-\section{Cipher Suite Name Cross-Reference}
-\label{section:cipher_suite_names}
+\chapter{Cipher Suite Name Cross-Reference}
+\label{cha:cipher-suite-name}
This table shows the cipher suite names as IANA defined them, the
names OpenSSL uses, and the respective codes.
-\newpage
\section{Disclaimer and scope}
\label{section:disclaimer}
+\label{sec:disclaimer-scope}
\epigraph{``A chain is no stronger than its weakest link, and life is after all a chain''}{William James}
\epigraph{``Encryption works. Properly implemented strong crypto systems are
-\newpage
-\section{Further research}
-\label{section:furtherresearch}
+\chapter{Further research}
+\label{cha:further-research}
The following is a list of services, software packages, hardware devices or protocols that we considered documenting but either did not manage to document yet or might be able to document later. We encourage input from the Internet community.
-\vline{}
-
-\begin{minipage}[b]{0.5\linewidth}
+\begin{multicols}{3}
\begin{itemize}
\item whatsapp (might be problematic\\ since a user/admin can't change anything)
\item Lync
\section{How to read this guide}
-
+\label{sec:how-read-this}
This guide tries to accommodate two needs: first of all, having a handy reference on how to configure the most common services's crypto settings and second of all, explaining a bit, how to chose your own cipher settings.
System administrators who want to copy \& paste recommendations quickly without spending a lot of time on background reading on cryptography or cryptanalysis can do so, by simply searching for the corresponding section in chapter \ref{chapter:PracticalSettings} (``Practical recommendations''). However, for the quick copy \& paste approach it is important to know that this guide assumes users are happy with \textit{cipher String B} which is the baseline and most compatible recommendation that the authors came up with. \textit{Cipher string B} is described in \ref{section:recommendedciphers}. \textit{Cipher String B} covers the most common use-cases (such as running an e-commerce shop, a private homepage, a mail server, $ \ldots $)
-\section{Links}
-\label{section:Links}
-
+\chapter{Links}
+\label{cha:links}
%% NOTE: this should re restructured...
\begin{itemize}
%\section{Motivation}
-%\label{section:Motivation}
+%\label{sec:Motivation}
\section{Webservers}
+\label{sec:webservers}
\input{practical_settings/webserver_generated}
-
-%\newpage
\section{SSH}
+\label{sec:ssh}
\input{practical_settings/ssh}
-
-%\newpage
\section{Mail Servers}
+\label{sec:mail-servers}
\input{practical_settings/mailserver_generated}
-
-
-%\newpage
\section{VPNs}
+\label{sec:vpns}
\input{practical_settings/vpn}
-
-
-%\newpage
\section{PGP/GPG - Pretty Good Privacy}
+\label{sec:pgpgpg-pretty-good}
\input{practical_settings/GPG}
-
-
-%\newpage
%\section{seclayer-tcp}
%\input{practical_settings/seclayer_tcp}
-
-
-%\newpage
\section{IPMI, ILO and other lights out management solutions}
+\label{sec:ipmi-ilo-other}
\input{practical_settings/ipmi}
-
-
%%\section{SIP}
%%\todo{AK: ask Klaus. Write this section, Klaus??? }
-
-
-%\newpage
\section{Instant Messaging Systems}
+\label{sec:inst-mess-syst}
\input{practical_settings/im}
-
-
-%\newpage
\section{Database Systems}
+\label{sec:database-systems}
\input{practical_settings/DBs}
-
-
-%\newpage
\section{Intercepting proxy solutions and reverse proxies}
-\input{practical_settings/proxy_solutions_generated}
-
-
+\label{sec:interc-proxy-solut}
+\input{practical_settings/proxy_solutions_generated}
%%% Local Variables:
%%% mode: latex
-\section{Suggested Reading}
-\label{section:Suggested_Reading}
+\chapter{Suggested Reading}
+\label{cha:suggested-reading}
This section contains suggested reading material.
\begin{itemize}
-\section{Tools}
-\label{section:Tools}
+\chapter{Tools}
+\label{cha:tools}
This section lists tools for checking the security settings.
-\subsection{SSL \& TLS}
+\section{SSL \& TLS}
Server checks via the web
\begin{itemize}
\end{itemize}
-\subsection{Keylength}
+\section{Keylength}
\begin{itemize}
\item \url{http://www.keylength.com} comprehensive online resource for comparison of keylengths according to common recommendations and standards in cryptography.
\end{itemize}
-\subsection{RNGs}
+\section{RNGs}
%% NOTE: should we merge that with chapter 6.6??
\begin{itemize}
\item \href{http://www.cacert.at/random/}{CAcert Random} another random number generator testing service.
\end{itemize}
-\subsection{Guides}
+\section{Guides}
\begin{itemize}
\item See: \url{https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.3.pdf}.
\end{itemize}
\section{Audience}
-
+\label{sec:audience}
Sysadmins. Sysadmins. Sysadmins. They are a force-multiplier.