« Previous 1 2
Securing the TLS ecosystem with Certificate Transparency
A Curse and a Blessing
Conclusions
Certificate Transparency is an important step in securing TLS connections on the Internet. However, I also introduced situations in which publishing domain names could pose a threat, especially if the administrator is not expecting them to be published.
When setting up services, always make sure they are configured securely if the software allows; otherwise, access to the services should be restricted by the web server's own capabilities.
Infos
- Censys certificate report: https://censys.io/certificates/report?q=tags%3Atrusted&field=parsed.issuer.organization.raw&max_buckets=50
- CaliDog GitHub repository: https://github.com/CaliDog/certstream-python
- Jitsi: https://jitsi.org
« Previous 1 2
Buy this article as PDF
Express-Checkout as PDF
Price $2.95
(incl. VAT)
(incl. VAT)
Buy ADMIN Magazine
TABLET & SMARTPHONE APPS
US / Canada
UK / Australia
Related content
-
Hardening network services with DNS
The Domain Name System, in addition to assigning IP addresses, lets you protect the network communication of servers in a domain. DNS offers further hardening of network protocols – in particular, SSH fingerprinting and CAA records. -
Windows security with public key infrastructures
A rarely used feature for improving security in Windows environments relies on certificates issued for various applications, services, and procedures that is based on a public key infrastructure. -
Certificate security
Use public key pinning to map certificates to specific domains. -
Obtain certificates with acme.sh
We take a close look at acme.sh, a lightweight client for the ACME protocol that facilitates digital certificates for secure TLS communication channels. -
Transport Encryption with DANE and DNSSEC
Those who think that enabling STARTTLS in the mail client will make their mail traffic more secure are wrong. Only those who bank on DANE can be sure that a mail server or a firewall will not switch off encryption in transit.