The information on this site is intended for the cybersecurity or audit professional or aspiring professional. The intention is to provide true value by providing education, guidance, and actionable information that helps the practitioner to do his or her daily job.
Multi-cloud, hybrid and on-ptem privileged access
Securing privileged access does not need to be complex. It does not need password vaults or rotating thousands or millions of passwords per day. In fact, you can get rid of passwords on servers entirely, reducing risk of credential theft.
- Next Generation Privileged Access Management
- PrivX™ Lean Privileged Access Management for multi-cloud
- More Identity and Access Management Topics
Compliance, audit, risk, and security management
Today's security is largely driven by regulations and industry best practices for managing risk. Understand what the different requirements say, and how to assess and achieve risk and compliance in relation to the SSH protocol.
- Compliance and Audit Overview
- NIST Cybersecurity Framework
- NIST Guidelines on SSH Keys
- NIST SP 800-53 - Mandatory Controls for US Federal Government
- ISO 27001 - Cybersecurity management process
- HIPAA Security Rule - Cybersecurity requirements in healthcare
- PCI DSS - Requirements for credit card processing
SSH (Secure Shell)
SSH (Secure Shell) is used everywhere for managing servers and devices in the cloud and in remote data centers. More than half of world's web servers are managed using SSH. We developed it.
- SSH (Secure Shell) Home Page
- SSH Key Management
- Universal SSH Key Manager®
- Risk of SSH Tunnel Backdoors from Internet to Intranet
- Malware and Attacks on SSH
DevOps, IoT, Cloud
Securing DevOps (modern agile software development processes), IoT (internet-connected devices small and large), and cloud services (outsourced IT infrastructure) are important topics for every IT and R&D organization today.
Learn to understand and use cryptography and public key infrastructure.
Learn to understand more about Ephemeral Access and Ephemeral Certificates.
Attack methods and vulnerabilities
This section lists various techniques of attacking systems and interesting vulnerabilities.