1.5
February 27, 2025
Announcing NXLog Platform 1.4
December 20, 2024
NXLog redefines log management for the digital age
December 19, 2024
2024 and NXLog - a review
December 19, 2024
Announcing NXLog Platform 1.3
October 25, 2024
NXLog redefines the market with the launch of NXLog Platform: a new centralized log management solution
September 24, 2024
Welcome to the future of log management with NXLog Platform
August 28, 2024
Announcing NXLog Enterprise Edition 5.11
June 20, 2024
Raijin announces release of version 2.1
May 31, 2024
Ingesting log data from Debian UFW to Loki and Grafana
May 21, 2024
Announcing NXLog Enterprise Edition 6.3
May 13, 2024
Raijin announces release of version 2.0
March 14, 2024
NXLog Enterprise Edition on Submarines
March 11, 2024
The evolution of event logging: from clay tablets to Taylor Swift
February 6, 2024
Migrate to NXLog Enterprise Edition 6 for our best ever log collection experience
February 2, 2024
Raijin announces release of version 1.5
January 26, 2024
2023 and NXLog - a review
December 22, 2023
Announcing NXLog Enterprise Edition 5.10
December 21, 2023
Raijin announces release of version 1.4
December 12, 2023
Announcing NXLog Enterprise Edition 6.2
December 4, 2023
Announcing NXLog Manager 5.7
November 3, 2023
Announcing NXLog Enterprise Edition 6.1
October 20, 2023
Raijin announces release of version 1.3
October 6, 2023
Upgrading from NXLog Enterprise Edition 5 to NXLog Enterprise Edition 6
September 11, 2023
Announcing NXLog Enterprise Edition 6.0
September 11, 2023
The cybersecurity challenges of modern aviation systems
September 8, 2023
Raijin announces release of version 1.2
August 11, 2023
The Sarbanes-Oxley (SOX) Act and security observability
August 9, 2023
Log Management and PCI DSS 4.0 compliance
August 2, 2023
Detect threats using NXLog and Sigma
July 27, 2023
HIPAA compliance logging requirements
July 19, 2023
Announcing NXLog Enterprise Edition 5.9
June 20, 2023
Industrial cybersecurity - The facts
June 8, 2023
Raijin announces release of version 1.1
May 30, 2023
CISO starter pack - Security Policy
May 2, 2023
Announcing NXLog Enterprise Edition 5.8
April 24, 2023
CISO starter pack - Log collection fundamentals
April 3, 2023
Raijin announces release of version 1.0
March 9, 2023
Avoid vendor lock-in and declare SIEM independence
February 13, 2023
Announcing NXLog Enterprise Edition 5.7
January 20, 2023
NXLog - 2022 in review
December 22, 2022
Need to replace syslog-ng? Changing to NXLog is easier than you think
November 23, 2022
The EU's response to cyberwarfare
November 22, 2022
Looking beyond Cybersecurity Awareness Month
November 8, 2022
GDPR compliance and log data
September 23, 2022
NXLog in an industrial control security context
August 10, 2022
Raijin vs Elasticsearch
August 9, 2022
NXLog provides native support for Google Chronicle
May 11, 2022
Aggregating macOS logs for SIEM systems
February 17, 2022
How a centralized log collection tool can help your SIEM solutions
April 1, 2020

Categories

  • SIEM
  • STRATEGY
  • SECURITY
  • ANNOUNCEMENT
  • DEPLOYMENT
  • COMPLIANCE
  • COMPARISON
logo

Subscribe to our newsletter to get the latest updates, news, and products releases. 

© Copyright 2024 NXLog FZE.

Privacy Policy. General Terms of Use

Follow us

  • Product
  • NXLog Platform 
  • Log collection
  • Log management and analysis
  • Log storage
  • Integration
  • Professional Services
  • Plans
  • Resources
  • Documentation
  • Blog
  • White papers
  • Videos
  • Webinars
  • Case studies
  • Community Program
  • Community forum
  • Support
  • Getting started guide
  • Support portals
  • About NXLog
  • About us
  • Careers
  • Find a reseller
  • Partner program
  • Contact us