« Previous 1 2

Securing the TLS ecosystem with Certificate Transparency

A Curse and a Blessing

Conclusions

Certificate Transparency is an important step in securing TLS connections on the Internet. However, I also introduced situations in which publishing domain names could pose a threat, especially if the administrator is not expecting them to be published.

When setting up services, always make sure they are configured securely if the software allows; otherwise, access to the services should be restricted by the web server's own capabilities.

Infos

  1. Censys certificate report: https://censys.io/certificates/report?q=tags%3Atrusted&field=parsed.issuer.organization.raw&max_buckets=50
  2. CaliDog GitHub repository: https://github.com/CaliDog/certstream-python
  3. Jitsi: https://jitsi.org

« Previous 1 2

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Lead Image © Amy Walters, 123RF.com
    Hardening network services with DNS
    The Domain Name System, in addition to assigning IP addresses, lets you protect the network communication of servers in a domain. DNS offers further hardening of network protocols – in particular, SSH fingerprinting and CAA records.
    more »
  • Lead Image © vlue, 123RF.com
    Windows security with public key infrastructures
    A rarely used feature for improving security in Windows environments relies on certificates issued for various applications, services, and procedures that is based on a public key infrastructure.
    more »
  • Lead Image © Jennifer Huls, 123RF.com
    Certificate security
    Use public key pinning to map certificates to specific domains.
    more »
  • Lead Image © Stuart Miles, 123RF.com
    Obtain certificates with acme.sh
    We take a close look at acme.sh, a lightweight client for the ACME protocol that facilitates digital certificates for secure TLS communication channels.
    more »
  • Lead Image © nerhuz, 123RF.com
    Transport Encryption with DANE and DNSSEC
    Those who think that enabling STARTTLS in the mail client will make their mail traffic more secure are wrong. Only those who bank on DANE can be sure that a mail server or a firewall will not switch off encryption in transit.
    more »
comments powered by Disqus