Security
Building a Certificate Authority
This page goes through how to create a local PKI infrastructure for use with all the other components listed in my notes and many may not mention it at all. It …
Bind
Ports and ProtocolsA DNS server needs to be reachable by clients. The following ports are relevant for a BIND deployment: Port Protocol Direction Description 53 …
GPG Process Notes
These are my working notes on GnuPG key management, smartcard workflows, and related operational practices. This covers everything from initial key creation …
Yubikey
found top level header in "/notes/security/yubikey/" that didn't match meta title ("YubiKey 5 Series" != "Yubikey")The YubiKey 5 …
CFSSL
CFSSL is a toolkit of utilities for TLS PKI infrastructures and supports more functionality than I've personally needed. It is a fast and convenient way to …
Syslog-NG
Syslog-NG is a fast, reliable, and secure syslog daemon that can do advanced processing and log centralization while maintaining a sane configuration file …
Secure Boot on Older and Unstable Motherboards
Recently I found my desktop motherboard was vulnerable booting malicious payloads due to the use of a developer reference key in production firmware. I have a …
Performance Impact of OpenVPN Port Sharing
I recently had cause to use OpenVPN on the standard HTTPS port to protect my traffic. This was done as a compromise with administrators who didn't want to …
Run Your Own DNS-over-TLS Server
DNS-over-TLS is a relatively new privacy enhancing protocol that encrypts all of your DNS requests to a trusted server. In an age when airports, and coffee …