This is an experimental Internet security thread for anyone willing to discuss, help newbies or learn more about Internet security in general.
>DNS
Who among you are using DNSSEC [1, 2] already? Have you considered TLSA (DANE [3]), SSHFP [4], OPENPGPKEY [5] resource records (RRs) yet?
>HTTP
Who among you are running your own Web server? Do you secure your traffic with TLS and HTTP security headers? Do you use HSTS [6] to enforce a secure connection? Do use HPKP [7] for certificate pinning? Do you use CSP [8] to enforce content restrictions?
Who among you are running your own mail server (MTA)? Do you secure your traffic with (START)TLS? Do you use SPF [9] to restrict only authorised hosts to send mails? Do you use DKIM [10] to cryptographically verify message authenticity? Do you use DMARC [11] to set domain-level message handling policies?
Share your thoughts!
>Newbies section
There are numerous introductory videos about DNSSEC [12, 13], SPF [14], DKIM [15] and DMARC [16] to familiarise yourself more with. There are also numerous websites [17, 18, 19, 20, 21] that can help you check your server's security.
[1] https://tools.ietf.org/html/rfc4033
[2] http://www.dnssec.net/
[3] https://tools.ietf.org/html/rfc6698
[4] https://tools.ietf.org/html/rfc4255
[5] https://tools.ietf.org/html/rfc7929
[6] https://tools.ietf.org/html/rfc6797
[7] https://tools.ietf.org/html/rfc7469
[8] https://www.w3.org/TR/CSP2/
[9] https://tools.ietf.org/html/rfc7208
[10] https://tools.ietf.org/html/rfc6376
[11] https://tools.ietf.org/html/rfc7489
[12] https://www.youtube.com/watch?v=lTABuMxO2AM
[13] https://www.youtube.com/watch?v=qlto6GfZEvA
[14] https://www.youtube.com/watch?v=WFPYrAr1boU
[15] https://www.youtube.com/watch?v=yHv1OPcc-gw
[16] https://www.youtube.com/watch?v=kGk-Af_92Bk
[17] http://dnsviz.net/
[18] https://www.ssllabs.com/ssltest/index.html
[19] https://observatory.mozilla.org/
[20] https://securityheaders.io/
[21] https://www.mail-tester.com/
>>60870427
A bump for a thread with great potential.
>>60870427
Another bump.
>>60870427
I'm getting together hardware this weekend, buying some and salvaging some, to build my own pfsense box. The main goal is to manage my network, but to also learn how to use that tool (intend to deploy Sirucata for its IDS/IPS services to learn that).
>>60870427
do you know about darkhttp https://unix4lyfe.org/darkhttpd/
any tips on security?
>>60872191
Why would people use it over their own HTTP server form the repo? And what security are you hinting at?