All Questions
129
questions
-1
votes
1
answer
79
views
How do we secure our network traffic from packet sniffing tools [beyond TLS/SSL] [duplicate]
From following link: Decrypting TLS with Netsh/WireShark
I found its pretty easy to segregate the keys file from tcp requests and later decrypt with WireShark.
Are there any reliable/bullet-proof ...
- 107
0
votes
0
answers
208
views
Router level SSL Inspection
Is there any way I could inspect the traffic from an untrusted device connected to my network? I would like to get a router that has ssl inspection capabilities, where I could check the https packets ...
- 1
3
votes
2
answers
568
views
Decrypting network traffic and finding HTTPS private key
I've been battling with one school task for couple days and can't seem to find any idea how to solve it. The task is pretty simple:
Log in to the server using SSH. The answer to the task is in ...
- 95
1
vote
1
answer
270
views
Why is TLS communication within a VPC important? [duplicate]
In this sense, I understand the encryption needed between say client and server and all communications that are external.
But for a scenario where for all VMs are in the same VPC and not exposed to ...
- 113
0
votes
0
answers
128
views
Can I send confidential information in plain text via an HTTPS POST method?
I have a web app that collects user SSN and driver license number. A POST API via HTTPS send the data to the server. Can I use plain text to transfer the data? Is it safe enough? Is it in accordance ...
0
votes
2
answers
2k
views
TLS1.3 handshake encryption
I was reading about TLS1.3 and my question is that are the server hello extensions encrypted? Why is it so and how are they encrypted?
- 3
1
vote
2
answers
3k
views
Is it a risk to allow security or privacy apps to install a certificate and filter HTTPS?
I recently installed the AdGuard app on Windows and Android. It wants to enable HTTPS filtering and install a certificate. I've seen antivirus do similar things. How exactly does this work and what ...
- 23
2
votes
3
answers
335
views
Confused with the difference between approaches to network level, transport level and application level security
I'm reading from Cryptography and Network Security: Principles and Practice
by William Stallings and I can't quite get the difference between transport and network level security by reading the text.
...
- 123
0
votes
0
answers
68
views
Using someone else's SSL certificate [duplicate]
As far as I know, the SSL certificate is public and anyone can read it. Is it possible in this case, for example, when someone, having copied the SSL certificate of my bank for himself, will be able ...
- 9
0
votes
2
answers
6k
views
Is Peer-to-Peer network unsafe?
I have Computer Networking in my course work this semester. Yesterday, I learned about P2P networking. To learn more, I searched the internet and found this article online, published by The Ohio State ...
- 103
0
votes
2
answers
738
views
How does my HTTPS POST get blocked based on XML content?
There's a web application on a server which I have full access to which accepts POST requests on a REST endpoint. The request payload is expected to be an XML document. For request routing and load ...
- 121
0
votes
1
answer
852
views
What happens after SSL/TLS certificate expires? [closed]
This is what I understand about SSL/TLS protocol:
Web server sends public key with cert.
Client checks cert validity locally using trusted CA list.
Client encrypts symmetric key using server's public ...
- 3
4
votes
3
answers
1k
views
Are TLS v1.3 connections over open Wi-Fi secure?
If a non-compromised device is connected to the internet via open Wi-Fi, anyone can view the traffic.
But if all the connections to the servers use a reasonably secure cryptographic protocol (such as ...
- 3,154
0
votes
0
answers
163
views
Spoofing a server to intercept my IoT device's data
I'm trying to reverse engineer a power meter I've installed to integrate with HomeAssistant. It sends its data to a remote server, where I can log into a UI to view its data. Additionally, they have a ...
- 101
0
votes
0
answers
127
views
Can my college read SSL traffic if I don't validate CA certificate? [duplicate]
My college uses eduroam for WiFi. When setting it up, I am advised to install the college's own CA certificate. I am dubious about this as I have heard that it would allow them to perform a MITM ...
