SSL security

While SSL is certainly the most popular form of endpoint security, it is just one security framework that can improve the security of an enterprise.

Cybersecurity vs. Information Security vs. Network Security

Server-side firewalls aren’t necessarily the best way to secure your servers. A key recommendation for securing your endpoint network is to secure your applications especially web applications. Be sure to visit websites like https://www.fortinet.com/products/endpoint-security/fortiedr to get all the info.

What is HTTPS?

HTTP was designed to be a basic communication protocol, but when trying to keep up with the ever-changing internet, and the ever-growing number of devices on the internet, HTTP is becoming old-fashioned.

The more prevalent protocols that use TCP/IP, such as IMAP, POP, and SMTP, can be more efficient and perform better in many cases. These protocols use smaller packets of information, the TCP or UDP protocols, and can be faster.

An important feature to secure an endpoint is to securely encrypt communications to and from the endpoint. This requires a series of steps.

In order for communication to be encrypted, the sender and receiver must have a shared key or private key. The receiver uses this shared key to encrypt the messages sent from the sender. The sender can use this shared key to verify that the receiver really sent the message. The sender also can inspect the messages received from the receiver to confirm that the messages came from the correct sender.

In order for communication to be sent over an insecure network, the sender and receiver must share their private keys and cannot verify the validity of the data or verify the sender. When the sender and receiver trust each other, they can sign a transaction to verify that the message came from the sender and the receiver. This process is known as sending and receiving keys or messages or PGP.

Using a secured endpoint is relatively easy. This can be accomplished either using SSL, TLS, or even by using Public Key Pinning to secure all communications over your network.

SSLv2 vs. SSL

The TLS protocol was developed as a standard by Netscape Communications Corp., with the following purpose:

To replace the deprecated SSL, so that an end user can authenticate and protect all of the connections to a Web server and server applications.

The TLS protocol is a more advanced protocol than the SSL protocol, and one that includes additional security. TLS is commonly used with data encryption when security is not crucial to your application, such as on a web mail server. This allows you to remove security-sensitive features like the SSL/TLS Certificate forgery protection.

SSLv3 is a newer encryption protocol with many added features, such as features that improve data integrity and confidentiality, authentication to further protect against potential man-in-the-middle attacks, and the use of future cryptography standards. SSL/TLS was abandoned as a service level agreement (SLA) and is now a stable operating standard. TLS is widely used to encrypt all connections in your web application.

Security Services

To secure your server, ensure that security services such as OpenSSL and NSS are running. These applications ensure that your server is not tampered with by a third party. One could say that security services provide you with one of the most important keys to securing your system.

DIY Operating system using in Ada

The Bare bones tutorial over at OSDev has been poted to Ada!

It supports x86 targets ATM, but will – according to the author – be extended to ARM (with the Raspberry Pi in mind).

The tutorial can be found at http://wiki.osdev.org/Ada_Bare_bones and the code is located at GitHub – https://github.com/Lucretia/bare_bones

Report from the February 2012 open Ada-DK meeting

What this meeting lacked in numbers it weighed up in fun discussions and tryouts of bleeding-edge card games.

Only Thomas Løcke and Kim Rostgaard Christensen was present at this meeting, so the time was passed discussing code, politics, operating systems, weirdness of corporate strategies and Ada in the education system.

The meeting was started of with a massive beating of Thomas Løcke in a game of CPU Wars, which then led to a stroll down memory lane revisiting some of the processors that had been a big part of our lives.

The food was excellent as always, and the dinner discussion ever interesting. The discussion rather fast went into AdaHeads-mode as there were no non-AdaHeads-folks to stop us. What was agreed here, is a story for another day – and a quite interesting one I must say.

– Stay tuned.