I just sent this to my computer info systems and digital forensics current instructors to point out to them how much they're failing us. You, Ed, are doing the greatest work, you're a hero
Followed this from reddit, binged the whole playlist. Just wanted to comment that this is incredibly well done. * I love the fading pen marks. I imagine this is great for learners for whom English is not a primary language, and it's great for when I'm reviewing/filling in small gaps while watching at 2x. :) * THANK YOU for including a couple episodes with actual math. You explained this more concisely and with better examples/context than the computerphile videos. I'll be recommending your series to anyone I know in the future who wants to better understand digital cryptography.
Hi James. Thank you for the kind words. I'm really happy you enjoyed this content as much as you did =). Yes, I love the math! Not math itself, granted, but the simpler Crypto examples really helped it click for me when I first learned all this, so I was eager to do the same to others watching the video. Do me a favor... if you're willing, do you mind posting a link or two to some of the other videos on Reddit? Self promotion is always looked at with suspicion, but a fellow Sysadmin referring good content is typically well received. No pressure either way. Thanks again for the kind words =).
Hey man, your tutorials are brilliant. Can you please create a new series to discuss optical networks and their components?(SONET/SDH, TDM,WDM,ROADM,RAMAN,WSS, G.709 OTN, FEC, OTN Alarms, OTN TCM, TTI, etc).
Hi Alexander, glad you're enjoying these. You listed a lot =). That is a big ask. ^_^ Regrettably, none of the acronyms seem to be within my expertise to teach =/
In this case of using HSTS, use of following is still vulnerable? 1. Browser extensions interception just like M-I-M attack? The manually installed ones! 2. Use of any non-standard browsers, i.e tor, lunaspace, uc browser, brave? Just curious to knw
Hey Ed.. great explanation on ssl stripping. However I am wondering what happens if the MITM strips the HSTS headers on the response traffic in the scenario of Server MITM Client.
Great question. Preloading is supposed to partially address this issue by making the very first request in HTTPS. However, Preloading does not scale up to the whole internet. Therefore, if the website is not in the Preloading list and if the attacker can strip the HSTS headers by MITM, then the attack scenario you mentioned is possible.
The speed gain is negligible. It could save you a round trip, in certain cases, but the main benefit of implementing HSTS should be security, not speed (that's a side perk).
@@HubertHeller Again, there would be a slight advantage (in some cases) ... but speed shouldn't be the main driver of implementing HSTS =). For instance, if the user already initiated a session to the https version of the site.. there would be no visible affect to speed whether you implement HSTS and/or preload
I don't understand how 307 redirect is able to make the /end/ client (browser) do anything without sending instructions to that client's /end/, therefore having to get through the mitm. The browser must receive the HSTS header to take any action, that header must go through the mitm to get to the browser, and do so on the initial connection, HTTP, unencripted, meaning mitm should be able to just remove that header from the response. And as for HSTS preload, I don't understand that as well. Does it mean that every browser stores static secrets of a number of websites that are required to make HTTPS connection without any negotiation? Isn't that a security risk? And if that's the case, why can't all websites connect immediately through HTTPS?
I hope to make some STP videos at some point, yes. While not explicitly about FHRP, I wrote an article on Gratuitous ARP that touches on how HSRP works, slightly. If you're interested: www.practicalnetworking.net/series/arp/gratuitous-arp
The point is not to protect users but protect your self with encryption. If you use HSTS you can enforce encryption yourself instead of having to rely on the client
👉 *More free lessons* ruclips.net/p/PLIFyRwBY_4bTwRX__Zn4-letrtpSj1mzY
✨ *Full course* pracnet.net/tls
💲 *Coupon Code* for 50% off: youtube50
I just sent this to my computer info systems and digital forensics current instructors to point out to them how much they're failing us. You, Ed, are doing the greatest work, you're a hero
Ha. Thank you Scott. I appreciate the shares =). Hope they sign up for my course!
Followed this from reddit, binged the whole playlist. Just wanted to comment that this is incredibly well done.
* I love the fading pen marks. I imagine this is great for learners for whom English is not a primary language, and it's great for when I'm reviewing/filling in small gaps while watching at 2x. :)
* THANK YOU for including a couple episodes with actual math. You explained this more concisely and with better examples/context than the computerphile videos. I'll be recommending your series to anyone I know in the future who wants to better understand digital cryptography.
Hi James. Thank you for the kind words. I'm really happy you enjoyed this content as much as you did =).
Yes, I love the math! Not math itself, granted, but the simpler Crypto examples really helped it click for me when I first learned all this, so I was eager to do the same to others watching the video.
Do me a favor... if you're willing, do you mind posting a link or two to some of the other videos on Reddit? Self promotion is always looked at with suspicion, but a fellow Sysadmin referring good content is typically well received. No pressure either way. Thanks again for the kind words =).
I've seen this make many wifi guest portals not be able to redirect, too. Great video, as always!
Absolutely!
Glad you enjoyed it =)
OMG what a such amazing video ! Thank you so much for this content and the resources as well. 🙌🏻
Thanks for the video, very informative and easy to understand
You're welcome. Glad you enjoyed it, Jeff.
Been a while since we heard from you.
Fantastic video BTW.
Glad you enjoyed it, Jeremiah. =)
Interesting, thanks for putting this out there.
You're welcome, Kaizen!
no words, awesome videos, Thanks for video
You're very welcome!
Excellent presentation. Thank you!
really well thought out and explained :)
All your videos are very informative. Thank you.
Can you make videos on SD-WAN technology.
You're welcome, Thriveni. SD-WAN isn't in my expertise to teach on, I'm afraid.
excellent description - thanks!!
You're welcome !
Very informative mate, thanks a lot
You're welcome, Michal. Cheers!
Hey man, your tutorials are brilliant. Can you please create a new series to discuss optical networks and their components?(SONET/SDH, TDM,WDM,ROADM,RAMAN,WSS, G.709 OTN, FEC, OTN Alarms, OTN TCM, TTI, etc).
Hi Alexander, glad you're enjoying these.
You listed a lot =). That is a big ask. ^_^
Regrettably, none of the acronyms seem to be within my expertise to teach =/
Brilliant work
Thank you again, Sony =)
Very well explained thank you.🙏
Thanks for the shared information.
Nice explanation
Thank you, Waver =)
Wow ... Amazing Video ❤️❤️ ... Need session on SDN as well... VMware NSX-T please 🙏🙏
Glad you enjoyed it =).
There are so many videos on my list to make. SDN is going to be a ways back. VMware probably isn't on the list, I'm afraid =(
great video; thansk!
In this case of using HSTS, use of following is still vulnerable?
1. Browser extensions interception just like M-I-M attack? The manually installed ones!
2. Use of any non-standard browsers, i.e tor, lunaspace, uc browser, brave?
Just curious to knw
Thanks
Perfect !
Ed thank you 😊
You're welcome, Abdirahman!
thanks verry infomative
Thanks Sir 🙏
You're welcome!
Hey Ed.. great explanation on ssl stripping. However I am wondering what happens if the MITM strips the HSTS headers on the response traffic in the scenario of Server MITM Client.
Great question. Preloading is supposed to partially address this issue by making the very first request in HTTPS. However, Preloading does not scale up to the whole internet. Therefore, if the website is not in the Preloading list and if the attacker can strip the HSTS headers by MITM, then the attack scenario you mentioned is possible.
What specifically on the browser does it use to remember that 63M seconds ?
Aside from security, how much will it make my website faster?
The speed gain is negligible. It could save you a round trip, in certain cases, but the main benefit of implementing HSTS should be security, not speed (that's a side perk).
@@PracticalNetworking what about HS TS preload? Any speed advantage there?
@@HubertHeller Again, there would be a slight advantage (in some cases) ... but speed shouldn't be the main driver of implementing HSTS =).
For instance, if the user already initiated a session to the https version of the site.. there would be no visible affect to speed whether you implement HSTS and/or preload
I don't understand how 307 redirect is able to make the /end/ client (browser) do anything without sending instructions to that client's /end/, therefore having to get through the mitm. The browser must receive the HSTS header to take any action, that header must go through the mitm to get to the browser, and do so on the initial connection, HTTP, unencripted, meaning mitm should be able to just remove that header from the response.
And as for HSTS preload, I don't understand that as well. Does it mean that every browser stores static secrets of a number of websites that are required to make HTTPS connection without any negotiation? Isn't that a security risk? And if that's the case, why can't all websites connect immediately through HTTPS?
❤❤❤
What about self signed warnings?
Hello Master could you share me STP protocol & FHRP.. Details please
I hope to make some STP videos at some point, yes.
While not explicitly about FHRP, I wrote an article on Gratuitous ARP that touches on how HSRP works, slightly. If you're interested:
www.practicalnetworking.net/series/arp/gratuitous-arp
STP is explained by Keith barker here on YT. Definitely check that out. And always banger video form PN.
Why all this? Can't they just enforce SSL connection at browser level for all websites?
The point is not to protect users but protect your self with encryption. If you use HSTS you can enforce encryption yourself instead of having to rely on the client
Enoch Field