What the heck is PKI, Public Keys, Private Keys, Infrastructure, Security, Sign this Encrypt that..what?!

I’m going to start going over some Core Concepts, a lot of these I ask in interview questions. “What is PKI? How do you Encrypt, Decrypt, Sign and Verify Data?” The Answers I get are quite wrong or not quite right most of the time. PKI, Public Key Infrastructure Covered, read the wiki link, TLDR: it’s our ssl chaining system Continue reading What the heck is PKI, Public Keys, Private Keys, Infrastructure, Security, Sign this Encrypt that..what?!

What is a real email signature.

So while at InteropITX, the use case was given that your employees should expect a consistent signature from co-workers to ensure phishing hasn’t been used to gather information from internal staff to coordinate an attack. HOWEVER, “Thanks, -Jake” is no cryptographically sane signature, and it’s not HARD to sign emails with your private key, —–BEGIN PGP SIGNED MESSAGE—– Hash: SHA512 Continue reading What is a real email signature.

How to get an ‘A’ on your OWA Security scans in 3 steps!

Step 1)¬†Download Nartac for IIS Step 2) Run and select Best Practices (Disables SSLv2/SSLv3) Step 3) Reboot That’s it, if you want the long and hard way, follow this technet article. What does this tool do? It makes registry changes to your schannel which applies to all TLS channels, either HTTPS, SMTPS, or STARTTLS (others if you have them)