Update for 12-01-22 00:00
This commit is contained in:
parent
30659d91ec
commit
85aafc9964
@ -24,4 +24,19 @@ This is the CIA list of dos and donts.
|
||||
* DONOT leave dates and times like compile timestamps, access times, etc that
|
||||
relate to your time zone
|
||||
* DONOT leave data in the binary that indactes you
|
||||
* DONOT leave data that has "dirty words"
|
||||
* DONOT leave data that has "dirty words" (hacker terms) in binary
|
||||
|
||||
== Network ==
|
||||
|
||||
* DO use E2EE for network comms
|
||||
* NEVER use network protocols that break E2E principle with respect to
|
||||
encrypted payloads
|
||||
* DONOT rely soley on SSL/TLS to secure data in transit
|
||||
* DONOT allow network traffic to be replayable
|
||||
* DO use ITEF RFC compliant network protocols as a blending layer. The actual
|
||||
data should be tunneled through a well known, standard protocol like HTTPS
|
||||
* DONOT break compilance of an RFC protocol being used as a blending layer
|
||||
* DO use variable size and timing jitter of packets, beacons, and
|
||||
communications
|
||||
* DONOT send data with fixed size and timing
|
||||
* DO properly clean up network connections
|
||||
|
Loading…
Reference in New Issue
Block a user