Cisco IOS Internet Key Exchange version 1 (IKEv1) Vulnerability and Fix
Cisco IKEv1 is still popular in VPN configuration. Most of my vpn configuration is based on IKE v1 although there are more demands for v2. I had a post “Cisco…
Real-Time Cyber Attack Threat Map
More and more security companies use a webpage to show their monitored global security events such as the Live Status of Cyber Attacks being launched from where and who is…
Ransomware Locked Files on My Test Machine
One of my test machines which I am using to download and test software from Internet was hit by Ransomware recently. Check out what it did to my machine. In…
How Firewalls (Security Gateways) Handle the Packets? (Traffic Flow)
Different firewall (security gateway) vendor has different solution to handle the passing traffic. This post compiles some useful Internet posts that interpret major vendors’ solutions including:1. Checkpoint2. Palo Alto3. Fortigate4.…
Gartner Magic Quadrant for Mobile Data Protection (2015, 2014, 2013, 2012, 2011…, 2006)
According to Gartner, “Mobile Data Protection (MDP) systems and procedures are needed to protect business data privacy, meet regulatory and contractual requirements, and comply with audits.” Additionally, “Most companies, even…
My Top Network Security Tools
I listed some of my favorite and useful Internet websites and network tools in previous post which has been used in my daily IT life. There are some network security…
Troubleshooting Java HTTPS Security Warning Message
One of our Internal Website is always having a Security Warning message when using Internet Explorer https to it, but this message is not showing when using Google Chrome. Symptoms:…
CVE-2015-0235: GHOST – A Critical Vulnerability in the Glibc Library
GHOST is a ‘buffer overflow’ bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. If a remote attacker can make an application call to gethostbyname() or gethostbyname2(),…
Poodle : New SSL 3.0 Bug (CVE-2014-3566)
Oct 14 2014, this bug CVE_2014-3566 has been found as a subtle but significant security weakness in version 3 of the SSL protocol. Severity level is Medium. Basically this vulnerability…
Shellshock (Bash Computer Bug) Exploited – Responding from Venders
Heartbleed Extension Vulnerability caused lots of worries for Internet system. The affects still do not go away and now Shellshock coming. This latest vulnerability affects the command line software Bash…
Reset SonicWall NSA 4500 to Factory Default Configuration
SonicWall NSA 4500 is Next-Generation Firewall features integrate intrusion prevention, gateway anti-virus, anti-spyware and URL filtering with application intelligence and control, and SSL decryption toblock threats from entering the network…
PKI Basic Flow Chart
PKI = Public Key Infrastructure(公钥基础设施) 基础设施: 就是一个普适性基础,它在一个大环境里起着基本框架的作用,,设施基本原理共通,操作简便,只要遵循基本原则,不同的实体就可以方便地使用基础设施提供的服务。 公钥基础设施: 用非对称密码算法原理和技术是实现并提供安全服务的具有通用性的安全基础设施。 公钥证书: 用户的身份与之所持有的公钥的结合,在结合之前,由一个可信任的权威机构——认证机构(CA)来证实用户的身份。然后由可信任的CA对该用户身份及对应公钥相结合的证书进行数字签名,用来证明证书的有效性。 一个PKI系统主要包括: 认证机构,证书库,密钥备份及恢复系统,证书撤销处理系统,PKI应用接口系统。 PKI主要包括四个部分: X.509格式证书,证书注销列表CRL; CA/RA操作协议; CA管理协议; CA政策制定。 密钥对产生的两种方式: 用户自己产生密钥对,然后将公钥以安全方式传给CA,该过程应保证用户公钥的可检验性和完整性(验证身份的密钥对应先产生) CA替用户产生密钥对,然后将其以安全方式传送给用户,必须保证密钥的机密性,完整性和可检验性。该方式下由于用户的私钥为CA所产生,故对CA的可信性有更高的要求。 证书签发两种方式: 离线方式发放:面对面发放,用于企业级高级证书的发放; 在线方式发放:通过Internet使用LDAP(Lightweight Directory Access Protocol ),在i500目录服务器上下载证书。 LDAP:http://www.microsoft.com/china/technet/prodtechnol/exchange/2003/insider/ldapquery.mspx 离线方式发放:…