ipsure logo
Logo and Language
Login icon Language selection icon
Hello, guest
*NIX BACKUP Hands-On blog header image Right block of Hands-On blog header image Final menu block of Hands-On blog header image
MS TIP PKI Active category menu left background Active category menu right background PROJECTS CMS Türkçe HANDS-ON SERVICES IT BUSINESS CONTACT ABOUT REFERENCES TERMS RSS
Home page Hands-On Services IT Business Contact About References Terms of Use RSS

12/10/2010

Chrooted SFTP with Public Key Authentication

Filed under: *NIX, PKI — Tags: , , , , , , — Sezgin Bayrak @ 10:59

Keep Out StrategyRegarding the data transfer security, there are more concerns beyond the authentication weaknesses or the misuse of authorization. Whether it’s wired or wireless, your transmission environment is more likely to be under a packet sniffing threat than you suppose, especially if ever the data you transfer start to possess a great commercial value as you grow up your business. When planning a secure transfer policy for your network, just focusing on the initiation stages at checkpoints where the authentication and authorization processes are taking place, may lead you to not to take into consideration that the data themselves may also include set of clear text authentication schema(s) inside. In such a case, you’d be only hardening the gates with “keep out strategy rather than protecting the data on their way. Therefore, data encryption is essential necessity in any kind of corporate environment.

more Read More

23/09/2010

DomainKeys with Postfix Using dk-milter (SMTP-Only)

Filed under: *NIX, PKI — Tags: , , , , , — Sezgin Bayrak @ 02:13

DomainKeys for e-mailsIn my previous article, I spoke about DKIM and how to implement it with Postfix by using dkim-milter. In this article, we’ll be talking about DomainKeys which is confused with DKIM almost every time. Then we’ll be implementing it with Postfix by dk-milter on a FreeBSD box.

Both of these PGP-like methodologies are used for aiding the same ultimate purpose, the sender authentication, with slight differences in practice. When it comes to functionality, both are providing more effective validation mechanism over the source when compared to a single SPF record which is an earlier de facto standard.

more Read More

18/09/2010

DomainKeys Identified Mail (DKIM) with Postfix (SMTP-Only)

Filed under: *NIX, PKI — Tags: , , , , , , — Sezgin Bayrak @ 22:37

spam emailsDKIM is a sender authentication scheme for signing messages in a way that these messages can be validated by the recipient side. DKIM, which is usually a part of MTA, is based on public-key cryptography therefore the validation process naturally depends on public-private key pair. Signer MTA affixes a digital signature into the message header by “DKIM Signature:” field which will then be used by the verifier side to recover the signer’s public key via DNS and complete the verification.

more Read More

22/05/2010

EFS (Encrypting File System) and Using Smart Cards with EFS

Filed under: PKI — Tags: , , , , , — Sezgin Bayrak @ 17:11

The Encrypting File System (EFS) enables filesystem level transparent encryption on Microsoft Windows operating system. It was first introduced within NTFS. Folder encryption uses symmetric key which is then encrypted by a public key (asymmetric) pair. In our “SSH Public Key (/w RSA) Authentication and SSH Tunneling” post, we had briefly mentioned the hybrid cryptosystems that is driven by the usage of asymmetric and symmetric algorithms together. Now let’s check out how this hybrid process takes place in EFS;

more Read More

31/03/2010

Smart Card For Active Directory Logons

Forcing the usage of smart cards for logons inside enterprise networks provides enhanced security and a stronger authentication as the user PIN directly depends on the presence of another physical layer, the smart card itself. Also it is a pretty functional method of supplying couple of different AAA requirements in a single user device for multiple access types such as VPN (such like I have explained here before), remote desktop connections, digital signing or a local encryption (~ EFS).

more Read More

Older Posts