Writing /var/www/html/john.de-graaff.net/webroot/wiki/data/cache/b/bf111e76e59a388c9525e3ec822a9d12.xhtml failed

Differences

This shows you the differences between two versions of the page.

--- links:security [2016/02/19 10:42]
jdg [Secure Timestamp]
+++ links:security [2019/03/06 07:33]
@@ Line 1: / Line 1: @@
-====== Security Links ======
-==== SSL / TLS ====
-  * Wikipedia about [[wp>Secure_Sockets_Layer|SSL/TLS]]
-=== OpenSSL ===
-  * OpenSSL -> http://www.openssl.org/
-  * http://dev.openssl.org/
-  * [[http://www.sslshopper.com/article-most-common-openssl-commands.html|The Most Common OpenSSL Commands]]
-  * [[http://shib.kuleuven.be/docs/ssl_commands.shtml|A few frequently used SSL commands]]
-  * [[http://www.madboa.com/geek/openssl/|OpenSSL Command-Line HOWTO]]
-  * OpenSSL vulnerability in Debian -> http://www.debian.org/security/2008/dsa-1571
-  * OpenSSL for Windows (link from Colubris) \\ -> http://www.slproweb.com/products/Win32OpenSSL.html
-Test SMTP-over-SSL:
-<code>
-openssl s_client -verify 3 -showcerts -connect host.domain.net:3525
-</code>
-==== X509 Certificates ====
-  * [[wp>X509]] is an ITU-T standard for a public key infrastructure (PKI), specifies public key certificates.
-  * Public Key Cryptography Standards -> [[wp>PKCS]]
-  * A [[wp>Privacy-enhanced_Electronic_Mail|.PEM]] file may contain certificate(s) or private key(s), enclosed between the appropriate BEGIN/END-lines ([[wp>Base64]] encoded).
-  * [[wp>DER]] (Distinguished Encoding Rules) is a different format (non-Base64)
-  * Common [[wp>X.509#Certificate_filename_extensions|Certificate filename extensions]] for X.509 certificates are:
-    * .pem - (Privacy Enhanced Mail) Base64 encoded DER certificate
-    * .cer, .crt, .der - usually in binary form (DER), but Base64-encoded (PEM) certificates are common too.
-    * .p7b, .p7c - PKCS7 SignedData structure without data, just certificate(s) or CRL(s)
-    * .p12 - PKCS12, may contain certificate(s) (public) and private keys (password protected)
-    * .pfx - PFX, predecessor of PKCS#12 (usually contains data in PKCS#12 format, e.g., with PFX files generated in IIS)
-  * PKCS#7 is a standard for signing or encrypting (officially called "enveloping") data.
-  * PKCS#10 is Certification Request Standard (CSR)
-  * PKCS#12 evolved from the PFX (Personal inFormation eXchange) standard and is used to exchange public and private objects in a single file.
-  * http://www.cacert.org/
-  * http://www.rapidssl.com/
-  * http://www.sslcertificaten.nl/
-  * http://www.instantssl.com/
-  * [[
-http://www.instantssl.com/ssl-certificate-products/free-ssl-certificate.html?entryURL=http%3A//www.instantssl.com/|
-Free SSL Certificate (Comodo)
-]]
-  * [[http://msexchangeteam.com/archive/2007/02/19/435472.aspx|
-Exchange 2007 lessons learned - generating a certificate with a 3rd party CA]]
-  * [[http://blog.palantirtech.com/2008/06/23/pkcs12/|
-SSL HOWTO: using openssl to get keys into PKCS#12 format]]
-  * Multi-site certification voor MS Exchange, zie \\ -> http://www.sslcertificaten.nl/multidomein.php
-  * multi-site = Unified Communications Certificaten (UCC)
-  * SAN: The Subject Alternative Name field explained \\ -> http://www.digicert.com/subject-alternative-name.htm
-  * [[wp>Comparison_of_SSL_certificates_for_web_servers|Comparison of SSL certificates for web servers]]
-  * EVC = [[wp>Extended_Validation_Certificate|Extended Validation Certificate]]
-  * Extended Validation -> https://www.sslcertificaten.nl/GroeneAdresbalk
-  * Generate UCC cert on Exchange-2007 -> https://www.digicert.com/easy-csr/exchange2007.htm
-  * OCSP = [[ http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
-|Online Certificate Status Protocol]] (alternative to CRL)
-==== Publicly Signed SSL certificates ====
-  * Xolphin -> http://www.sslcertificaten.nl/
-  * SSL.NU -> https://www.ssl.nu/nl/
-==== Security ====
-  * MD5/SHA1 database -> http://md5.rednoize.com/
-  * MD5 GUI for Windows -> http://www.toast442.org/md5/
-==== SSH ====
-  * http://www.openssh.com/
-  * [[ http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
-|Putty]]
-  * [[
-http://the.earth.li/~sgtatham/putty/0.53b/htmldoc/Contents.html
-|Putty User Manual]]
-  * [[wp>ssh]]
-  * http://sial.org/howto/openssh/publickey-auth/
-  * http://www.ece.uci.edu/~chou/ssh-key.html
-  * http://www.csua.berkeley.edu/~ranga/notes/ssh_nopass.html
-  * Slashdot -> [[
-http://it.slashdot.org/article.pl?sid=08/05/13/1533212
-|Debian Bug Leaves Private SSL/SSH Keys Guessable]]
-===== Secure FTP Overview =====
-  * [[wp>File_Transfer_Protocol|FTP]] is insecure: both the control-channel (login, dir list, get/put cmds) and the data-channel (file upload/download) is clear-text
-  * There are 3 "Secure FTP" versions ([[wp>FTP_over_SSH#Secure_FTP|overview]]):
-    * [[wp>FTPS]] = FTP over SSL
-      * Explicit FTPS = FTPES (negotiates AUTH) \\ The CCC (Clear Command Channel) command revert the control-channel back to cleartext to allow NAT-routers to snoop the data-channels ports.
-      * Implicit FTPS (deprecated)
-    * [[wp>SSH_File_Transfer_Protocol|SFTP]] = SSH-FTP (is a SSH native file-transfer protocol, like SCP)
-    * [[wp>FTP_over_SSH#FTP_over_SSH_.28not_SFTP.29|FTP-over-SSH]]
-==== SFTP/SCP ====
-  * [[wp>SSH_file_transfer_protocol|SFTP]]
-  * [[
-http://www.cyberciti.biz/tips/rhel-centos-linux-install-configure-rssh-shell.html
-|How to: Restrict Users to SCP and SFTP and Block SSH Shell Access with rssh]]
-  * rssh -> http://www.pizzashack.org/rssh/
-  * scponly -> http://www.sublimation.org/scponly/wiki/index.php/Main_Page
-==== Rootkit ====
-  * [[wp>Rootkit]]
-  * http://www.chkrootkit.org/
-  * http://rkhunter.sourceforge.net/
-  * http://www.ossec.net/
-==== Token ====
-  * Alladin Safeword Tokens \\ -> http://www.aladdin.com/safeword/authenticators.aspx
-  * http://www.aladdin.com/support/safeword/application-notes.aspx
-===== Encryption Apps =====
-==== Secure Editor ====
-  * [[
-http://www.andromeda.com/people/ddyer/notepad/NotepadCrypt.html
-|NotepadCrypt]]
-===== VPN tunneling =====
-==== IPsec ====
-  * [[wp>IPsec]]
-  * http://www.freeswan.org/freeswan_trees/freeswan-1.99/doc/ipsec.html
-  * IPSec Overview Part Four: Internet Key Exchange (IKE) \\ -> http://www.ciscopress.com/articles/article.asp?p=25474&seqNum=7
-  * http://www.tcpipguide.com/free/t_IPSecKeyExchangeIKE-2.htm
-  * Cisco: [[
-http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml#check
-|IPsec Troubleshooting: Understanding and Using debug Commands]]
-  * [[
-http://kb.juniper.net/InfoCenter/index?page=content&id=KB5633&cat=IPSEC&actp=LIST
-|What is IKE ID mode?]] \\ -> There are 2 IDs in an IKE exchange:
-<code>
-ID in phase 1 = authentication of the remote VPN gateway:
-  ID_IPV4_ADDR/ID_FQDN/ID_USER_FQDN/ID_DER_ASN1_DN
-ID used in phase 2 = proxy id = retrieved from the pre-configured policy =
-  ID_IPV4-ADDR/ID_IPV4_SUBNET/ID_IPV4_RANGE
-</code>
-<code>
-IPsec overview:
-- IKE phase 1: establish ISAKMP-SA (used to encrypt IKE phase-2)
-- IKE phase 2: establish IPsec-SA (used to encrypt IPsec ESP)
-- IPsec ESP tunneling
-IKE phase 1:
-- ISAKMP
-- match local/remote IKE ID (IP/FQDN/U-FQDN)
-- negotiate proposals with elements:
-  * d
-</code>
-==== OpenVPN ====
-Links to local pages:
-  * [[:links:openvpn|OpenVPN config examples]]
-  * [[:links:openvpn_notes|OpenVPN notes]]
-Links:
-  * James Yonan's OpenVPN -> http://openvpn.net/
-  * [[
-http://openvpn.net/index.php/documentation/manuals/openvpn-20x-manpage.html
-|OpenVPN 2.0 Manual page]]
-  * [[
-http://openvpn.net/index.php/open-source/documentation/manuals/69-openvpn-21.html
-|OpenVPN 2.1 Manual page]]
-  * [[
-http://openvpn.net/index.php/manuals/427-openvpn-22.html
-|OpenVPN 2.2 Manual page]]
-  * [[
-http://openvpn.net/index.php/documentation/install.html?start=1#running_as_windows_service
-|Running OpenVPN as a Windows Service]]
-  * OpenVPN GUI -> http://openvpn.se/
-  * Endian (an OpenVPN based VPN/Firewall) -> http://www.endian.com/
-  * Endian forked from IpCop -> http://www.ipcop.org/
-  * OpenVPN Web GUI (old) -> http://openvpn-web-gui.sourceforge.net/
-  * http://en.wikipedia.org/wiki/OpenVPN_infrastructure
-  * Article by SANS: OpenVPN and the SSL VPN Revolution \\ -> http://www.sans.org/reading_room/whitepapers/vpns/1459.php
-  * [[
-http://openvpn.se/files/howto/openvpn-howto_roll_your_own_installation_package.html|
-built your own OpenVPN install-script
-]]
-  * [[
-http://amigo4life.googlepages.com/openvpn|
-Active Directory Authentication for OpenVPN
-]]
-  * [[
-http://code.google.com/p/openvpn-auth-ldap/|
-OpenVPN Auth-LDAP Plugin
-]]
-  * Access Server -> http://openvpn.net/index.php/access-server/download-openvpn-as.html
-  * SurfBouncer uses OpenVPN -> http://www.surfbouncer.com/
-  * Tips OpenVPN on [[
-http://www.fiberworks.com/DNN/Support/OpenVPN/tabid/171/language/en-US/Default.aspx
-|Windows7]]
-  * http://easyopackager.sourceforge.net/
-  * OSPF over OpenVPN -> http://openmaniak.com/openvpn_routing.php
-==== IPsec clients ====
-  * Safenet SoftRemote (before NS Remote Client) \\ -> http://biz.safenet-inc.com/prod/software/index.asp
-  * AnthaVPN -> http://www.anthasoft.com/anthavpn-virtual-private-network.php
-  * The GreenBow -> http://thegreenbow.com/vpn.html
-  * [[
-http://forums.juniper.net/t5/Firewalls/Recommend-an-IPSec-Client-for-SSG-s/m-p/9555/message-uid/9555
-|Juniper/Netscreen IPsec client discusion]]
-  * (replacement Netscreen Secure Client): Universal IPsec VPN Client \\ -> van NCP-E: http://www.ncp-e.com/
-=== Open-Source IPsec clients ===
-  * http://www.shrew.net/download/vpn
-  * http://www.shrew.net/support/wiki/HowtoJuniperSsg
-  * http://sourceforge.net/projects/ivpn/
-==== IPsec info ====
-  * [[wp>IPsec]]
-  * IKE = [[wp>Internet_Key_Exchange|Internet Key Exchange]]
-  * Xauth = IKE Extended Authentication
-  * Cisco on [[
-http://www.cisco.com/en/US/docs/ios/12_1t/12_1t1/feature/guide/xauth.html
-|Xauth]]
-  * XAuth info -> [[
-http://www.unix-ag.uni-kl.de/~massar/vpnc/docs/draft-beaulieu-ike-xauth-02.txt
-|draft-beaulieu-ike-xauth-02.txt]]
-===== Linux Security =====
-  * picture from SNORT that shows traffic flow through Linux-kernel and netfilter (iptables):
-----
-{{:links:inline_netfilter.gif}}
-----
-===== Secure Timestamp =====
-  * https://en.wikipedia.org/wiki/Trusted_timestamping \\ According to the RFC 3161 standard, a trusted timestamp is a timestamp \\ issued by a trusted third party (TTP) acting as a Time Stamping Authority (TSA).
-===== Fortigate =====
-  * Fortigate FW from Fortinet
-  * Docs en SW -> http://docs.fortinet.com/fgt.html
-===== Tokens =====
-==== Aladdin SafeWord ====
-  * NZV 'Aladdin SafeWord 2008' -> http://www.aladdin.com/SafeWord/default.aspx
-  * SafeWord and Juniper -> http://www.aladdin.com/partners/findresults.aspx?id=231
-  * http://www.aladdin.com/etoken/solutions/secure-vpn-access.aspx
-===== Firewall =====
-  * [[wp>Port_knocking|Port knocking]]
-==== Juniper Netscreen ScreenOS ====
-  * Juniper KB: Configuring PPTP, IPSec pass-through or L2TP over IPSec solutions on a Juniper Firewall device \\ -> http://kb.juniper.net/InfoCenter/index?page=content&id=KB8536
-=== SSG-140 ===
-  * http://www.juniper.net/us/en/products-services/security/ssg-series/ssg140/
-=== SSG documentation ===
-  * http://www.juniper.net/techpubs/software/screenos/screenos6.2.0/index.html
-=== WebSense on Juniper ===
-  * http://www.websense.com/content/Juniper.aspx
-  * http://kb.juniper.net/KB4197
-==== Log Analyzer ====
-  * SecureWorks: [[
-http://www.secureworks.com/research/articles/firewall-primer
-|A Firewall Log Analysis Primer]]
-  * Stonylake Firewall Reporter -> http://www.stonylakesolutions.com/sls/about%20sfr.jsp
-  * ManageEngine Firewall Analyzer -> http://www.manageengine.com/products/firewall/
-  * SnortAlog -> http://jeremy.chartier.free.fr/snortalog/
-  * http://www.sawmill.net/products.html
-hint
-  * SNMP Traffic Grapher STG -> http://www.wtcs.org/informant/stg.htm
-===== Anti-Virus =====
-  * tips -> http://www.schoonepc.nl/optim/antivirussoftware.html
-  * tips -> http://www.pepermunt.net/beveiliging/gratis-antivirus.html
-  * [[
-http://www.av.eu/nl/producten/avast-free-antivirus?pageId=1&languageId=11&avast_antivirus_producten/avast_Free_Antivirus#.Uf0G121v_cs
-|avast!]

Website van John de Graaff

User Tools

Site Tools

Differences

Page Tools