Crypto 101 started as a presentation at PyCon 2013. It tries to go through all of the major dramatis personae of cryptography to make TLS work in 45 minutes. This book is the natural extension of that, with an extensive focus on breaking cryptography.
Internet censorship is bad – especially when it is abused to censor media reports about potentially corrupt government officials. Luckily a lot of incompetent people try to implement censorship via DNS.
Censorship via DNS is a method which is pretty easy to bypass and some people have responded to this this:
A vulnerability was discovered that affects the certificate verification functions of all gnutls versions. A specially crafted certificate could bypass certificate validation checks. The vulnerability was discovered during an audit of GnuTLS for Red Hat.
Edward Snowden has given us an unprecedented window into the NSA’s surveillance activities. Drawing from both the Snowden documents and revelations from previous whistleblowers, this talk describes the sorts of surveillance the NSA conducts and how it conducts it. The emphasis will be on the technical capabilities of the NSA, and not the politics or legality of their actions. I will then discuss what sorts of countermeasures are likely to frustrate any nation-state adversary with these sorts of capabilities. These will be techniques to raise the cost of wholesale surveillance in favor of targeted surveillance: ubiquitous encryption, target dispersal, anonymity tools, and so on.
Managing Access Lists on Cisco IOS devices can be a real headache. Copying ACLs and Editing them in a Text Editor was a widely spread method until extended ACLs implemented Named Access Lists (nacls) with featured sequence numbers.
Extended IP access list my_acl_in
2 permit icmp ..... (1234 matches)
3 permit ip any host x.x.x.x
10 permit ip ....
11 permit ip ....
12 permit ip ....
13 permit ip ....
14 permit tcp any host ...... eq 443
15 permit tcp any host ...... eq www
Btw. the IPv6 Access list sequence numbers are placed at the end
Sequence Numbers allow for quick changes to an ACL without the copy&paste foo. A growing and ever changing ACL however can post a challange to your sequencing once the gaps are filled. In order to realign your Access Control Entries you can use the resequence command to put your ACEs in order again.
r1(config)#ip access-list resequence ?
<1-99> Standard IP access-list number
<100-199> Extended IP access-list number
<1300-1999> Standard IP access-list number (expanded range)
<2000-2699> Extended IP access list number (expanded range)
WORD Access-list name
r1(config)#ip access-list resequence my_acl_in ?
<1-2147483647> Starting Sequence Number
r1(config)#ip access-list resequence my_acl_in 5 ?
<1-2147483647> Step to increment the sequence number
r1(config)#ip access-list resequence my_acl_in 5 5
will resequence your ACEs to look something like this:
Extended IP access list my_acl_in
5 permit icmp ..... (1234 matches)
10 permit ip any host x.x.x.x
15 permit ip ....
20 permit ip ....
25 permit ip ....
30 permit ip ....
35 permit tcp any host ...... eq 443
40 permit tcp any host ...... eq www
This feature will definitely help to keep your sanity.
I find it quite a bit strange that this fuction is not mentioned on neither the 640-802 CCNA nor the 640-554 CCNA Security Cert Guides.