Skeptical Looks at Cryptography
We cannot have cyber security without cryptography! Confidentiality requires encryption of the sensitive data. Integrity is important, hash functions let us detect inappropriate modification of data and system configurations. Authentication of users and hosts can be done in many ways, and the more secure methods involve hash functions, encryption, or some combination of the two. […]
What Are Traffic Analysis and Metadata?
In Learning Tree’s System and Network Security Introduction we discuss “traffic analysis,” noting that even if data are encrypted, one can still find out information by looking at who is sending encrypted data to whom. Along that same line, there has been a lot of discussion in the press recently about “metadata” – information about […]
Is Curtailing the Use of Encryption Apps a Good Idea?
Here in the US, and indeed in the press around the world, there are new calls to curtail the use of encryption. I suppose it is natural for politicians to seek boogeymen. Encryption is a good one as it just sounds like something only governments and bad guys would want to use. Never mind that […]
Find Your Hidden Services
When you are inventorying network services as part of a security audit, make sure that you find all your hidden services! I don’t mean a hidden server as with the so-called “Deep Web”, something only accessible through Tor, but instead a network service that you might overlook on a known server. I was reminded of […]
More Cyber Security Resources
The popular blogger and writer Cathy Reisenwitz had a blog post recently listing some Groups to Follow for Tech, Science and Telecommunications Policy. This reminded me of my post some time ago about Keeping Current. She listed some great sites including the EFF and CDT. Her post got me thinking about cyber security resources and […]