Ways to Manage Your SSH Keys and Identities
Feb 1,
2017
I wrote a series of blog posts a while ago about SSH authentication using cryptographic keys rather than passwords. I discussed why SSH keys provide easier authentication, how to set up an SSH key agent, and how to maintain multiple websites. There are two areas of security to consider regarding SSH. I think of them […]
authentication,
compliance,
ECC,
Elliptic Curve Cryptography,
HIPAA,
IAM,
Identity and Access Management,
linux,
PCI DSS,
public-key cryptography,
RSA,
Sarbanes-Oxley,
SARBOX,
Security-Enhanced Linux,
SELinux,
SOX,
ssh
Are You Absolutely Certain That You Have The Real Source Code?
Jul 18,
2016
Why would you want to build a Linux kernel? Maybe you realize that there’s a local root exploit possible on your kernel version. Maybe you want to take advantage of improved storage performance or extended network capability. Maybe you need a very specific kernel version to support a combination of your motherboard hardware plus network […]
Keeping Secrets: Select a Cipher
Jan 27,
2016
So you want to encrypt your sensitive information to protect its confidentiality. Good! But exactly how should this be done? There are many ciphers (or encryption algorithms) to choose from. Let’s see what choices are available. Splitting the Choices Selecting a cipher is like sharing bread with your friend. Wait. What? Let’s say you want […]
The Internet Has Serious Trust Problems
Apr 14,
2014
In Learning Tree’s System and Network Security Introduction course we talk about how digital signatures work, and how they are used to create x509.v3 digital certificates, which in turn are used to secure your connections to web servers. The connections are secured in two ways. First, by verifying the identity of the server to which […]