Collaborate Disseminate
I currently use MFA wherever possible. To do so, I mainly use the Google Authenticator app, as well as a YubiKey. However, I recently realized that backing these up is very, very difficult.
YubiKey
The YubiKey is used in two different mode… Continue reading How am I meant to back up my second factors?
I am looking for a device to explain the compromises that we make for extra layers of security.
For example wrt extra layers: communication like JWT encryption/signing and other sorts of encapsulation over TLS
Could I use something like th… Continue reading Can I use the CIA triad as a sliding scale wrt complexity?
I’m currently reading about resource record in the Domain Name System (DNS), in particular about the Time to live (TTL) aspect of start of authority records (SOA) records. It seems to me that the TTL was firstly defined in RFC 1034 and la… Continue reading Does the Time-To-Live (TTL) value of DNS records have any security implications?
I am studying Networks and Routing as part of developing skills in IT and Cybersecurity, and I have learned about the Passive Interface mode for, say, OSFP. Passive Interface disables the sending of Hello Packets along certain interfaces, … Continue reading What is the actual use-case for Passive-Inteface on a Link-State Router compared to other forms of network security?
I believe it would violate all the three aspects due to following reasons:
Confidentiality: Since the website is obviously a scam, in case any person/user registers it, the data of the user would not be confidential or would be up for sal… Continue reading Consider a Fraudulent bank website, would it violate all the aspects of the CIA triad or any one? [closed]
In earlier, more innocent (?) times, cyberattacks seemed to be fairly straightforward. You have the data exfiltration attacks, where copies of sensitive personal information and intellectual property are stolen, often without the victims’ knowledge sin… Continue reading Ransomware and the C-I-A Triad
I got asked 3 questions in my university course today and I’m really torn because they feel like such subjective topics that can be argued in many ways.
A security association lifetime of 14400 seconds is in place.
Multi-factor authentic… Continue reading Confidentiality, Integrity, or Availability? Please help! [closed]
I got asked 3 questions in my university course today and I’m really torn because they feel like such subjective topics that can be argued in many ways.
A security association lifetime of 14400 seconds is in place.
Multi-factor authenti… Continue reading Multi-Factor Authentication = Confidentiality or Integrity? [duplicate]
Fastly WAF service was down a while ago, and it has affected a lot of major internet platforms and sites such as Amazon, PayPal, eBay, Spotify, HBO Max, the UK’s main government website – Gov.uk, and many more. This has affected dozens of … Continue reading How can a service like Fastly have such an impact on the Internet? [closed]
What are the possible ways to protect an organization’s web servers from a DDoS attack without giving away your web server’s https private keys?
Many of the common solutions for DDoS protection of a web server (eg CloudFlare) require you t… Continue reading Webserver DDOS protection without giving away private keys (https, tls, ssl)