IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [documentation]

16 questions
34
votes
5 answers

How can I explain "zero knowledge proof" to an end user?

A ZKP allows proof of knowing the answer to a secret, without actually disclosing what that answer is. Is there any analogy that can help people put this concept into everyday practice? A "lie to children" example is sufficient. For example,…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
5
votes
2 answers

How should I document my Public Key Infrastructure?

I'm preparing to document a 3 tier PKI (with multiple second level policy CAs) and want to create a document that is useful, technical, and not too overwhelming to the non-PKI expert. I suppose the audience could be broken up into the following…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
5
votes
3 answers

How do I diagram a network node with multiple layers of trust?

If I'm communicating security and trust over a network, I might simply note trusted and untrusted nodes. For example, when making an HTTPS connection over some kind proxy node that I own and operate, I trust the protocol and the entire node: But…
lofidevops
  • 3,550
  • 6
  • 23
  • 32
4
votes
1 answer

Which security documents do providers typically share with their customers?

In the context of managed/cloud hosting, what level of information does a provider typically share (under NDA) with its customers for compliance audit/3rd party risk assessment purposes? What are documents that are generally made available, and…
phiz
  • 306
  • 1
  • 6
4
votes
1 answer

Need help collating resources for an information/cyber security audit document for an MSP

I am currently serving out an internship with a small MSP (4 employees, 50-100 clients with between a couple and 100 employees). My main project is to work on a information/cyber security audit document that is to be used by the employees to perform…
Vehicular IT
  • 41
  • 1
3
votes
1 answer

How should we store and share information about our security protocols and plans?

I'm assuming that it's a good idea to document your security protocols, response plans, and attack surfaces. Of course, if you simply stick all of that information on GitHub (minus your secret of course), then it gives attackers a map of your system…
Wayne Werner
  • 1,755
  • 3
  • 15
  • 20
3
votes
2 answers

metasploit exploits and payloads documentation

Where can i found the documentation of the exploits and payloads available in metasploit. I am looking for a documentation that tells what does the exploit or the payload do, and possibly a description and how it works.
Sidahmed
  • 639
  • 2
  • 9
  • 26
3
votes
1 answer

What is "Intentionally misleading Artificial Intelligence to create a misleading outcome" called?

I'm writing about a computer system that relies on Artificial Intelligence and the threats that this may include. One threat vector (for example) is to seed Bayesian AI with content to skew the outcome. Question Assuming that AI can't tell the…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
2
votes
2 answers

Are documented networks easier to attack? Are undocumented networks easier to protect?

I am learning about network documentation for the first time and have come across the following statement: Undocumented networks might not be protected and can be used to support insider attacks. According to this website, network documentation…
Caleb Owusu-Yianoma
  • 143
  • 6
2
votes
1 answer

Is it necessary to have security documentations, policies, DRP & BCP's at place in order to execute secure network architectural review?

One of my client has ISO 27001 audits at their disposal and they have been going through audits. Meanwhile, they are taking custom security services from our company where-in one of the deliverables happen to be Secure Network Architectural Review.…
Shritam Bhowmick
  • 1,602
  • 14
  • 28
1
vote
1 answer

In the United States, when can someone legally search my personal laptop? (Government or private security)

Unlike the United Kingdom, U.S. citizens don't have an explicit right to privacy in the Constitution. Although there are implied privacy rights within "penumbras" of the Bill of Rights this has evolved into various laws that have changed depending…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
1
vote
2 answers

Is Wiki software a good idea for Disaster Recovery Plans?

I am tasked with the initial draft of an IT disaster recovery plan for my organization. My predecessor never started one so now I am the lucky fellow to tackle this project. My experience in working with a disaster recovery plan is '0'. (Don't get…
I2thesecond
  • 11
  • 1
1
vote
0 answers

Addressing security issues for documenting internal systems

The Situation I'm presently a member of a healthcare records team that is sorely understaffed and has an incredibly low bus factor, with only two people with the majority of system knowledge, myself - allocated temporarily, and a consultant - also…
SE Does Not Like Dissent
  • 158
  • 5
1
vote
1 answer

Does the OWASP Zed Attack Proxy project have a list of all the vulnerabilities it tries to find/exploit?

I'm trying to compile a list of vulnerabilities that ZAP tries to find when you run the "Active Scan" in ATTACK mode on a webapp. Does this list exist in the documentation anywhere? If it also has a list of all the inputs that it tries that would be…
trallgorm
  • 875
  • 7
  • 19
0
votes
1 answer

Kubernetes show secrets for namespace

I stumbled upon this command: kubectl get secrets -n namespace-name (Jay Beale, Attacking and Hardening Kubernetes | KringleCon 2020) It seems to list the secrets for a specific namespace (here namespace-name). But I couldn't find any documentation…
secf00tprint
  • 202
  • 1
  • 11
1
2