3. Controls removed from Windows 10 STIG between draft and final version

Controls removed from Windows 10 STIG between draft and final version

You got that prompt because the server certificate provided by the website and given to your browser has a PKI trust chain consisting of an intermediate certificate authority and a root certificate authority, both of which are owned and operated by the same organization running the website which provided it. I can see the humor in it.

It's like asking somebody to pinkie swear to make sure they are telling the truth.

All you trust by default is whatever the browser creator chose to include and whatever Microsoft wants you to trust. In that sense, the .mil page with the big red privacy warning is more private than anything else you look at online. I look at it like the page is saying, "I don't trust anyone else to tell you if you can trust me".

It makes no sense from the outside because you have the ability to chose to trust it(The government and therefore it's network resources) or not. but for gov/mil personnel and Sysadmins, it's indispensable. It forms the foundation for client/server authentications of all kinds as well as network traffic encryption and email encryption and digital signatures and code signing and provides a mechanism for two-factor authentication of individuals. There's nothing even remotely close to DoD PKI in the world and I would have no problem adopting it's design for general use if it was available and readily used by others.

Although I am a little bias...This is my job.

There is a program called "InstallRoot" provided by DISA which will install the root certs(2. The current and the new SHA256), intermediate certs(17 but dropping to 15 this Wednesday) as well as the test chain and remove 2 certs which bridge military networks with fed-gov networks(no thanks). It will do this for Windows Certificate Store as well as Firefox's bullshit cert mess(Good intentions, bad execution). It obviously only does this for unclass networks.

Trust certificates are widely misunderstood. Having malicious trust will only allow you to make a mistake. You can have asymmetric key algorithms using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 in perfect forward secrecy and still chose to trust someone you shouldn't. It only allows you to be more confidant in knowing who they are.

/r/sysadmin Thread Parent
Previous
Next

Recently removed from /r/sysadmin

I know of a crazy vulnerable Exchange server at my old work. What to do? Details inside. Intune Windows LAPS - Configuration Profile Applies Successfully, Yet Nothing Happens...Why? Woman starting in IT next month. Should I be worried or not? How to run a meaningful CyberSecurity Risk Workshop/Assesment Amazon Outage I don't know what I'm doing and I need help What's the point of using BitLocker with TPM instead of password when someone can always access your computer without entering a password on boot? How many of you despise IoT? Onboarding 1200 New Users - how to communicate passwords? Gen Z also doesn't understand desktops. after decades of boomers going "Y NO WORK U MAKE IT GO" it's really, really sad to think the new generation might do the same thing to all of us Modern SQL Express Backup Solution [GA] Employee claims she can't use Microsoft Windows for "Religious Reasons" So I got a "correctional talk" yesterday. Rant about new age "senior" IT "specialists" who don't know how to wipe their butt. Do you think remote work is slowly dying? Most companies seem to be pushing RTO, even big tech you folks think ?

More Random Comments

Qri Eunjung Updates [170206] I am stepping down as a moderator and top moderator. Before I do this we need to agree on a couple things and we need to have a little vote. Guys walk into police station wearing ski masks with an Ak and pistol. Well I did it. Weekly Relationship Check-In and Support Thread Best way to fight tickets for no Registration/improper plates? Goodbye dear capsuleers My family did a wolf release. This video is getting hit hundreds of thousands of times everywhere except my Youtube page where it originated. Redditors who've lost best friends, what went wrong? I'm a sex offender who lives at home with my mother. I want to date a woman. What should I do? What are your religious convictions? [Build Complete] Finally got around to building a PC after a few years of lurking. Mid-range to some, magical to me. Monstercat Song Guessing Game #2 (100 Songs) [4:52] My US Government textbook says that Reddit is the most likely place a person would get their news from on the internet. When I accidentally left my browser open and my wife asked what was a 'jiff' and why were they about her