CYS Report

I started a Cybersecurity News Aggregator website so you can stay up to date with the latest in cyber threats without all the distraction on twitter.   Check it out!  I also have started a threat briefing podcast.  My podcast is now on Apple iTunes, so please subscribe.

Working on a Crypto Best Practices Knowledge Base with JHU

We are working on the knowledge base now so stay tuned! Update:  I just found out that Cisco has fully funded through a gift grant the Cryptographic Knowledge Base that will be managed and overseen by Johns Hopkins University and specifically Seth Nielson and Matthew Green.  I am honored to be working with the best … More Working on a Crypto Best Practices Knowledge Base with JHU

Recommended TLS Ciphers

Use: TLS v1.1 and 1.2 Avoid: TLSv1.0 or lower or SSLv3 or lower TLS Recommended Ciphers: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5289 TLS_ECDHE_ECDSA_WITH_AES_192_CBC_SHA256 as defined in RFC 5289 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 as defined in RFC 5289 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289 TLS_ECDHE_ECDSA_WITH_AES_192_GCM_SHA256 as defined in RFC 5289 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 as defined … More Recommended TLS Ciphers

SSH Algorithms to Use

For SSHv2 key exchange: Recommended: diffie-hellmann-group14-sha1 (2048 bit) for SSH key exchange Allowed:  ecdh-sha2-nistp256, ecdh-sha2-nistp384, and ecdh-sha2-nistp521 Avoid: diffie-hellman-group1-sha1 (768 bit),diffie-hellman-group2-sha1 (1024 bit) dh group 1 should not be used based on this research paper “Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice.”  In addition, dh group 2 and below are susceptible to the logjam attack. … More SSH Algorithms to Use