20220419114857-challenge-response-authentication
Challenge-response authentication # https://en.wikipedia.org/wiki/Challenge%E2%80%93response_authentication
security
20220419115151-openssl
OpenSSL # Generate a Self-Signed Certificate # openssl req \ -newkey rsa:2048 -nodes -keyout domain.key \ -x509 -days 365 -out domain.crt Source: https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs See also # https://wiki.archlinux.org/title/OpenSSL https://www.openssl.org/
20220513122736-linux-firewall
Linux Firewall # RHEL and RHEL Clones # RHEL 7 and clones # Open ports in RHEL 7 and clones
Access Control
Access Control # Access control describes the mechanisms used to filter network traffic to determine who is and who is not allowed to access the network and network resources. Access Control Lists # Access-control list Mandatory Access Control # 20220315174137-mandatory-access-control Discretionary Access Control # Sources # Wikipedia - Access control
Authentication Authorization and Accounting (AAA)
Authentication Authorization and Accounting # (AAA) Solves many of the issues with PPP . Is designed for the idea of port authentication. Allowing remote users authentication to a particular point of entry (a port) to another network. Authentication : authenticate with any type of authentication method, usually username and password. Authorization : once authenticated determine what it has access to. ...
Data Loss Prevention
Data loss prevention (DLP) software detects potential data breaches/data ex-filtration transmissions and prevents them by monitoring, detecting and blocking sensitive data while in use (endpoint actions), in motion (network traffic), and at rest (data storage). Source: https://en.wikipedia.org/wiki/Data_loss_prevention_software
Defense in Depth
Defense in Depth #
DNS Cache Poisoning
DNS cache poisoning is when an attacker targets a DNS server to query a malicious DNS server. The Malicious server can then tell the target DNS server spoofed DNS information and the DNS server will cache that spoofed information. The solution is to use Domain Name System Security Extensions (DNSSEC) for domain name resolution. cite: CompTIA Network+
Encapsulating Security Payloads
Encryption
Scramble, mix up, or change data so that it can’t be read. Cipher General term for a way to encrypt data Algorithm Mathematical formula that underlies the cipher Substitution XOR Ciphertext The result of running cleartext through a cipher algorithm using a key Symmetric-Key Encryption