Відео

I don't remember which model we used for the video but it works with any TP link that supports RADIUS. Yes we also support Mac-Based auth www.keytos.io/docs/cloud-radius/manage-cloud-radius-pap-user-passwords/how-to-enable-mac-address-bypass/ and accounting

There are new smartcards that now also support FIDO2 keys. If you purchase one of those then yes the same smartcard can have both the FIDO2 and the SmartCard Certificate

Thank you for the kind words, I really appreciate it!

We used EZCA, here is a video that guides you through the whole process ua-cam.com/video/LV6gN15QWLI/v-deo.htmlsi=Hdhsh9DicdUlpIz3

I don't remember which model we used for the video but it works with any UniFi that supports RADIUS

While using phishing resistant credentials dramatically reduce the attack surface, you are correct it is not a silver bullet for that you have to have a defense in layers. Depending on your organization needs it might even mean having dedicated workstations and identities just for production (Microsoft PAW), these are some of the steps we take here at Keytos: www.keytos.io/blog/cloud-security/azure-ad-identity-security-best-practices

EAP-TLS creates a TLS tunnel by default using the server and client certificate. If you are using EAP-TTLS then it is encrypted using the server certificate. We have a video explaining that here: ua-cam.com/video/A-rNeYL9BUI/v-deo.html

Unfortunately OpenVPN uses a RADIUS protocol that is not supported by Entra ID

Best of luck in the interview :)

Thank you!

Unfortunately not, this is for username and password authentication. For a more secure authentication we recommend using certificates issued by your MDM ua-cam.com/video/LV6gN15QWLI/v-deo.html

Hi, yes there is, you must create a profile for the iPhone, www.keytos.io/docs/cloud-radius/setup-radius-in-mdm/in-device/#how-to-configure-eap-ttlspap-on-macos-for-radius-authentication-with-entra-id-passwords

Thanks for the feedback, we have updated the title to match the content

yes, this is only for Microsoft 365 work accounts

Yes, you can try it for free no credit card required www.keytos.io/docs/azure-pki/getting-started/registering-a-new-tenant/selecting-a-plan/select_plan_in_ezca/ We use our own in house built Certificate Authority as our backend this was built to be cloud native allowing us to scale faster while being more affordable.

you saved me from tons of hours of investigation, pretty appreciated. cheers man

As i said on the other channel of this guy (for whatever reason he has 2 of them). Attacker needs to be in range of your wifi card. The malicious packet is sent to the device itself. If you are not connect anywhere you are still vulnereable

​@@aridlintm Okay, first off, you have to be using your laptop per se if you're out in public. Not connected to a Wi-Fi. If you put your laptop to sleep, it's not sending or receiving packets anymore. Unless you are connected to a Wi-Fi. The only way that somebody could be in proximity to you without you being connected to a wireless network is if you are using your machine, out in public, willy-nilly without an internet connection, and who does that?

You are correct, they are different, but the underlying technology is the same for both

They do use lava lamps for some of their random generators, but for most encryption they use the regular random generators that are approved by the industry www.cloudflare.com/learning/ssl/lava-lamp-encryption/

It is not better, they are both great tools for checking revocation, one offloads the search to the server and the other to the device. Most devices use CRL but for devices or networks that cannot handle large CRLs, OCSP is a great option.

Glad it was helpful!

thanks for the feedback we will make sure to change it in our next videos

thanks for the feedback we will make sure to change it in our next videos

you can always check our www.keytos.io/careers page for the latest job postings

you should be able to create a test subscription by clicking skip for now. It is only free for a month, after the first month it is $200 per CA per month and can be charged either to your credit card or to your Azure account.

Sorry about that, here is the presentation with all the information marketing.keytos.io/hubfs/Presentations/Cybersecurity%20Trends%20for%202024.pdf

Hi thanks for your comment - while the experience seems simple, what happens in the backend is more complex; we talk about it at 4:30, but the gist is that each request has an encrypted password that is set by the MDM and EZCA (Intune sets their own, some MDM solutions only support a static password that is encrypted with the CA public key meaning that the CA is the only one that can access it, and some support dynamic challenge requests meaning that each specific request has it's own password set by the CA (this one is also encrypted), if you are interested, we have a full deep dive on how SCEP works in this video ua-cam.com/video/da6LrQJcSgs/v-deo.html please let us know if you have other questions

Glad we could help:)

yes, anyone with an Azure account can create those resources and create pages. This is why we recommend all organizations to verify that they do not have any dangling DNS that can be exploited.

Hi Currently, EZCA only supports CRL. OCSP support is coming by end of Q3 2023

We are happy to announce that now you can setup your EZCA ca with OCSP docs.keytos.io/azure-pki/creating-your-first-ca/first_subordinate_ca/#ocsp-online-certificate-status-protocol-settings