Nethence Systems - Public Key Infrastructure

UNIX / Linux | Distributed Storage | Cloud & Virtualization | Public Key Infrastructure | Blue-teaming

Beware of the MITM…

Applied cryptography

SSL/TLS on internal networks

• internal network SSL/TLS usage audit & signed certificates deployment
• user network isolation & on-the-fly SSL-interception forward proxy

public PKI

Fine-tune ciphers, parameters and get an A+ on SSL Labs

• SSL offloading and load-balancing with HAProxy
• consolidate and harmonize public usage of SSL certificates

private PKI

Either using internal DNS view with public certificates –or– using a private Certification Authority with a managed workstation fleet:

• setup a private CA and internal DNS
• maintain CA’s public key on devices and employees' equipments
• consolidate and harmonize corporate usage of SSL certificates

IDM

Setup Samba4 for AD-capable products and Windows workstations.

hardening

What is missing in the CIA acronym (Confidentiality, Integrity, Availability)? How to prevent Meet in the Middle attacks? Authentication – Trusted Platform Module (TPM) powered SSL client certificates – and eventually spare the pain of setting up an SSO.

Keywords

IDM: NIS LDAP OpenLDAP “389 Directory Server” RHDS “Apache Directory” Samba3+LDAP Samba4 FreeIPA Keycloak OAuth2 Yubikey SIM “Smart card” TPM

PKI: X509 PKIX SSL TLS LibreSSL MITM DPI “SSL interception” “SSL termination” “SSL offloading”

HA & LBS: NGINX HAProxy WS WSS websocket Varnish Keepalived Linux-HA Heartbeat RHCS MC/SC MC/ServiceGuard Cloudflare “AWS CloudFront”