7MS #7: External Vulnerabilities that Byte (audio)
Episode lucky #7!!!
In this episode I talk about external network vulnerabilities that we see in many of our assessments – some of which are pretty easy to clear up.
- RC4 – a risk that we find just about anywhere SSL is used, but in most cases it’s pretty easy to take “off the menu.”
- Self-signed certs are bad, especially for anything where a login is used. Public SSL certs have come down in cost – especially wildcart certs – so use ‘em!
- DNSSEC – I’ve yet to come across a domain I’ve audited that has DNSSEC enabled (Google doesn’t see many DNS requests that are DNSSEC-enabled), but now’s the time to read up on it. I think it will become a hotter topic this year and next.
- SPF records are easy to make, so use ‘em!