Security Archive

« Older Entries
Newer Entries »

RFC4334 (obsoletes RFC3770) X.509 Extensions and Attributes for EAP-TLS WLANs

Posted May 9, 2014 By Landis V

https://www.rfc-editor.org/rfc/rfc4334.txt

Surprisingly short read, with incredibly little – effectively “no” – information on anyone actually implementing it.  Unsure at this point if anyone actually has, if it’s something that’s just done within larger proprietary systems, or whether it’s not done at all because clients don’t take advantage of it.  Virtually every reference I could find to “SSIDList” or “id-aca-wlanSSID” points back to the RFC documents.  This probably means that I need to create a few certificates, some with the attributes and some without, and test some clients to see if they will actually use the certificates automatically to associate to a WPA2 EAP-TLS protected network when they have a certificate with a matching ID.  Time will probably not allow for this at any point in the near future.

Be the first to comment
Filed in Links, Security, Wireless | Tagged:

GIAC Assessing Enterprise PKI Deployments document

Posted May 9, 2014 By Landis V

http://assesspki.googlecode.com/svn-history/r12/trunk/paper/assessing-enterprise-pki-deployments.docx

Good document with information on elements that should be present, and recommended values, for several common X.509 certificate use cases/types.

Be the first to comment
Filed in Links, Security | Tagged:

Survival Guide – TLS/SSL and SSL (X.509) Certificates (CA-signed and Self-Signed)

Posted May 9, 2014 By Landis V

http://www.zytrax.com/tech/survival/ssl.html

Helpful info.  Looks to be some other good reading on the site as well.

Be the first to comment
Filed in Links, Security | Tagged: , ,

Peter Gutmann’s X.509 Style Guide and implementation notes

Posted May 9, 2014 By Landis V

https://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt

Seems to get into some good depth, breaks up the material by interspersing relevant quotes.  Helps an otherwise dry topic.

Be the first to comment
Filed in Links, Security | Tagged: ,

RFC 5280 – Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List CRL Profile

Posted January 22, 2014 By Landis V

http://tools.ietf.org/html/rfc5280

Be the first to comment
Filed in Communications, Links, Security | Tagged:

New DDoS malware targets Linux and Windows systems – Network World

Posted December 24, 2013 By Landis V

http://www.networkworld.com/news/2013/121813-new-ddos-malware-targets-linux-277059.html

Linux has finally achieved enough market penetration to be worthwhile to attack.  Not desktop market penetration per se, but market penetration nonetheless.  The particular platforms where it can be found with relative frequency fundamentally contribute to the reasons the attacks are successful – they are home user devices that aren’t likely to be updated.  I surmise that within the next three to five years, we’ll see a tipping point where many of these network devices will default to automatically update themselves in much the same manner our operating systems, browsers, and many applications in both the mobile and desktop realm do today.

Be the first to comment
Filed in Links, Linux, Musings, Security | Tagged:

How open data can keep us safe

Posted November 25, 2013 By Landis V

http://www.networkworld.com/community/blog/how-open-data-can-keep-us-safe-criminals-and-fugitives

Great point regarding visibility into the entire process; makes a lot of sense. There’s a lot to consider around it (i.e., validating that the process chain hasn’t been tampered with), but it’s certainly feasible.

Be the first to comment
Filed in Links, Security
« Older Entries
Newer Entries »