For many years now, one of my hobbies has been in the field of information security. It probably all started when I was a kid learning how leech Z-modem worked. Since then, the world has evolved, and so have I. Though I wouldn’t consider myself an “expert” by ANY means, I would also consider myself smarter than the average bear in regards to information security. Below are a few highlights.
x509
I really like the overall concept of x509, ESPECIALLY when used with client certificates. x509 based client certificates offer the ability for both authentication AND encryption. What’s more, client certificates are supported on every OS, device and browser. x509 authentication happens “seamlessly”, giving the end user an experience almost exactly like “just using a website.”
Security through Obscurity
If you’ve ever used Kali Linux (formally known as Backtrack Linux), you quickly learn that there are so many great tools which can so easily find exploits. A key “default” with many of these tools however, is that standard services will be running on standard ports. Want to increase your overall security with minimal effort? Run your services on alternate ports.
KeePass
Most people only know a few passwords, I am not exception there. Except; I ONLY know the password to my keepass. Of the so many different websites I’ve created accounts on, I have NO IDEA what those passwords are. Oh! And those “security questions”, same deal; only keepass knows.
PCI-DSS / PA-DSS
During my tenure at Teleflora, I did a LOT of PCI-DSS and PA-DSS work. My efforts were multi-pronged. Locking down customer linux systems, writing software that our customer service group use to manage these remote systems, educating our customers so they could pass PCI audits, and working hand-in-hand with our PA-DSS auditors to ensure our customers were compliant.
A blast-to-the-past, RTI PA-DSS document which I recall writing many (not all) bits of, can still be found online (after all these years!)