- The document discusses cryptography concepts like symmetric and asymmetric encryption, hashing, and digital signatures. It uses an example of Alice communicating securely with Bob to illustrate these concepts and how threats like eavesdropping and message tampering can be countered.
- It then explains how Transport Layer Security (TLS) incorporates all these countermeasures to provide confidentiality, integrity, authentication for network communication, most commonly used to secure HTTPS connections on the web.
- Some current issues with TLS are discussed like attacks that have been found and problems with certificate authorities, but overall it remains very important for network security. Users and developers are encouraged to properly configure and use TLS.
VenkaSure Total Security+ offers complete protection for in-home and mobile users – including home or office networks, public Wi-Fi hotspots and cellular data networks.
VenkaSure Code Emulations proactively identify unknown malware in real-time. The complex Antivirus System acts as a single, unified scanning engine, providing comprehensive protection without compromising speed and stops zero-day threats as they emerge. VenkaSure Real-time Protection runs behind the scenes, inside the windows kernel, checking for malicious activity, preventing before it can execute. The Antivirus System also removes all traces of viruses, spyware, malware and other threats from process and registry.
We often hear that viruses do not affect Linux systems. If it was only true... To understand why there is malware in the first place, we look at the reasons for evildoers to create harmful software. When that is clear, we move on by defining several types of malware, to finally focus on a very particular one, the rootkit. A quick course into the cleverness of rootkits follows, with the related challenges it offers for detection. We close the session by giving tips on detection and prevention.
Windows attacks receive all the attention. However, Mac and Linux have gained in popularity with the adversary. This session will focus on common Mac attack vectors and other cross-platform hacks that are typically seen in enterprise intrusions. We will also cover practical counter measures to make these alternate platforms more resilient.
(Source: RSA USA 2016-San Francisco)
VenkaSure Total Security+ offers complete protection for in-home and mobile users – including home or office networks, public Wi-Fi hotspots and cellular data networks.
VenkaSure Code Emulations proactively identify unknown malware in real-time. The complex Antivirus System acts as a single, unified scanning engine, providing comprehensive protection without compromising speed and stops zero-day threats as they emerge. VenkaSure Real-time Protection runs behind the scenes, inside the windows kernel, checking for malicious activity, preventing before it can execute. The Antivirus System also removes all traces of viruses, spyware, malware and other threats from process and registry.
We often hear that viruses do not affect Linux systems. If it was only true... To understand why there is malware in the first place, we look at the reasons for evildoers to create harmful software. When that is clear, we move on by defining several types of malware, to finally focus on a very particular one, the rootkit. A quick course into the cleverness of rootkits follows, with the related challenges it offers for detection. We close the session by giving tips on detection and prevention.
Windows attacks receive all the attention. However, Mac and Linux have gained in popularity with the adversary. This session will focus on common Mac attack vectors and other cross-platform hacks that are typically seen in enterprise intrusions. We will also cover practical counter measures to make these alternate platforms more resilient.
(Source: RSA USA 2016-San Francisco)
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue AgainIgor Korkin
The security of a computer system depends on the OS kernel protection. It is crucial to reveal and inspect new attacks on kernel data, which can be used by hackers. The idea of this paper is to continue the research into attacks on dynamically allocated data in the Windows OS kernel and demonstrate the opportunities of MemoryRanger to prevent these attacks. This paper demonstrates three new hijacking attacks on kernel data, which are based on bypassing OS security mechanisms. The first two hijacking attacks result in illegal access to the files open in exclusive access. The third attack escalates process privileges, without applying token swapping. Although Windows security experts issue new protection features, access attempts to the dynamically allocated data in kernel are not fully controlled. MemoryRanger hypervisor is designed to fill this security gap. The updated MemoryRanger prevents these new attacks as well as supporting the Windows 10 1903 x64.
Palestra realizada por Joilson Rabelo durante a 4a. ediação da Nullbyte Security Conference em 18 de novembro de 2017.
Resumo:
Uma das premissas em rust é ser uma linguagem segura, rápida, que previne "segfaults" e data races Nesta talk faremos uma análise dos aspectos de segurança em rust e quais desafios trará para os pesquisadores da área.
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...Igor Korkin
All the details are here - http://bit.ly/AllMemPro
One of the main issues in the OS security is providing trusted code execution in an untrusted environment. During executing, kernel-mode drivers dynamically allocate memory to store and process their data: Windows core kernel structures, users’ private information, and sensitive data of third-party drivers. All this data can be tampered with by kernel-mode malware. Attacks on Windows-based computers can cause not just hiding a malware driver, process privilege escalation, and stealing private data but also failures of industrial CNC machines. Windows built-in security and existing approaches do not provide the integrity and confidentiality of the allocated memory of third-party drivers. The proposed hypervisor-based system (AllMemPro) protects allocated data from being modified or stolen. AllMemPro prevents access to even 1 byte of allocated data, adapts for newly allocated memory in real time, and protects the driver without its source code. AllMemPro works well on newest Windows 10 1709 x64.
Linux is considered to be a secure operating system by default. Still there is a lot to learn about system hardening and technical auditing. This 1-hour presentation explains the need for hardening and auditing of your systems. We discussed some additional documents and tools, to further help this endeavor.
This presentation is suitable for both beginners and those with experience in system hardening.
How Many Linux Security Layers Are Enough?Michael Boelen
Talk about Linux security and the related possibilities to secure your systems. Several areas are discussed, like what is possible, how to select the right security measures and tips to implement them.
Some subjects passing by in the presentation are file integrity (IMA/EVM), containers like Docker, virtualization.
The referenced tool Lynis can be downloaded freely from https://cisofy.com/downloads/
This was an ISACA presentation by Nsale Ronnie a top hacker in Africa working with Ernst and Young. He demonstrated how other governments are leading by far in the nature of their espionage through hardware.
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue AgainIgor Korkin
The security of a computer system depends on the OS kernel protection. It is crucial to reveal and inspect new attacks on kernel data, which can be used by hackers. The idea of this paper is to continue the research into attacks on dynamically allocated data in the Windows OS kernel and demonstrate the opportunities of MemoryRanger to prevent these attacks. This paper demonstrates three new hijacking attacks on kernel data, which are based on bypassing OS security mechanisms. The first two hijacking attacks result in illegal access to the files open in exclusive access. The third attack escalates process privileges, without applying token swapping. Although Windows security experts issue new protection features, access attempts to the dynamically allocated data in kernel are not fully controlled. MemoryRanger hypervisor is designed to fill this security gap. The updated MemoryRanger prevents these new attacks as well as supporting the Windows 10 1903 x64.
Palestra realizada por Joilson Rabelo durante a 4a. ediação da Nullbyte Security Conference em 18 de novembro de 2017.
Resumo:
Uma das premissas em rust é ser uma linguagem segura, rápida, que previne "segfaults" e data races Nesta talk faremos uma análise dos aspectos de segurança em rust e quais desafios trará para os pesquisadores da área.
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...Igor Korkin
All the details are here - http://bit.ly/AllMemPro
One of the main issues in the OS security is providing trusted code execution in an untrusted environment. During executing, kernel-mode drivers dynamically allocate memory to store and process their data: Windows core kernel structures, users’ private information, and sensitive data of third-party drivers. All this data can be tampered with by kernel-mode malware. Attacks on Windows-based computers can cause not just hiding a malware driver, process privilege escalation, and stealing private data but also failures of industrial CNC machines. Windows built-in security and existing approaches do not provide the integrity and confidentiality of the allocated memory of third-party drivers. The proposed hypervisor-based system (AllMemPro) protects allocated data from being modified or stolen. AllMemPro prevents access to even 1 byte of allocated data, adapts for newly allocated memory in real time, and protects the driver without its source code. AllMemPro works well on newest Windows 10 1709 x64.
Linux is considered to be a secure operating system by default. Still there is a lot to learn about system hardening and technical auditing. This 1-hour presentation explains the need for hardening and auditing of your systems. We discussed some additional documents and tools, to further help this endeavor.
This presentation is suitable for both beginners and those with experience in system hardening.
How Many Linux Security Layers Are Enough?Michael Boelen
Talk about Linux security and the related possibilities to secure your systems. Several areas are discussed, like what is possible, how to select the right security measures and tips to implement them.
Some subjects passing by in the presentation are file integrity (IMA/EVM), containers like Docker, virtualization.
The referenced tool Lynis can be downloaded freely from https://cisofy.com/downloads/
This was an ISACA presentation by Nsale Ronnie a top hacker in Africa working with Ernst and Young. He demonstrated how other governments are leading by far in the nature of their espionage through hardware.
Domain 3: Security Engineering - Review (Part 2)
Virtualization and Distributed Computing, System Vulnerabilities, Threats and Countermeasures, Cornerstone Cryptographic Concepts, History of Cryptography, Types of Cryptography and Cryptographic Attacks
Your Thing is Pwned - Security Challenges for the IoTWSO2
The Internet of Things and Machine to Machine are growing areas, and security and privacy are prime issues. In this session security challenges are examined around using M2M devices with protocols such as MQTT & CoAP - encryption, federated identity and authorisation models in particular.
On the topic of encryption, we’ll examine securing MQTT with TLS, challenges with Arduino, and using hardware encryption for microcontrollers. A key privacy requirement for user-centric IoT use cases will be giving users control over how their things collect and share data. On the Internet, protocols like OAuth 2.0, OpenID Connect & User Managed Access have been defined to enable a privacy-respecting user consent & authorization model. We'll look at the issues with applying these protocols to the M2M world and review existing proposals & activity for extending the above M2M protocols to include federated identity concepts.
The session included a live demonstration of Arduino and Eclipse Paho inter-operating secured by OAuth 2.0.
An overview on how WebRTC was written from the ground up with some specific concepts in mind, specifically to try and address Security, Authentication and Privacy the right way.
This presentation contains the contents pertaining to the undergraduate course on Cryptography and Network Security (UITC203) at Sri Ramakrishna Institute of Technology. This covers a case study on the heartbleed bug, a major security issue faced by the internet community in 2014 due to implementation issues.
No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...Aaron Zauner
Presented at hack.lu 2015.
Abstract—TLS is the most widely used cryptographic protocol on the Internet. While many recent studies focused on its use in HTTPS, none so far analyzed TLS usage in e-mail related protocols, which often carry highly sensitive information. Since end-to-end encryption mechanisms like PGP are seldomly used, today confidentiality in the e-mail ecosystem is mainly based on the encryption of the transport layer. A well-positioned attacker may be able to intercept plaintext passively and at global scale.
We collected and scanned a massive data-set of 20 million IP/port combinations of all related protocols (SMTP, POP3, IMAP) and legacy ports. Over a time span of approx. three months we conducted more than 10 billion TLS handshakes. Additionally, we show that securing server-to-server communication using e.g. SMTP is inherently more difficult than securing client-to- server communication. Lastly, we analyze the volatility of TLS certificates and trust anchors in the e-mail ecosystem and argue that while the overall trend points in the right direction, there are still many steps needed towards secure e-mail.
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...EC-Council
Over the past year, Tripwire Security Researchers Tyler Reguly and Andrew Swoboda have invested numerous hours into understanding the Microsoft Remote Desktop Protocol, specifically the pre-authentication portions of RDP. The Microsoft Open Protocol Specifications were heavily utilized for this projected and, while both researchers had used the specifications before, neither had fully realized their usefulness to security researchers. This session will be a discussion of The Microsoft Open Protocol Specification with RDP as the example. The culmination of the session will be the release of a new RDP Fuzzer and a discussion around the vulnerabilities it has already discovered.
Attendees can expect to walk away with a strong understanding of the Microsoft Open Protocol Specifications and how they can leverage them to build protocol implementations and fuzzers, as well as investigate inherent flaws and discover new vulnerabilities. Attendees will have a better understanding of the pre-authentication RDP connection sequence and exactly what data is exchanged and what an attacker can deduce from this communication. Finally, attendees will gain insight into new RDP vulnerabilities.
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)Jakub Botwicz
Presentation about 3rd release of Cotopaxi toolkit from Black Hat Europe 2019 Arsenal session. Author: Jakub Botwicz
https://www.blackhat.com/eu-19/arsenal/schedule/index.html#cotopaxi-iot-protocols-security-testing-toolkit-18201
With ever increasing Connectivity options, Security Protocols and Sophisticated Human Interfaces, Software and AP developers find themselves caught more deeply in the dichotomy of dealing with increasing complexity of designs and shrinking timelines. Resource constraints and constantly evolving software landscape provide challenges to software Integration that have to be overcome to enable designers to focus on the actual application.
Developers need a Modular Software Framework that accelerates software integration, provides flexible programming options and enables application re-use across multiple platforms. “That framework is MPLAB® Harmony.”
Join us for the webinar series where we provide a technical overview of MPLAB® Harmony, Live tool demos, Microchip and third party Middleware support and finally demonstrate how Harmony accelerates software integration and moves development focus and resources to Application Development and testing.
"This workshop is for pentesters, security researchers or someone looking to get into IoT security but is reluctant due to the wide range of technologies involved and plethora of different tools. While it does require a considerable amount of knowledge in the domain, it is not as difficult as you may think. In this workshop we will introduce you to some of the important concepts and EXPLIoT framework in a very simple way that can be used for the various IoT attack vectors. The primary focus of this workshop is to introduce the attendees to the open source IoT Security Testing and Exploitation Framework - EXPLIoT (https://gitlab.com/expliot_framework/expliot) and enable them to use as well as extend it by writing plugins for new IoT based exploits and analysis test cases. It’s a flexible and extendable framework that would help the security community in writing quick IoT test cases and exploits. The objectives of the framework are:
1. Easy to use
2. Extendable
3. Support for hardware, radio and IoT protocol analysis
EXPLIoT currently supports the following protocols which can be utilized for writing new plugins/exploits:
1. Radio – BLE , Zigbee
2. Network – MQTT, CoAP, DICOM, MODBUS, MDNS, NMAP, TCP, UDP
3. Hardware – CAN, SPI, I2C, UART, JTAG
This talk would give attendees a first-hand view of the functionality, how to use it and how to write plugins to extend the framework."
In April 2004, a bold experiment by the Infosecurity Tradeshow in London proved what everyone suspected, over 70% of people passing through Liverpool Street Station would reveal their password in exchange for candy (http://news.bbc.co.uk/2/hi/technology/3639679.stm). Some commentators applauded this validation of a previously unproven assumption about Londoner’s attitudes towards password secrecy. Other commentators had serious ethical concerns with the experiment.
This candy-for-password experiment got me thinking about health privacy/security experiments. Many suspect that the healthcare system has serious human and technical privacy vulnerabilities, but how can we validate this suspicion? Would a patient hand over their provincial health number for a chocolate bar? Would a medical professional hand over a patient’s information for a chai latte? The more I thought about it, the more extreme – and both frightening and funny – the research projects became.
After a journey through the history of spiritualists and homeopaths, and the magicians that debunk them, Chris reveals six tips for privacy officers to use when dealing with information security vendors and professionals.
My half of a tag team presentation for the Edmonton, Alberta, Canada ISACA chapter with renderman (http://www.renderlab.net), dealing with what is wrong with information security today. I, of course, was the suit. It looks like SlideShare bungled some of my slides. Click the download link to get the PowerPoint version.
For years security professionals have been telling us not to follow links or open attachments from untrusted sources, not to click “Ignore” on your browser’s security pop-ups, and not to insert untrusted thumb drives into your USB ports. Do you want to see what can happen with your own eyes? This lunch hour session will show you how to download, install, configure, and use the basic features of Dave Kennedy’s open source hacker tool, the Social Engineering Toolkit.
Another Hacker Tool Talk from the Fujitsu Edmonton Security Lab. This presentation looks at how to install and use Maltego CE v 3.0 for open source intelligence (OSINT) gathering.
With the advent of Google Maps, and other similar services, GIS became part of main stream digital culture. Now millions of Internet users, all with no formal GIS training, interact with spatial information on a daily basis. Sharing and collaboration involving spatial data has become a key feature of "social networking" and the "Web 2.0" movement. This presentation explores examples of how Internet users have colonized digital representations of physical space in order to express their identities online. Marshall Mcluhan said that people gave greater focus to their visual faculty, at the expense of our other senses, following the advent of the printing press. Understanding popular GIS holds part of the answer to the question: How is humanity changing as our attention is increasingly focused on imaginary spaces - even if the imaginary spaces are loosely based on real space?
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
Alice and bob: Love & the most important crypto on the net
1. Alice & Bob
Love & the most important crypto on the net
Chris Hammond-Thrasher
chris.hammond-thrasher<at> ca.fujitsu.com
Twitter: <at> thrashor
Fujitsu Human Centric Security
22 October 2016
1Fujitsu Edmonton Security Lab
2. Agenda
• Meet Alice & Bob
• Alice using the most important crypto on the net
• How you can protect yourself
2Fujitsu Human Centric
3. First Some Terms
• Cryptology
• Cryptography
• Encryption
• Steganography
• Threat
• Countermeasure
Fujitsu Human Centric Security 3
4. Meet Alice & Bob
(& Eve)
4Fujitsu Human Centric Security
13. Countermeasure:
Message digests
Fujitsu Human Centric Security 13
Alice Bob
EveI love you
I hate
you
I love you
Algorithm
(i.e. SHA-1)
I hate
you
=
3p8sf9JeGzr6
0+h
aC9F9mxANt
LM
L9ThxnotKPzt
hJ
7hu3bnORuT
6xI
=
L9ThxnotKPzt
hJ
7hu3bnORuT
6xI
L9ThxnotKPzt
hJ
7hu3bnORuT
6xI
X
X
14. Countermeasure:
Message digests
• Also known as:
– Hashes
– Cryptographic hashes
– Checksums
– One way functions
• Take an arbitrarily long input and produce a fixed length output
Fujitsu Human Centric Security 14
18. What does TLS do?
• It is most famously used in secure browser connections
• TLS has every countermeasure that Alice and Bob just used plus
more
• Provides transport layer security for any TCP or UDP communication,
including:
– Confidentiality
– Message integrity
– Endpoint validation
– Perfect forward secrecy
18Fujitsu Human Centric Security
19. Confidentiality in TLS 1.2
• Asymmetric encryption for key agreement
– Key exchange methods: RSA, DHE_RSA, DH_RSA, RSA_PSK,
ECDH_RSA, ECDHE_RSA, DHE_DSS, DH_DSS, ECDH_ECDSA,
ECDHE_ECDSA
• Symmetric encryption for messages
– TLS_RSA_WITH_AES_128_CBC_SHA is mandatory in TLS 1.2
– Other commonly supported symmetric encryption methods:
AES_256, RC4_128, 3DES
Fujitsu Human Centric Security 19
20. Message integrity in TLS 1.2
• Signatures (in certificates)
– DSS/DSA, RSA
• HMACs
– Using digest algorithms: MD5, SHA-1, SHA-2
Fujitsu Human Centric Security 20
21. End-point validation in TLS 1.2
• Certificates
– X.509 certificates (a signed public key)
– Certificate types: rsa_sign, dss_sign, ecdsa_sign, rsa_fixed_dh,
dss_fixed_dh, rsa_fixed_ecdh, ecdsa_fixed_ecdh
• Signatures
– DSS/DSA, RSA
Fujitsu Human Centric Security 21
22. Current issues with TLS
• The Internet Engineering Task Force (IETF) has published a list of
known attacks against TLS in RFC 7457
• Certificate Authority (CA) shenanigans
– Symantec increases Blue Coat’s snooping powers: http://motherboard.vice.com/read/a-controversial-
surveillance-firm-was-granted-a-powerful-encryption-certifica
– WOSIGN cuts corners & gets blocked by Mozilla and Apple:
http://www.pcworld.com/article/3129725/certificate-policy-violations-force-reform-at-startcom-and-
wosign.html
– COMODO messes up but claims they are not the only one: https://threatpost.com/comodo-issues-
eight-forbidden-certificates/115311/
Fujitsu Human Centric Security 22
23. The elephant in the room?
Fujitsu Human Centric Security 23
Creative Commons Licensed http://www.flickr.com/photos/bitboy/
24. Users can override cert problems
• Users have been trained to ignore certificate warnings!
Fujitsu Human Centric Security 24
25. Learn more
• Read Eric Rescorla’s book
http://www.amazon.ca/SSL-TLS-Designing-Building-Systems/dp/0201615983/ref=sr_1_2?ie=UTF8&qid=1314062737&sr=8-2
• Read the spec
http://tools.ietf.org/html/rfc5246
25Fujitsu Human Centric Security
26. Use your knowledge
• Developers and Server Admins
– Disable SSL 3 support
– Replace old SHA-1 certificates with 256-bit SHA-2 (aka SHA-256)
certificates
– Make sure your TLS code uses a good list of cipher suites – don’t rely on
the defaults!
– Make sure your code checks Certificates for validity, expiration, and
revocation
– Do not use self-signed certs without a good reason and beware of bargain
Certificate Authorities
– When coding web services, both the server and the client ought to present
valid certificates
26Fujitsu Human Centric Security
27. Use your knowledge
• Browser users
– Heed certificate warnings
– Learn how to interpret certificate warnings
– Be aware of the risks if you ignore a certificate warning
– If you are geeky enough, disable SSL 3 in your browsers
27Fujitsu Human Centric Security
28. Fujitsu Edmonton Security Lab 28
Thank you!
Want more presentations like this?
Is there a particular security tool or hack that you would like to see demoed?
Is there a security technology that you always wanted explained, but not in a boring way?
Chris Hammond-Thrasher
Fujitsu Human Centric Security
Email: chris.hammond-thrasher <at> ca.fujitsu.com
Twitter: <at> thrashor