Questions tagged [documentation]
16 questions
34
votes
5 answers
How can I explain "zero knowledge proof" to an end user?
A ZKP allows proof of knowing the answer to a secret, without actually disclosing what that answer is.
Is there any analogy that can help people put this concept into everyday practice? A "lie to children" example is sufficient.
For example,…
makerofthings7
- 50,090
- 54
- 250
- 536
5
votes
2 answers
How should I document my Public Key Infrastructure?
I'm preparing to document a 3 tier PKI (with multiple second level policy CAs) and want to create a document that is useful, technical, and not too overwhelming to the non-PKI expert.
I suppose the audience could be broken up into the following…
makerofthings7
- 50,090
- 54
- 250
- 536
5
votes
3 answers
How do I diagram a network node with multiple layers of trust?
If I'm communicating security and trust over a network, I might simply note trusted and untrusted nodes. For example, when making an HTTPS connection over some kind proxy node that I own and operate, I trust the protocol and the entire node:
But…
lofidevops
- 3,550
- 6
- 23
- 32
4
votes
1 answer
Which security documents do providers typically share with their customers?
In the context of managed/cloud hosting, what level of information does a provider typically share (under NDA) with its customers for compliance audit/3rd party risk assessment purposes? What are documents that are generally made available, and…
phiz
- 306
- 1
- 6
4
votes
1 answer
Need help collating resources for an information/cyber security audit document for an MSP
I am currently serving out an internship with a small MSP (4 employees, 50-100 clients with between a couple and 100 employees).
My main project is to work on a information/cyber security audit document that is to be used by the employees to perform…
Vehicular IT
- 41
- 1
3
votes
1 answer
How should we store and share information about our security protocols and plans?
I'm assuming that it's a good idea to document your security protocols, response plans, and attack surfaces.
Of course, if you simply stick all of that information on GitHub (minus your secret of course), then it gives attackers a map of your system…
Wayne Werner
- 1,755
- 3
- 15
- 20
3
votes
2 answers
metasploit exploits and payloads documentation
Where can i found the documentation of the exploits and payloads available in metasploit.
I am looking for a documentation that tells what does the exploit or the payload do, and possibly a description and how it works.
Sidahmed
- 639
- 2
- 9
- 26
3
votes
1 answer
What is "Intentionally misleading Artificial Intelligence to create a misleading outcome" called?
I'm writing about a computer system that relies on Artificial Intelligence and the threats that this may include. One threat vector (for example) is to seed Bayesian AI with content to skew the outcome.
Question
Assuming that AI can't tell the…
makerofthings7
- 50,090
- 54
- 250
- 536
2
votes
2 answers
Are documented networks easier to attack? Are undocumented networks easier to protect?
I am learning about network documentation for the first time and have come across the following statement:
Undocumented networks might not be protected and can be used to support insider attacks.
According to this website, network documentation…
Caleb Owusu-Yianoma
- 143
- 6
2
votes
1 answer
Is it necessary to have security documentations, policies, DRP & BCP's at place in order to execute secure network architectural review?
One of my client has ISO 27001 audits at their disposal and they have been going through audits. Meanwhile, they are taking custom security services from our company where-in one of the deliverables happen to be Secure Network Architectural Review.…
Shritam Bhowmick
- 1,602
- 14
- 28
1
vote
1 answer
In the United States, when can someone legally search my personal laptop? (Government or private security)
Unlike the United Kingdom, U.S. citizens don't have an explicit right to privacy in the Constitution. Although there are implied privacy rights within "penumbras" of the Bill of Rights this has evolved into various laws that have changed depending…
makerofthings7
- 50,090
- 54
- 250
- 536
1
vote
2 answers
Is Wiki software a good idea for Disaster Recovery Plans?
I am tasked with the initial draft of an IT disaster recovery plan for my organization. My predecessor never started one so now I am the lucky fellow to tackle this project.
My experience in working with a disaster recovery plan is '0'. (Don't get…
I2thesecond
- 11
- 1
1
vote
0 answers
Addressing security issues for documenting internal systems
The Situation
I'm presently a member of a healthcare records team that is sorely understaffed and has an incredibly low bus factor, with only two people with the majority of system knowledge, myself - allocated temporarily, and a consultant - also…
SE Does Not Like Dissent
- 158
- 5
1
vote
1 answer
Does the OWASP Zed Attack Proxy project have a list of all the vulnerabilities it tries to find/exploit?
I'm trying to compile a list of vulnerabilities that ZAP tries to find when you run the "Active Scan" in ATTACK mode on a webapp. Does this list exist in the documentation anywhere? If it also has a list of all the inputs that it tries that would be…
trallgorm
- 875
- 7
- 19
0
votes
1 answer
Kubernetes show secrets for namespace
I stumbled upon this command:
kubectl get secrets -n namespace-name
(Jay Beale, Attacking and Hardening Kubernetes | KringleCon 2020)
It seems to list the secrets for a specific namespace (here namespace-name). But I couldn't find any documentation…
secf00tprint
- 202
- 1
- 11