[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Free Show | Home]

Internet security standards

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.
  1. Home
  2. /g/ - Technology
  3. Internet security standards
Thread replies: 7
Thread images: 1

Anonymous
Internet security standards 2017-07-28 06:07:26 Post No. 61609893
[Report] Image search: [Google]
Internet security standards Anonymous 2017-07-28 06:07:26 Post No. 61609893 [Report]
This is an experimental Internet security standards thread for anyone willing to discuss, implement, help newbies or learn more about Internet security standards.

>DNS
Who among you are using DNSSEC [1, 2] already? Have you considered TLSA (DANE [3]), SSHFP [4], OPENPGPKEY [5] resource records (RRs) yet?

>HTTP
Who among you are running your own Web server? Do you secure your traffic with TLS and HTTP security headers? Do you use HSTS [6] to enforce a secure connection? Do use HPKP [7] for certificate pinning? Do you use CSP [8] to enforce content restrictions?

>Mail
Who among you are running your own mail server (MTA)? Do you secure your traffic with (START)TLS? Do you use SPF [9] to restrict only authorised hosts to send mails? Do you use DKIM [10] to cryptographically verify message authenticity? Do you use DMARC [11] to set domain-level message handling policies?

Share your thoughts!

>Newbies section
There are numerous introductory videos about DNSSEC [12, 13], SPF [14], DKIM [15] and DMARC [16] to familiarise yourself more with. There are also numerous websites [17, 18, 19, 20, 21] that can help you check your server's security.

[1] https://tools.ietf.org/html/rfc4033
[2] http://www.dnssec.net/
[3] https://tools.ietf.org/html/rfc6698
[4] https://tools.ietf.org/html/rfc4255
[5] https://tools.ietf.org/html/rfc7929
[6] https://tools.ietf.org/html/rfc6797
[7] https://tools.ietf.org/html/rfc7469
[8] https://www.w3.org/TR/CSP2/
[9] https://tools.ietf.org/html/rfc7208
[10] https://tools.ietf.org/html/rfc6376
[11] https://tools.ietf.org/html/rfc7489
[12] https://www.youtube.com/watch?v=lTABuMxO2AM
[13] https://www.youtube.com/watch?v=qlto6GfZEvA
[14] https://www.youtube.com/watch?v=WFPYrAr1boU
[15] https://www.youtube.com/watch?v=yHv1OPcc-gw
[16] https://www.youtube.com/watch?v=kGk-Af_92Bk
[17] http://dnsviz.net/
[18] https://www.ssllabs.com/ssltest/index.html
[19] https://internet.nl/
[20] https://securityheaders.io/
[21] https://www.mail-tester.com/
>>
Anonymous 2017-07-28 06:16:56 Post No.61610036
[Report]
Anonymous 2017-07-28 06:16:56 Post No.61610036 [Report]
How can I enable DNSSEC without being MITM'd by Cloudflare or similar CDN's?
>>
Anonymous 2017-07-28 06:17:12 Post No.61610041
[Report]
Anonymous 2017-07-28 06:17:12 Post No.61610041 [Report]
>>61609893
>DNSSEC
Yes
>TLSA (DANE), SSHFP, OPENPGPKEY
No

>own Web server, TLS, HTTP security headers, HSTS, CSP
Yes
>HPKP
No

>own mail server, TLS, SPF, DKIM, DMARC
Yes
>>
Anonymous 2017-07-28 06:19:37 Post No.61610074
[Report]
Anonymous 2017-07-28 06:19:37 Post No.61610074 [Report]
>>61610036
DNSSEC just involves adding keys in DNS resource records. It has nothing to do with the primary services of cloudflare
>>
Anonymous 2017-07-28 06:20:54 Post No.61610091
[Report]
Anonymous 2017-07-28 06:20:54 Post No.61610091 [Report]
>>61609893
>Do you use HSTS [6] to enforce a secure connection?
Yea but I'm too lazy to update the expired certificate. Can't even access the website myself.
>>
Anonymous 2017-07-28 06:34:00 Post No.61610325
[Report]
Anonymous 2017-07-28 06:34:00 Post No.61610325 [Report]
>>61610036
You need to run your own resolver then
>>
Anonymous 2017-07-28 08:40:04 Post No.61612094
[Report]
Anonymous 2017-07-28 08:40:04 Post No.61612094 [Report]
>>61610036
Consider running your own Unbound with DNSSEC enabled. https://unbound.net/
Thread posts: 7
Thread images: 1
[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]

I'm aware that Imgur.com will stop allowing adult images since 15th of May. I'm taking actions to backup as much data as possible.
Read more on this topic here - https://archived.moe/talk/thread/1694/


If you need a post removed click on it's [Report] button and follow the instruction.
DMCA Content Takedown via dmca.com
All images are hosted on imgur.com.
If you like this website please support us by donating with Bitcoins at 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
All trademarks and copyrights on this page are owned by their respective parties.
Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site.
This means that RandomArchive shows their content, archived.
If you need information for a Poster - contact them.