1 \chapter{Further research}
2 \label{cha:further-research}
3 The following is a list of services, software packages, hardware devices or protocols that we considered documenting but either did not manage to document yet or might be able to document later. We encourage input from the Internet community.
8 \item Wi-Fi APs, 802.1X
12 \item DNSSec (mention BCPs)
15 \item S/Mime (check are there any BCPs? )
16 \item TrueCrypt, LUKS, FileVault
24 \item Commerical network equipment vendors
26 \item Moxa , APC, und co... ICS . Ethernet to serial
28 \item v6 spoofing (look at work by Ferndo Gont, Marc Heuse, et. al.)
34 \item DSL modems (where to start?)
36 \item SAML federated auth providers \footnote{e.g., all the REFEDS folks (\url{https://refeds.org/}), including InCommon (\url{http://www.incommon.org/federation/metadata.html} \url{https://wiki.shibboleth.net/confluence/display/SHIB2/TrustManagement})}
37 \item Microsoft SQL Server
38 \item Microsoft Exchange
39 \item HAProxy\footnote{\url{https://lists.cert.at/pipermail/ach/2014-November/001601.html}}
40 \item HTTP Key Pinning (HTKP)
42 \item Elastic Load Balancing (ELB)\footnote{\url{https://lists.cert.at/pipermail/ach/2014-May/001422.html}}
46 \section{Software not covered by this guide}
50 \item telnet: Usage of telnet for anything other than fun projects is highly discouraged
51 \item Simple Network Management Protocol (SNMP): Remote Management Software should not be available from a routed network. There is an inestimable number of problems with these implementations. Popular vendors regularly have exploits or DDoS problems with their embedded remote management and are suffering from SNMP stacks.\footnote{\url{https://lists.cert.at/pipermail/ach/2014-May/001389.html}} Tunneling these services over SSH or stunnel with proper authentication can be used if needed.
52 \item Puppet DB: A Proxy or a tunnel is recommended if it needs to be facing public network interfaces.\footnote{\url{https://lists.cert.at/pipermail/ach/2014-November/001626.html}}
53 \item rsync: Best use it only via SSH for an optimum of security and easiest to maintain.
58 %%% TeX-master: "applied-crypto-hardening"