Category IT Security

Secrets Management

Secrets management is a practice that allows developers to securely store sensitive data such as passwords, keys, and tokens, in a secure environment with strict access controls. A common person connected to the internet must use a few dozen of…

Database Security

This post explains some aspects of IT security on databases. It is part of the main post about introduction to IT security. Database Concurrency Issues Lost updates occur when one transaction writes a value to the database that overwrites a…

How to get the CCSP Certification

Certified Cloud Security Practitioner (CCSP) is a certification focused on cloud security and issued by American non-profit organization ISC(2) CCSP certification is more detailed than CCSK certificate, that is issued by Cloud Security Alliance (CSA). Some recommend to obtain CCSK…

Kerberos

Kerberos is both an ticket-based Authentication, Authorization and Accountability (AAA) network protocol and a SSO implementation: It is the most common ticket system, used for example in on-premise Windows networks. Kerberos issues tickets that can be presented to various services…

Evidence in Digital Forensics

Evidence is an important part of digital forensics. Standard of Evidence The standard of evidence is the level of certainty and the degree of evidence necessary to establish proof in a proceeding. Evidence collected during investigations needs to follow standards…

Digital Forensics

Computer forensics is a branch of digital forensics. Digital Forensics Concepts Digital forensics concepts: Evidence You can read more about evidence on this post. Digital Forensics Incident Response (DFIR) Digital Forensics Incident Response (DFIR) is a specialized field within cybersecurity…

eIDAS

eIDAS (for “electronic IDentification, Authentication and trust Services”) is an European Union regulation. eIDAS is regulated in EU Regulation 910/2014, that derogated EU Directive 1999 It is completely applied since 1 July 2016. Types of certifications: Each member states is…

IPSec

Internet Protocol Security (IPSec) is a standard of IP security extensions that comprises a collection of protocols and that is used as an add-on for IPv4 and integrated into IPv6. Each IPsec VPN uses two security associations, one for encrypted…

Cryptography

Cryptography is the practice and study of techniques for secure communication in the presence of adversarial behavior. Some aspects of IT security (specifically confidentiality, integrity, authentication and non-repudiation) are directly related to cryptography. Cryptographic Algorithms You can read about encryption…