PKI # Public-Key Infrastructure Useful for doing business with someone you don’t know, or don’t already have a digital signature for. Uses certificates Certificate is a standardized file containing a public key and digital signature from a trusted 3rd party. SSL certificates are an example of this. Root certificate authorities sign a cert or create an intermediary cert Comodo, Symantec, GoDaddy are examples https://en. ...
Point-to-Point Protocol (PPP) # Enables two point-to-point devices to connect, authenticate with a user and password, and negotiate the network protocol the two devices will use. Password Authentication Protocol (PAP) # Simply transmits the username and password over the connection in plaintext. Challenge Handshake Authentication Protocol (CHAP) # Relies on hashes based on a shared secret, usually a password that both ends of the connection know. Initiator initiates connection Authenticator creates challenge message The initiator makes a hash using the password; sends to authenticator Authenticator compares the value to its own hash calculation based on the password. ...
Making TCP/IP Secure # Encryption Substitution XOR Symmetric-Key Encryption Asymmetric-Key Cryptography Encryption and OSI Integrity Hash Nonrepudiation Digital Signatures PKI Authentication Authorization TCP/IP Security Standards # User Authentication Standards PPP AAA RADIUS TACACS+ Kerberos Encryption Standards SSH Tunneling Combining Authentication and Encryption SSL/TLS IPsec Secure TCP/IP Applications # HTTPS SCP SFTP SNMP LDAP NTP
Security # CompTIA Security+ # Books # CompTIA Security+ Get Certified Get Ahead: SY0-701 Professor Messer SY0-601 Security+ Course Notes Professor Messor SY0-701 Security+ Course Notes Exam Objectives # CompTIA SY0-601 Exam Objectives CompTIA SY0-701 Exam Objectives Video Courses # Professor Messer’s CompTIA SY0-701 Security+ Training Course Videos # MIT’s Missing Semester - Security and Cryptography Notes # 20220321163659-root-pw-rotation
A security association (SA) is the establishment of shared security attributes between two network entities to support secure communication. The framework for establishing security associations is provided by the Internet Security Association and Key Management Protocol (ISAKMP). Protocols such as Internet Key Exchange (IKE) and Kerberized Internet Negotiation of Keys (KINK) provide authentication keying material. Source # Wikipedia - Security Association
SSH Client #
ssh-copy-id # Copy public keys to a remote host’s ~/.ssh/authorized_keys file. Not technically part of OpenSSH. Helper utility written as a drop-in replacement for an existing utility in OpenSSH. Source - freebsd.org Example usage: ssh-copy-id -i ~/.ssh/id_ed25519.pub <user>@<IP Address>
SSL # Secure Sockets Layer Process: Client requests access to an SSL-secured server Server sends the client a copy of the SSL Certificate The SSL client checks the certificate against CA roots Client negotiates a symmetric-key cipher for use in the session Session is now secure with an encrypted tunnel SSL is limited to HTML , FTP , SMTP , and a few older TCP applications. ...
The CIA Triad # Confidentiality Integrity Availability Confidentiality # Preventing unauthorized users from accessing data. Passwords Encryption Access control Integrity # Ensuring the data hasn’t been altered. Hashing Message authentication Availability # Making sure systems and data are available for authorized users. Backups Redundant systems Disaster recovery plans These support fault tolerance and availability.