A Public Key Infrastructure (PKI) is a group of technologies used to request, create, manage, store, distribute, and revoke digital certificates. A PKI allows two entities to privately share symmetric keys without any prior communication.
Monthly Archives: May 2016
Using Cryptographic Protocols
When using digital signatures with email: The sender’s private key encrypts (or signs). The sender’s public key decrypts. A digital signature provides authentication (verified identification) of the sender, nonrepudiation, and integrity of the message. Senders create a digital signature by hashing a message and encrypting the hash with the sender’s private key. Recipients decrypt the […]
What are Symmetric Encryption Methods?
Symmetric encryption uses the same key to encrypt and decrypt data. As an example, Remote Authentication Dial-In User Service (RADIUS) uses a shared key for symmetric encryption. AES is a popular symmetric block encryption algorithm, and it uses 128, 192, or 256 bits for the key. DES is an older, symmetric block encryption algorithm. 3DES […]
What is HTTPS?
HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layering. HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server.
An example of an organization’s hiring process that I personally experienced
Do not think that an extended hiring process means you will get an offer. Take a look at this recent and actual hiring process that I personally experienced: I submitted my resume to a Security Analyst job posting in late January 2016 On Feb 9th, I had a phone Interview with the HR Representative. It […]
Topics Covered in InfoSec Technical Interviews
If you have a technical interview coming up, make sure to review the topics below. This list is expansive but not inclusive of everything you need to know. For those who don’t know, technical interviews are usually organized in a way that there are two rounds – one has direct questions and the other has […]
What is NAT vs. Bridged vs. Host-Only?
Host-Only: Host-only networking is another networking mode that was added with version 2.2 of VirtualBox. It can be thought of as a hybrid between the bridged and internal networking modes: as with bridged networking, the virtual machines can talk to each other and the host as if they were connected through a physical Ethernet switch. […]
The 2016 Concise Top Ten Hacker Tools List
Via Concise Courses, an excellent resource for InfoSec students and professionals: This Hacking Tools list is partly based on the Kali Linux Distro Tools ‘Top Ten’ and our own community’s feedback from a ‘favourite hacking tools poll’ we did a while back. Anyways, the links below take you to videos, books, tutorials and much more! […]
What is SNORT?
Snort is an open source Network Intrusion Detection System (NIDS) which is available free of cost. NIDS is the type of Intrusion Detection System (IDS) that is used for scanning data flowing on the network. There are also host-based intrusion detection systems, which are installed on a particular host and detect attacks targeted to that […]
What are the similarities and differences between an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS)?
Understanding IDSs and IPSs: • Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) inspect traffic using the same functionality as a protocol analyzer. • A host-based IDS (HIDS) can detect attacks on local systems such as workstations and servers. The HIDS protects local resources on the host and can detect some malware that isn’t […]