CloudInsidr

Cyber security, infotech

Join us on Twitter: @CloudInsidr

Home Archives for cybersecurity and cyber warfare
How to set up Letsencrypt certificates on AWS EC2

Leave a Comment

How to set up Letsencrypt certificates on AWS EC2

[updated 2018-06-12] As browser makers continue their push for HTTPS and mobile applications are becoming the target of MITM (man-in-the-middle) attacks, cloud developers and administrators are scrambling to find affordable SSL certificates that can live up to the demands of the cloud era. Enter Let’s Encrypt, a new Certificate Authority that is open, fully automated, and free to use, with an almost unprecedented, generous allotment of 100 host names per certificate. Let’s Encrypt delivers on the promise of a worry-free, fully encrypted web 3.0. Cloud Insidr lifts the veil off of Let’s Encrypt’s setup, configuration, its few surprises and hidden gems.

[Read more…]

How to Use Letsencrypt across Servers in the Manual Configuration Mode with a CSR

Leave a Comment

How to Use Letsencrypt across Servers in the Manual Configuration Mode with a CSR

Generating SSL certificates when Letsencrypt (what is Letsencrypt, who is behind it, and how the heck can you get started) is available for your system works in a breeze, but what if you need your certificates for a machine that won’t take Letsencrypt (for whatever reason)? It is still possible: you can either grab Letsencrypt from Git, or, for reasons of practicality… create a certificate signing request (CSR) on your target server, transfer it to your letsencrypt instance, generate the certificates you need, then transfer the generated files back to your target instance and install the certificates in your software.

[Read more…]

Juniper Networks’ Embarrassment Lives On in Its Flawed SSL Configuration

Leave a Comment

Juniper Networks’ Embarrassment Lives On in Its Flawed SSL Configuration

Recent revelations from the maker of networking gear Juniper Networks have shaken the industry: Juniper has identified unauthorized code in ScreenOS, its operating system that powers the NetScreen line of Juniper firewalls. Then last Friday, cryptography researchers revealed that Juniper has allowed changes to its code that could enable eavesdropping on encrypted virtual private network sessions of its customers.

Juniper Networks headquarters
Juniper Networks headquarters (provided directly by Juniper Networks under the Creative Commons Attribution-Share Alike 3.0 Unported License)

[Read more…]

In IT to “Support and Defend”: Why Cybersecurity Is a Battlefield and Microsegmentation is Your Friend

Leave a Comment

In IT to “Support and Defend”: Why Cybersecurity Is a Battlefield and Microsegmentation is Your Friend

The traditional perimeter-focused security model has outlived its active usefulness as evidenced by the never-ending array of security breaches that constantly push the envelope on our tolerance for administrative “malpractice” in IT.

From the various security breaches in the private sector that are by now too plentiful to enumerate, through the fingerprint-stained OPM disaster, to the recently leaked database of personally identifiable information on over 191 million registered voters (in other words: all of them): no vulnerability seems too obscure, no exploit too impractical, no hack too audacious for some keyboard-toting mercenary to take advantage of the collective naiveté–or is it sheer incompetence?–of those who are paid to protect and defend access to sensitive information. How in the world did these people get their jobs, how dare they draw a salary, and how can they sleep at night? And, even more importantly: are you, by any chance, one of them?

[Read more…]

©2022 CybrAnalytiqa OÜ