Archives: Security

What is bro and how to install bro on debian 8 No ratings yet.

Bro, or sometimes referred to as Bro-IDS is a bit different than Snort and Suricata. In a way Bro is both a signature and anomaly-based IDS. Its analysis engine will convert traffic captured into a series of events. An event could be a user logon to FTP, a connection to a website or practically anything. • Read More »


how to install/config Suricata on debian 8 No ratings yet.

suricata: on Debian 8 apt-get install suricata  ( it is 2.0.7 version) vi /etc/default/suricata  ( change RUN=yes, and adjust IFACE to  the interface and listen mode to pcap) systemctl start suricata tail -f /var/log/suricata/fast.lg ( eve.json)   rules mangement: apt-get install oinkmaster add /etc/oinkmaster.conf url = http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz then run: oinkmaster -C /etc/oinkmaster.conf -o /etc/suricata/rules systemctl • Read More »


DTLS, DTLS-SRTP No ratings yet.

DTLS:  Basically DTLS is to construct TLS over datagram (UDP, DCCP, etc.) DTLS is similar to TLS intentionally except that DTLS has to solve two problems: packet lost and reordering. DTLS-SRTP DTLS-SRTP can be viewed in two equivalent ways: as a new key management method for SRTP, and a new RTP-specific data format for DTLS. • Read More »


OpenPGP vs S/MIME No ratings yet.

S/MIME and OpenPGP similarity: both depends on public/private keys to encrypt/authenticate msg ( emails), difference:  how to distribute the public keys. S/MIME is similar to TLS, need to depends on X.509 certificate OpenPGP depends on web of trust to distribute the public key.   references: http://security.stackexchange.com/questions/7874/how-does-pgp-differ-from-s-mime Please rate this rating


What is the difference between srtp and zrtp No ratings yet.

SRTP sdp msg: v=0 o=jdoe 2890844526 2890842807 IN IP4 10.47.16.5 s=SDP Seminar i=A Seminar on the session description protocol u=http://www.example.com/seminars/sdp.pdf e=j.doe@example.com (Jane Doe) c=IN IP4 161.44.17.12/127 t=2873397496 2873404696 m=video 51372 RTP/SAVP 31 a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20 m=audio 49170 RTP/SAVP 0 a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20 m=application 32416 udp wb a=orient:portrait The crypto line includes the master key and • Read More »


SSH protocol No ratings yet.

How SSH2 works: (1) When a TCP connection is made by a client, the server responds with the protocol versions it supports. If the client can match one of the acceptable protocol versions, the connection continues. The server also provides its public host key, which the client can use to check whether this was the • Read More »


TLS/SSL handshake No ratings yet.

  The combination of Diffie-Hellman and the use of ephemeral session keys are what enables “Forward Secrecy”: even if an attacker gains access to the server’s private key they are not able to passively listen in on the active session, nor can they decrypt previously recorded sessions. Diffie-Hellman Key Exchange Both A, B create the • Read More »


Digital certificate vs digital signature No ratings yet.

Digital Signature: how it works   Digital certificate is one use cases of digital signature. To create the digital signature, the CA generates a message digest from the certificate, encrypts the digest with its private key, and includes the digital signature as part of the certificate. Anyone can use the message digest function and the • Read More »