Welcome, Guest. Please login or register.
Did you miss your activation email?
August 22, 2017, 06:36:08 PM
Home Help Login Register
News:

CAP Talk  |  Cadet Programs  |  Cadet Programs Management & Activities  |  Topic: CAP CyberPatriot Playbook
0 Members and 1 Guest are viewing this topic.
Pages: [1] Print
Author Topic: CAP CyberPatriot Playbook  (Read 790 times)
Paul Creed III
Forum Regular

Posts: 185
Unit: GLR-OH-254

« on: June 14, 2017, 08:46:42 AM »

The National Cadet Cyber Programs team has written the "CAP CyberPatriot Playbook" to help new coaches and mentors in their endeavors with creating and making their CyberPatriot team successful. 
 
The CyberPatriot Playbook has been posted to the National Cyber Programs website at http://www.cap-cyber.org/index.php/resources and will be updated as often as necessary.

Please feel free to contact me at paul.creed@ohwg.cap.gov with any questions or comments about the Playbook. Input is welcome from the field to improve the Playbook for all of Civil Air Patrol.
Logged
Lt Col Paul Creed III, CAP
Great Lakes Region Cyber Programs Officer
Ohio Wing Group 3 Commander
Mordecai
Salty & Seasoned Contributor

Posts: 1,015
Unit: SI

« Reply #1 on: June 14, 2017, 03:48:24 PM »

Please fix the https certificate.
Logged
Paul Creed III
Forum Regular

Posts: 185
Unit: GLR-OH-254

« Reply #2 on: June 14, 2017, 03:50:12 PM »

Please fix the https certificate.

Can you please clarify where the certificate error is occuring?
Logged
Lt Col Paul Creed III, CAP
Great Lakes Region Cyber Programs Officer
Ohio Wing Group 3 Commander
Mordecai
Salty & Seasoned Contributor

Posts: 1,015
Unit: SI

« Reply #3 on: June 14, 2017, 04:00:27 PM »

Any use of https on that site is throwing the chrome flag of evil.

Your connection is not private

Attackers might be trying to steal your information from www.cap-cyber.org (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID
Logged
TG2
Newbie

Posts: 1
Unit: MER-VA-040

« Reply #4 on: June 14, 2017, 08:30:36 PM »

Any use of https on that site is throwing the chrome flag of evil.

Your connection is not private

Attackers might be trying to steal your information from www.cap-cyber.org (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID

Mordecai
The error "CERT_AUTHORITY_INVALID" comes from the fact that it is a self-signed certificate.  Hence the "Authority" that issued the cert is not a known and established certificate authenticator.  (authenticators are updated routinely in your browser without the users direct knowledge)

The connection is still secure, so long as you trust the site that you're dealing with, and with concern on what you are sharing.  Would I share banking information with cap-cyber.org? no, but for encrypting user/pass and the like, which are unique to that site and only that site, sure.

Certs cost money, and I wouldn't begrudge a site the use of self signed certs so long as I know and trust the site.  Additionally given the level of trust needed, adding the self signed cert to the allowed registry/repository on local machines would allow you to bypass the error.

If you were to use Firefox, you could easily add an exception to the error, while it would still show you invalid certificate iconography in the URL bar.  (eg showing red or line through lock while having HTTPS displayed)

Google (ergo Chrome) is not the authority their statements purport them to be.
Logged
Spaceman3750
Salty & Seasoned Contributor

Posts: 2,599

« Reply #5 on: June 14, 2017, 09:18:00 PM »

https://letsencrypt.org

You and I might know there's no technical issue with a self signed cert, but it's difficult to assert a site as an authority on cyber defense training when it generates security warnings.
Logged
"Anyone can hold the helm when the seas are calm ... leadership is about weathering the storm."

The moment any commander or staff member considers themselves a gatekeeper, instead of a facilitator, they have failed at their job.
I can't fix all of CAP's problems, but I can lead from the bottom by building my squadron as a center of excellence to serve as an example of what every unit can be.
etodd
Salty & Seasoned Contributor

Posts: 689

« Reply #6 on: June 14, 2017, 10:14:24 PM »

Please fix the https certificate.

The link he gave in the post didn't have the https

Its a public link. Does he need to password the page?
Logged
Mordecai
Salty & Seasoned Contributor

Posts: 1,015
Unit: SI

« Reply #7 on: June 15, 2017, 02:42:08 PM »

https://letsencrypt.org

You and I might know there's no technical issue with a self signed cert, but it's difficult to assert a site as an authority on cyber defense training when it generates security warnings.

Precisely this.
Logged
Mordecai
Salty & Seasoned Contributor

Posts: 1,015
Unit: SI

« Reply #8 on: June 15, 2017, 02:42:51 PM »

Please fix the https certificate.

The link he gave in the post didn't have the https

Its a public link. Does he need to password the page?

My browser promotes webpages to https whenever available. Using proper certificates is a cybersecurity best practice that is completely free to do thanks to let's encrypt. If they don't want people using https, they should disable the service on the secure port.
Logged
keystone102
Recruit

Posts: 48

« Reply #9 on: June 15, 2017, 06:39:41 PM »

I smell a lesson on self signed certicates coming on. I do encourage CyberPatriot leaders to create lessons on getting a certificate from a commercial CA or Let's Encrypt. We should encourage all webmasters to use TLS/SSL on their websites.
Logged
Pages: [1] Print 
CAP Talk  |  Cadet Programs  |  Cadet Programs Management & Activities  |  Topic: CAP CyberPatriot Playbook
 


Powered by MySQL Powered by PHP SMF 2.0.13 | SMF © 2016, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.355 seconds with 21 queries.