Internet Protocol Security (IPSec) is a standard of IP security extensions that comprises a collection of protocols and that is used as an add-on for IPv4 and integrated into IPv6. Each IPsec VPN uses two security associations, one for encrypted…
Cryptography is the practice and study of techniques for secure communication in the presence of adversarial behavior. Some aspects of IT security (specifically confidentiality, integrity, authentication and non-repudiation) are directly related to cryptography. Cryptographic Algorithms You can read about encryption…
This post summarizes certifications related to IT risk management that are aimed for professionals, and not certifications. List of IT Risk Management Certifications for Professionals List of IT Risk Management Certifications for Professionals: CRISC Certification in Risk Information Systems Control…
NIST Cybersecurity Framework (CSF) is a framework issued by American public organization NIST. You can find an external link to the NIST Cybersecurity Framework. NIST CSF Version As of March 2024, latest NIST CSF version is 2.0. You might also…
The frameworks featured on this post can be applied generally to process, but also to software. Because of this, they are sometimes confused with software development models. You can find an introduction to dedicated software development models on this post.…
ISO/IEC 15408, also known as Common Criteria for Information Technology Security Evaluation, Common Criteria or CC, is an international standard for testing and confirming the system security. Common Criteria supersedes the American TCSEC (Trusted Computer System Evaluation Criteria) or Orange…
This post features search engines for devices of the Internet of Things (IoT). List of IoT Search Engines IoT search engines featured on this post: Shodan Shodan is probably the most known IoT search engine. Official link FOFA FOFA is…
Single Sign-on (SSO) allows a user to access multiple applications with a single set of credentials. SSO Implementations SSO implementations: Kerberos Kerberos is both a SSO implementation and a AAA network protocol. You can read more about Kerberos on this…
This post is an introduction to network firewalls (FW). Firewalls should be complemented with other controls like antivirus scanners, data loss prevention (DLP) solutions and intrusion detection system (IDS) tools. Types of Firewall Firewall classification criteria: Types of Firewall by…
Extensive Authentication Protocol (EAP) is an authentication framework, not an actual protocol like PAP or CHAP. EAP allows customized authentication security solutions, such as supporting smartcards, tokens, and biometrics. EAP is often used in network communication protocols, such as those…