Collaborate Disseminate
Say I set up a HashiCorp Vault, on dedicated hardware, with an AKV seal stanza like the following:
seal “azurekeyvault” {
tenant_id = “46646709-b63e-4747-be42-516edeaf1e14”
client_id = “03dc33fc-16d9-4b77-8152-… Continue reading How do I protect the Azure Client ID and Client Secret in HashiCorp Vaults with AKV Auto-Unseal?
Seems to be the general practice these days is to store secrets (e.g., DB, API credentials) in a .ENV file then load it to $_ENV and $_SERVER automatically. This popular library does that and it’s even encouraged as best prac… Continue reading Why use .ENV? What’s wrong with storing secrets in a config.php file outside root directory?
Seems to be the general practice these days is to store secrets (e.g., DB, API credentials) in a .ENV file then load it to $_ENV and $_SERVER automatically. This popular library does that and it’s even encouraged as best practice. This lib… Continue reading Why use .ENV? What’s wrong with storing secrets in a config.php file outside root directory?
Jeremy Winter is Director of Azure Management, responsible for areas such as Azure Governance, Policy, Configuration, PowerShell, Disaster Recovery, Azure Migrate and the Azure Portal Experiences from within Azure Compute. He joins Paul and John to tal… Continue reading Jeremy Winter, Microsoft – Enterprise Security Weekly #117
Amazon’s new security issue, which came to light just days before one of its biggest sale events of the year, is making recent headlines. And whilst it probably won’t stop the online retail giant from achieving a profitable Black … Continue reading Catching Configuration Changes that Can Lead to Data Exposure
If a small company is expanding with various branches across the country, how would the kerberos centralized server be configured? Are the new users assigned new ticket granting servers or are they assigned to the already exi… Continue reading Kerberos Protocol Centralized Server
I can’t find much information on PFS (Perfect Forward Secrecy) Groups so I’m unsure what to suggest for a secure IPSec configuration.
Any suggestions on PFS groups that aren’t recommended?
What is the implication for using… Continue reading Which PFS Group is recommended for IPSec configuration?
I loaded a client-side .svclog file inside Microsoft Service Trace Viewer and there are a lot of entries in the log saying setting up secure session and close secure session, each taking more time than usual. For example, set… Continue reading What should be done to determine why it takes so long to set up a secure session using TLS?
I’m currently working on an end user Windows 10 application using the Microsoft UWP platform. Within this application the end user will be able to authenticate themselves using an oauth2 SSO service.
So here is the question:… Continue reading Where to save the token information?
I’m running Ubuntu 17.04 on a Dell Inspiron 660s. I’ve set up the BIOS in order to prompt for a password every time the system boots. However, if you enter an incorrect password 3 times, it simply skips the password confirmat… Continue reading BIOS skips password confirmation after 3 consecutive wrong attempts [on hold]