Security Guide
1. Security Overview
Expand section "1. Security Overview" Collapse section "1. Security Overview"
1. 1.1. Introduction to Security
  Expand section "1.1. Introduction to Security" Collapse section "1.1. Introduction to Security"
  1. 1.1.1. What is Computer Security?
    
    Expand section "1.1.1. What is Computer Security?" Collapse section "1.1.1. What is Computer Security?"
    
    1.1.1.1. How did Computer Security come about?
    
    1.1.1.2. Security Today
    
    1.1.1.3. Standardizing Security
  2. 1.1.2. SELinux
  3. 1.1.3. Security Controls
    
    Expand section "1.1.3. Security Controls" Collapse section "1.1.3. Security Controls"
    
    1.1.3.1. Physical Controls
    
    1.1.3.2. Technical Controls
    
    1.1.3.3. Administrative Controls
  4. 1.1.4. Conclusion
2. 1.2. Vulnerability Assessment
  Expand section "1.2. Vulnerability Assessment" Collapse section "1.2. Vulnerability Assessment"
  1. 1.2.1. Thinking Like the Enemy
  2. 1.2.2. Defining Assessment and Testing
    
    Expand section "1.2.2. Defining Assessment and Testing" Collapse section "1.2.2. Defining Assessment and Testing"
    
    1.2.2.1. Establishing a Methodology
  3. 1.2.3. Evaluating the Tools
    
    Expand section "1.2.3. Evaluating the Tools" Collapse section "1.2.3. Evaluating the Tools"
    
    1.2.3.1. Scanning Hosts with Nmap
    
    Expand section "1.2.3.1. Scanning Hosts with Nmap" Collapse section "1.2.3.1. Scanning Hosts with Nmap"
    
    1.2.3.1.1. Using Nmap
    
    1.2.3.2. Nessus
    
    1.2.3.3. Nikto
    
    1.2.3.4. Anticipating Your Future Needs
3. 1.3. Security Threats
  Expand section "1.3. Security Threats" Collapse section "1.3. Security Threats"
  1. 1.3.1. Threats to Network Security
    
    Expand section "1.3.1. Threats to Network Security" Collapse section "1.3.1. Threats to Network Security"
    
    1.3.1.1. Insecure Architectures
    
    Expand section "1.3.1.1. Insecure Architectures" Collapse section "1.3.1.1. Insecure Architectures"
    
    1.3.1.1.1. Broadcast Networks
    
    1.3.1.1.2. Centralized Servers
  2. 1.3.2. Threats to Server Security
    
    Expand section "1.3.2. Threats to Server Security" Collapse section "1.3.2. Threats to Server Security"
    
    1.3.2.1. Unused Services and Open Ports
    
    1.3.2.2. Inattentive Administration
    
    1.3.2.3. Inherently Insecure Services
  3. 1.3.3. Threats to Workstation and Home PC Security
    
    Expand section "1.3.3. Threats to Workstation and Home PC Security" Collapse section "1.3.3. Threats to Workstation and Home PC Security"
    
    1.3.3.1. Bad Passwords
    
    1.3.3.2. Vulnerable Client Applications
4. 1.4. Common Exploits and Attacks
5. 1.5. Security Updates
  Expand section "1.5. Security Updates" Collapse section "1.5. Security Updates"
2. Securing Your Network
Expand section "2. Securing Your Network" Collapse section "2. Securing Your Network"
1. 2.1. Workstation Security
  Expand section "2.1. Workstation Security" Collapse section "2.1. Workstation Security"
  1. 2.1.1. Evaluating Workstation Security
  2. 2.1.2. BIOS and Boot Loader Security
    
    Expand section "2.1.2. BIOS and Boot Loader Security" Collapse section "2.1.2. BIOS and Boot Loader Security"
    
    2.1.2.1. BIOS Passwords
    
    Expand section "2.1.2.1. BIOS Passwords" Collapse section "2.1.2.1. BIOS Passwords"
    
    2.1.2.1.1. Securing Non-x86 Platforms
    
    2.1.2.2. Boot Loader Passwords
    
    Expand section "2.1.2.2. Boot Loader Passwords" Collapse section "2.1.2.2. Boot Loader Passwords"
    
    2.1.2.2.1. Password Protecting GRUB
    
    2.1.2.2.2. Disabling Interactive Startup
  3. 2.1.3. Password Security
    
    Expand section "2.1.3. Password Security" Collapse section "2.1.3. Password Security"
    
    2.1.3.1. Creating Strong Passwords
  4. 2.1.4. Creating User Passwords Within an Organization
    
    Expand section "2.1.4. Creating User Passwords Within an Organization" Collapse section "2.1.4. Creating User Passwords Within an Organization"
    
    2.1.4.1. Forcing Strong Passwords
    
    2.1.4.2. Passphrases
    
    2.1.4.3. Password Aging
  5. 2.1.5. Locking Inactive Accounts
  6. 2.1.6. Customizing Access Control
  7. 2.1.7. Time-based Restriction of Access
  8. 2.1.8. Applying Account Limits
  9. 2.1.9. Administrative Controls
    
    Expand section "2.1.9. Administrative Controls" Collapse section "2.1.9. Administrative Controls"
    
    2.1.9.1. Allowing Root Access
    
    2.1.9.2. Disallowing Root Access
    
    2.1.9.3. Enabling Automatic Logouts
    
    2.1.9.4. Limiting Root Access
    
    2.1.9.5. Account Locking
  10. 2.1.10. Session Locking
    
    Expand section "2.1.10. Session Locking" Collapse section "2.1.10. Session Locking"
    
    2.1.10.1. Locking GNOME Using gnome-screensaver-command
    
    Expand section "2.1.10.1. Locking GNOME Using gnome-screensaver-command" Collapse section "2.1.10.1. Locking GNOME Using gnome-screensaver-command"
    
    2.1.10.1.1. Automatic Lock on Screen Saver Activation
    
    2.1.10.1.2. Remote Session Locking
    
    2.1.10.2. Locking Virtual Consoles Using vlock
  11. 2.1.11. Available Network Services
    
    Expand section "2.1.11. Available Network Services" Collapse section "2.1.11. Available Network Services"
    
    2.1.11.1. Risks To Services
    
    2.1.11.2. Identifying and Configuring Services
    
    2.1.11.3. Insecure Services
  12. 2.1.12. Personal Firewalls
  13. 2.1.13. Security Enhanced Communication Tools
  14. 2.1.14. Enforcing Read-Only Mounting of Removable Media
2. 2.2. Server Security
  Expand section "2.2. Server Security" Collapse section "2.2. Server Security"
  1. 2.2.1. Securing Services With TCP Wrappers and xinetd
    
    Expand section "2.2.1. Securing Services With TCP Wrappers and xinetd" Collapse section "2.2.1. Securing Services With TCP Wrappers and xinetd"
    
    2.2.1.1. Enhancing Security With TCP Wrappers
    
    Expand section "2.2.1.1. Enhancing Security With TCP Wrappers" Collapse section "2.2.1.1. Enhancing Security With TCP Wrappers"
    
    2.2.1.1.1. TCP Wrappers and Connection Banners
    
    2.2.1.1.2. TCP Wrappers and Attack Warnings
    
    2.2.1.1.3. TCP Wrappers and Enhanced Logging
    
    2.2.1.2. Enhancing Security With xinetd
    
    Expand section "2.2.1.2. Enhancing Security With xinetd" Collapse section "2.2.1.2. Enhancing Security With xinetd"
    
    2.2.1.2.1. Setting a Trap
    
    2.2.1.2.2. Controlling Server Resources
  2. 2.2.2. Securing Portmap
    
    Expand section "2.2.2. Securing Portmap" Collapse section "2.2.2. Securing Portmap"
    
    2.2.2.1. Protect portmap With TCP Wrappers
    
    2.2.2.2. Protect portmap With iptables
  3. 2.2.3. Securing NIS
    
    Expand section "2.2.3. Securing NIS" Collapse section "2.2.3. Securing NIS"
    
    2.2.3.1. Carefully Plan the Network
    
    2.2.3.2. Use a Password-like NIS Domain Name and Hostname
    
    2.2.3.3. Edit the /var/yp/securenets File
    
    2.2.3.4. Assign Static Ports and Use iptables Rules
    
    2.2.3.5. Use Kerberos Authentication
  4. 2.2.4. Securing NFS
    
    Expand section "2.2.4. Securing NFS" Collapse section "2.2.4. Securing NFS"
    
    2.2.4.1. Carefully Plan the Network
    
    2.2.4.2. Securing NFS Mount Options
    
    Expand section "2.2.4.2. Securing NFS Mount Options" Collapse section "2.2.4.2. Securing NFS Mount Options"
    
    2.2.4.2.1. Review the NFS Server
    
    2.2.4.2.2. Review the NFS Client
    
    2.2.4.3. Beware of Syntax Errors
    
    2.2.4.4. Do Not Use the no_root_squash Option
    
    2.2.4.5. NFS Firewall Configuration
  5. 2.2.5. Securing the Apache HTTP Server
  6. 2.2.6. Securing FTP
    
    Expand section "2.2.6. Securing FTP" Collapse section "2.2.6. Securing FTP"
    
    2.2.6.1. FTP Greeting Banner
    
    2.2.6.2. Anonymous Access
    
    2.2.6.3. User Accounts
    
    Expand section "2.2.6.3. User Accounts" Collapse section "2.2.6.3. User Accounts"
    
    2.2.6.3.1. Restricting User Accounts
    
    2.2.6.4. Use TCP Wrappers To Control Access
  7. 2.2.7. Securing Postfix
    
    Expand section "2.2.7. Securing Postfix" Collapse section "2.2.7. Securing Postfix"
    
    2.2.7.1. Limiting a Denial of Service Attack
    
    2.2.7.2. NFS and Postfix
    
    2.2.7.3. Mail-only Users
    
    2.2.7.4. Disable Postfix Network Listening
    
    2.2.7.5. Configuring Postfix to Use SASL
  8. 2.2.8. Securing Sendmail
    
    Expand section "2.2.8. Securing Sendmail" Collapse section "2.2.8. Securing Sendmail"
    
    2.2.8.1. Limiting a Denial of Service Attack
    
    2.2.8.2. NFS and Sendmail
    
    2.2.8.3. Mail-only Users
    
    2.2.8.4. Disable Sendmail Network Listening
  9. 2.2.9. Verifying Which Ports Are Listening
  10. 2.2.10. Disable Source Routing
  11. 2.2.11. Reverse Path Forwarding
    
    Expand section "2.2.11. Reverse Path Forwarding" Collapse section "2.2.11. Reverse Path Forwarding"
    
    2.2.11.1. Additional Resources
3. 2.3. Single Sign-on (SSO)
4. 2.4. Pluggable Authentication Modules (PAM)
5. 2.5. Kerberos
6. 2.6. TCP Wrappers and xinetd
  Expand section "2.6. TCP Wrappers and xinetd" Collapse section "2.6. TCP Wrappers and xinetd"
  1. 2.6.1. TCP Wrappers
    
    Expand section "2.6.1. TCP Wrappers" Collapse section "2.6.1. TCP Wrappers"
    
    2.6.1.1. Advantages of TCP Wrappers
  2. 2.6.2. TCP Wrappers Configuration Files
    
    Expand section "2.6.2. TCP Wrappers Configuration Files" Collapse section "2.6.2. TCP Wrappers Configuration Files"
    
    2.6.2.1. Formatting Access Rules
    
    Expand section "2.6.2.1. Formatting Access Rules" Collapse section "2.6.2.1. Formatting Access Rules"
    
    2.6.2.1.1. Wildcards
    
    2.6.2.1.2. Patterns
    
    2.6.2.1.3. Portmap and TCP Wrappers
    
    2.6.2.1.4. Operators
    
    2.6.2.2. Option Fields
    
    Expand section "2.6.2.2. Option Fields" Collapse section "2.6.2.2. Option Fields"
    
    2.6.2.2.1. Logging
    
    2.6.2.2.2. Access Control
    
    2.6.2.2.3. Shell Commands
    
    2.6.2.2.4. Expansions
  3. 2.6.3. xinetd
  4. 2.6.4. xinetd Configuration Files
    
    Expand section "2.6.4. xinetd Configuration Files" Collapse section "2.6.4. xinetd Configuration Files"
    
    2.6.4.1. The /etc/xinetd.conf File
    
    2.6.4.2. The /etc/xinetd.d/ Directory
    
    2.6.4.3. Altering xinetd Configuration Files
    
    Expand section "2.6.4.3. Altering xinetd Configuration Files" Collapse section "2.6.4.3. Altering xinetd Configuration Files"
    
    2.6.4.3.1. Logging Options
    
    2.6.4.3.2. Access Control Options
    
    2.6.4.3.3. Binding and Redirection Options
    
    2.6.4.3.4. Resource Management Options
  5. 2.6.5. Additional Resources
    
    Expand section "2.6.5. Additional Resources" Collapse section "2.6.5. Additional Resources"
    
    2.6.5.1. Installed TCP Wrappers Documentation
    
    2.6.5.2. Related Books
7. 2.7. Securing Virtual Private Networks (VPNs)
  Expand section "2.7. Securing Virtual Private Networks (VPNs)" Collapse section "2.7. Securing Virtual Private Networks (VPNs)"
  1. 2.7.1. IPsec VPN Using Libreswan
  2. 2.7.2. VPN Configurations Using Libreswan
  3. 2.7.3. Host-To-Host VPN Using Libreswan
    
    Expand section "2.7.3. Host-To-Host VPN Using Libreswan" Collapse section "2.7.3. Host-To-Host VPN Using Libreswan"
    
    2.7.3.1. Verify Host-To-Host VPN Using Libreswan
  4. 2.7.4. Site-to-Site VPN Using Libreswan
    
    Expand section "2.7.4. Site-to-Site VPN Using Libreswan" Collapse section "2.7.4. Site-to-Site VPN Using Libreswan"
    
    2.7.4.1. Verify Site-to-Site VPN Using Libreswan
  5. 2.7.5. Site-to-Site Single Tunnel VPN Using Libreswan
  6. 2.7.6. Subnet Extrusion Using Libreswan
  7. 2.7.7. Road Warrior Access VPN Using Libreswan
  8. 2.7.8. Road Warrior Access VPN Using Libreswan and XAUTH with X.509
  9. 2.7.9. Additional Resources
    
    Expand section "2.7.9. Additional Resources" Collapse section "2.7.9. Additional Resources"
    
    2.7.9.1. Installed Documentation
    
    2.7.9.2. Online Documentation
8. 2.8. Firewalls
  Expand section "2.8. Firewalls" Collapse section "2.8. Firewalls"
  1. 2.8.1. Netfilter and IPTables
    
    Expand section "2.8.1. Netfilter and IPTables" Collapse section "2.8.1. Netfilter and IPTables"
    
    2.8.1.1. IPTables Overview
  2. 2.8.2. Basic Firewall Configuration
    
    Expand section "2.8.2. Basic Firewall Configuration" Collapse section "2.8.2. Basic Firewall Configuration"
    
    2.8.2.1. Firewall Configuration Tool
    
    2.8.2.2. Enabling and Disabling the Firewall
    
    2.8.2.3. Trusted Services
    
    2.8.2.4. Other Ports
    
    2.8.2.5. Saving the Settings
    
    2.8.2.6. Activating the IPTables Service
  3. 2.8.3. Using IPTables
    
    Expand section "2.8.3. Using IPTables" Collapse section "2.8.3. Using IPTables"
    
    2.8.3.1. IPTables Command Syntax
    
    2.8.3.2. Basic Firewall Policies
    
    2.8.3.3. Saving and Restoring IPTables Rules
  4. 2.8.4. Common IPTables Filtering
  5. 2.8.5. FORWARD and NAT Rules
    
    Expand section "2.8.5. FORWARD and NAT Rules" Collapse section "2.8.5. FORWARD and NAT Rules"
    
    2.8.5.1. Postrouting and IP Masquerading
    
    2.8.5.2. Prerouting
    
    2.8.5.3. DMZs and IPTables
  6. 2.8.6. Malicious Software and Spoofed IP Addresses
  7. 2.8.7. IPTables and Connection Tracking
  8. 2.8.8. IPv6
  9. 2.8.9. IPTables
    
    Expand section "2.8.9. IPTables" Collapse section "2.8.9. IPTables"
    
    2.8.9.1. Packet Filtering
    
    2.8.9.2. Command Options for IPTables
    
    Expand section "2.8.9.2. Command Options for IPTables" Collapse section "2.8.9.2. Command Options for IPTables"
    
    2.8.9.2.1. Structure of IPTables Command Options
    
    2.8.9.2.2. Command Options
    
    2.8.9.2.3. IPTables Parameter Options
    
    2.8.9.2.4. IPTables Match Options
    
    Expand section "2.8.9.2.4. IPTables Match Options" Collapse section "2.8.9.2.4. IPTables Match Options"
    
    2.8.9.2.4.1. TCP Protocol
    
    2.8.9.2.4.2. UDP Protocol
    
    2.8.9.2.4.3. ICMP Protocol
    
    2.8.9.2.4.4. Additional Match Option Modules
    
    2.8.9.2.5. Target Options
    
    2.8.9.2.6. Listing Options
    
    2.8.9.3. Saving IPTables Rules
    
    2.8.9.4. IPTables Control Scripts
    
    Expand section "2.8.9.4. IPTables Control Scripts" Collapse section "2.8.9.4. IPTables Control Scripts"
    
    2.8.9.4.1. IPTables Control Scripts Configuration File
    
    2.8.9.5. IPTables and IP Sets
    
    Expand section "2.8.9.5. IPTables and IP Sets" Collapse section "2.8.9.5. IPTables and IP Sets"
    
    2.8.9.5.1. Installing ipset
    
    2.8.9.5.2. ipset Commands
    
    2.8.9.5.3. IP Set Types
    
    2.8.9.6. IPTables and IPv6
    
    2.8.9.7. Additional Resources
    
    Expand section "2.8.9.7. Additional Resources" Collapse section "2.8.9.7. Additional Resources"
    
    2.8.9.7.1. Useful Firewall Websites
    
    2.8.9.7.2. Related Documentation
    
    2.8.9.7.3. Installed IP Tables Documentation
3. Encryption
Expand section "3. Encryption" Collapse section "3. Encryption"
1. 3.1. Data at Rest
  Expand section "3.1. Data at Rest" Collapse section "3.1. Data at Rest"
  1. 3.1.1. Full Disk Encryption
  2. 3.1.2. File-Based Encryption
  3. 3.1.3. LUKS Disk Encryption
    
    Expand section "3.1.3. LUKS Disk Encryption" Collapse section "3.1.3. LUKS Disk Encryption"
    
    3.1.3.1. LUKS Implementation in Red Hat Enterprise Linux
    
    3.1.3.2. Manually Encrypting Directories
    
    3.1.3.3. Adding a New Passphrase to an Existing Device
    
    3.1.3.4. Removing a Passphrase from an Existing Device
    
    3.1.3.5. Creating Encrypted Block Devices in Anaconda
    
    3.1.3.6. Additional Resources
2. 3.2. Data in Motion
  Expand section "3.2. Data in Motion" Collapse section "3.2. Data in Motion"
  1. 3.2.1. Virtual Private Networks
  2. 3.2.2. Secure Shell
    
    Expand section "3.2.2. Secure Shell" Collapse section "3.2.2. Secure Shell"
    
    3.2.2.1. Cryptographic Login
    
    3.2.2.2. Multiple Authentication Methods
    
    3.2.2.3. Other Ways of Securing SSH
3. 3.3. OpenSSL Intel AES-NI Engine
4. 3.4. Using the Random Number Generator
5. 3.5. GNU Privacy Guard (GPG)
  Expand section "3.5. GNU Privacy Guard (GPG)" Collapse section "3.5. GNU Privacy Guard (GPG)"
6. 3.6. Using stunnel
  Expand section "3.6. Using stunnel" Collapse section "3.6. Using stunnel"
7. 3.7. Hardening TLS Configuration
  Expand section "3.7. Hardening TLS Configuration" Collapse section "3.7. Hardening TLS Configuration"
  1. 3.7.1. Choosing Algorithms to Enable
  2. 3.7.2. Using Implementations of TLS
    
    Expand section "3.7.2. Using Implementations of TLS" Collapse section "3.7.2. Using Implementations of TLS"
    
    3.7.2.1. Working with Cipher Suites in OpenSSL
    
    3.7.2.2. Working with Cipher Suites in GnuTLS
  3. 3.7.3. Configuring Specific Applications
    
    Expand section "3.7.3. Configuring Specific Applications" Collapse section "3.7.3. Configuring Specific Applications"
    
    3.7.3.1. Configuring the Apache HTTP Server
  4. 3.7.4. Additional Information
4. General Principles of Information Security
5. Secure Installation
Expand section "5. Secure Installation" Collapse section "5. Secure Installation"
1. 5.1. Disk Partitions
2. 5.2. Utilize LUKS Partition Encryption
6. Software Maintenance
Expand section "6. Software Maintenance" Collapse section "6. Software Maintenance"
7. System Auditing
Expand section "7. System Auditing" Collapse section "7. System Auditing"
1. 7.1. Audit System Architecture
2. 7.2. Installing the audit Packages
3. 7.3. Configuring the audit Service
  Expand section "7.3. Configuring the audit Service" Collapse section "7.3. Configuring the audit Service"
  1. 7.3.1. Configuring auditd for a CAPP Environment
4. 7.4. Starting the audit Service
5. 7.5. Defining Audit Rules
  Expand section "7.5. Defining Audit Rules" Collapse section "7.5. Defining Audit Rules"
  1. 7.5.1. Defining Audit Rules with the auditctl Utility
  2. 7.5.2. Defining Persistent Audit Rules and Controls in the /etc/audit/audit.rules File
6. 7.6. Understanding Audit Log Files
7. 7.7. Searching the Audit Log Files
8. 7.8. Creating Audit Reports
9. 7.9. Configuring PAM for Auditing
  Expand section "7.9. Configuring PAM for Auditing" Collapse section "7.9. Configuring PAM for Auditing"
  1. 7.9.1. Configuring pam_tty_audit
10. 7.10. Additional Resources
8. Compliance and Vulnerability Scanning with OpenSCAP
Expand section "8. Compliance and Vulnerability Scanning with OpenSCAP" Collapse section "8. Compliance and Vulnerability Scanning with OpenSCAP"
1. 8.1. Security Compliance in Red Hat Enterprise Linux
2. 8.2. Defining Compliance Policy
  Expand section "8.2. Defining Compliance Policy" Collapse section "8.2. Defining Compliance Policy"
3. 8.3. Using SCAP Workbench
  Expand section "8.3. Using SCAP Workbench" Collapse section "8.3. Using SCAP Workbench"
4. 8.4. Using oscap
  Expand section "8.4. Using oscap" Collapse section "8.4. Using oscap"
  1. 8.4.1. Installing oscap
  2. 8.4.2. Displaying SCAP Content
  3. 8.4.3. Scanning the System
  4. 8.4.4. Generating Reports and Guides
  5. 8.4.5. Validating SCAP Content
  6. 8.4.6. Using OpenSCAP to Remediate the System
    
    Expand section "8.4.6. Using OpenSCAP to Remediate the System" Collapse section "8.4.6. Using OpenSCAP to Remediate the System"
    
    8.4.6.1. OpenSCAP Online Remediation
    
    8.4.6.2. OpenSCAP Offline Remediation
    
    8.4.6.3. OpenSCAP Remediation Review
5. 8.5. Using OpenSCAP with Red Hat Satellite
6. 8.6. Installing USGCB-Compliant System with Kickstart
7. 8.7. Practical Examples
  Expand section "8.7. Practical Examples" Collapse section "8.7. Practical Examples"
  1. 8.7.1. Auditing Security Vulnerabilities of Red Hat Products
  2. 8.7.2. Auditing System Settings with SCAP Security Guide
8. 8.8. Additional Resources
9. Checking Integrity with AIDE
Expand section "9. Checking Integrity with AIDE" Collapse section "9. Checking Integrity with AIDE"
10. Federal Standards and Regulations
Expand section "10. Federal Standards and Regulations" Collapse section "10. Federal Standards and Regulations"
1. 10.1. Introduction
2. 10.2. Federal Information Processing Standard (FIPS)
  Expand section "10.2. Federal Information Processing Standard (FIPS)" Collapse section "10.2. Federal Information Processing Standard (FIPS)"
  1. 10.2.1. Enabling FIPS Mode
  2. 10.2.2. Enabling FIPS Mode for Applications Using NSS
3. 10.3. National Industrial Security Program Operating Manual (NISPOM)
4. 10.4. Payment Card Industry Data Security Standard (PCI DSS)
5. 10.5. Security Technical Implementation Guide
11. References
A. Encryption Standards
Expand section "A. Encryption Standards" Collapse section "A. Encryption Standards"
1. A.1. Synchronous Encryption
  Expand section "A.1. Synchronous Encryption" Collapse section "A.1. Synchronous Encryption"
  1. A.1.1. Advanced Encryption Standard - AES
    
    Expand section "A.1.1. Advanced Encryption Standard - AES" Collapse section "A.1.1. Advanced Encryption Standard - AES"
    
    A.1.1.1. AES History
  2. A.1.2. Data Encryption Standard - DES
    
    Expand section "A.1.2. Data Encryption Standard - DES" Collapse section "A.1.2. Data Encryption Standard - DES"
    
    A.1.2.1. DES History
2. A.2. Public-key Encryption
  Expand section "A.2. Public-key Encryption" Collapse section "A.2. Public-key Encryption"
  1. A.2.1. Diffie-Hellman
    
    Expand section "A.2.1. Diffie-Hellman" Collapse section "A.2.1. Diffie-Hellman"
    
    A.2.1.1. Diffie-Hellman History
  2. A.2.2. RSA
  3. A.2.3. DSA
  4. A.2.4. SSL/TLS
  5. A.2.5. Cramer-Shoup Cryptosystem
  6. A.2.6. ElGamal Encryption
B. Audit System Reference
Expand section "B. Audit System Reference" Collapse section "B. Audit System Reference"
1. B.1. Audit Event Fields
2. B.2. Audit Record Types
C. Revision History
Legal Notice

Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

A.2.5. Cramer-Shoup Cryptosystem

The Cramer–Shoup system is an asymmetric key encryption algorithm, and was the first efficient scheme proven to be secure against adaptive chosen ciphertext attack using standard cryptographic assumptions. Its security is based on the computational intractability (widely assumed, but not proved) of the decisional Diffie–Hellman assumption. Developed by Ronald Cramer and Victor Shoup in 1998, it is an extension of the ElGamal cryptosystem. In contrast to ElGamal, which is extremely malleable, Cramer–Shoup adds additional elements to ensure non-malleability even against a resourceful attacker. This non-malleability is achieved through the use of a collision-resistant hash function and additional computations, resulting in a ciphertext which is twice as large as in ElGamal.^[21]

^[21] "Cramer-Shoup cryptosystem." Wikipedia. 24 February 2010 http://en.wikipedia.org/wiki/Cramer–Shoup_cryptosystem

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Red Hat Training

A.2.5. Cramer-Shoup Cryptosystem