2023-08-23, 03:17 PM
(This post was last modified: 2023-08-23, 03:18 PM by TheDreadPirate. Edited 1 time in total.)
(2023-08-23, 06:38 AM)bitmap Wrote: Okay...so for somebody who has a wide breadth of expertise, barely any of networking -- and even less of that in security, how would I even get started on learning about What any of this means?
For instance, I ran my JF instance through the testing site you posted and didn't get a whole lot of warnings or any red flags, the largest one was that my cert expires in less than 60 days (it renews via CertBot probably about that often), but some of the other warnings might as well have been in a different alphabet for how much sense they made to me and there aren't really any resources I'm aware of for learning what it means, identifying a root cause, searching for proper solutions, then implementing.
Thoughts?
I wouldn't worry about that particular cert message. In the grand scheme of the Internet, 90 day certs are uncommon so that test just doesn't account for users like us.
A lot of the concepts in this kind of report is covered in certs like Network+, Security+, CCNA, and CISSP. I have the pluses. A past job suddenly required everyone have the two latter certs before realizing the first try failure rate for both is like 80% and they would lose most of their IT workforce. But I was halfway through studying for them before they dropped the requirement. But my day-to-day job still frequently involves OS and network security.
That NSA github link in my sources has some background info. One is really technical, one is mile high overview. But its something. Read the wikis on TLS, HTTPS, and Forward Secrecy.
https://github.com/nsacyber/Mitigating-O...rmation.md
https://media.defense.gov/2021/Jan/05/20...RAPHIC.PDF
https://media.defense.gov/2021/Jan/05/20...443-20.PDF
https://en.wikipedia.org/wiki/Forward_secrecy
https://en.wikipedia.org/wiki/Transport_Layer_Security (emphasis on the TLS Handshake section https://en.wikipedia.org/wiki/Transport_..._handshake)
https://en.wikipedia.org/wiki/HTTPS
I don't have access to the last report I ran, but if you send me a PM I will give you my email so you can send your report to me. ctrl + S on that test webpage and send me the html file it saves. I can give brief descriptions of the important bits in it.
Jellyfin 10.10.3 (Docker)
Ubuntu 24.04 LTS
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
3x WD Red Pro 6TB CMR in RAIDZ1 (JF Library)
![[Image: GitHub%20Sponsors-grey?logo=github]](https://img.shields.io/badge/GitHub%20Sponsors-grey?logo=github)
Ubuntu 24.04 LTS
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
3x WD Red Pro 6TB CMR in RAIDZ1 (JF Library)
