Showing posts from 2021

Configuring Secure Ciphers Suites and TLS

Hey everyone, today we're back on cipher suites. If you want a refresher of TLS and secure cipher suites overall, check out my previous post . There are many instances in which you'll need to edit cipher suites on a system -- compliance efforts, CIS benchmarks, or simply ensuring your system doesn't use insecure suites. There are a few ways to go about this and I'll detail two of them now: IIS Crypto and the Windows registry. IIS Crypto My favorite way of editing TLS versions and cipher suites is using IIS Crypto . IIS Crypto allows you to select your desired TLS/SSL version, cipher suites, and backup the registry, all with a few mouse clicks. Only downside is that it's Windows only (even the command line version). This is what IIS Crypto will look like on an unmodified Windows 10 system. Note the separate  Server Protocols  and  Client Protocols  sections. These are important to keep straight depending on what system is listening for connections and what system is

AWS Security Groups and Network ACLs

Introduction Today we're covering some basic but very important elements of AWS Security -- Security Groups and Network ACLs. Security Groups Security Groups are a fundamental security feature in AWS. They help protect EC2 instances, Lambda scripts, Load Balancers, containers (Amazon ECS), AWS Transfer Family, and much more. They are the "last line" of defense in a lot of cases as well, so they're important to understand and get right. Security Groups operate similarly to a firewall by limiting the flow of traffic. Security Groups do this to and from whatever they are attached to (technically they attach to network interfaces but those are attached to the things in AWS you're looking to protect). By default, Security Groups allow all outbound traffic and deny all inbound traffic. You then create or delete rules, but any rules created are Allow rules. In other words, there are no Deny rules. Access is granted to a specific CIDR range (e.g., 192.168.

Secure Cipher Suites and TLS

  TLS As of writing (July 2021), there is really only one widely supported, secure protocol for establishing secure communications on the Internet -- TLS 1.2.  Even Microsoft which has a history of supporting legacy items (looking at you Internet Explorer) is deprecating TLS 1.0 and TLS 1.1  in many of its products (and in some cases outright disabling). And just in case it wasn't clear, all versions of SSL are insecure as well. Fully updated installs of  Windows 10  and  macOS , unfortunately, still leave TLS 1.0 enabled for client and server connections. Chrome, Safari, Firefox, and Edge dropped support for anything less than TLS 1.2 a while back now . If you're using an up-to-date version of one of those browsers you are good-to-go there (note this doesn't mean other applications on your system won't use TLS 1.0/1.1). Vendors are currently working on adoption and I hope that very soon TLS 1.3 will replace TLS 1.2. Cloudflare has a fantastic blog post  on TLS 1.3 cove

What Happens When You Type a URL in a Browser and Press Enter?

There is just so much to unpack if you really get into the details. Others online have already done a great job answering this question with minute details I wouldn't have even thought to include in this post had I not discovered their work (see the explanation of keystrokes being entered on a USB keyboard and the related circuitry vs a capacitive touchscreen) so I'm not going to try to out-detail a 70+ person collaborative effort. Instead here are some of the things I like to highlight when answering this question along with parts I've had to educate myself on (browser rendering steps, parsing JS and CSS, various trees, and that end of the flow were really interesting to read about as I don't usually have exposure to them). Credit: @manekinekko This graphic does a fantastic job detailing the flow of information that occurs when someone enters a URL in a browser and presses enter. For more information click on each of the steps below: URL is entered . DNS lookup occurs