InfoSec Handbook (discontinued?)

<i> </i>InfoSec HandbookBlog News Series Terminal tips Recommendations Glossary Contact About us<ul> <li>Menu<ul> <li>Blog</li> <li>News</li> <li>Series</li> <li>Terminal tips</li> <li>Recommendations</li> <li>Glossary</li> <li>RSS/Atom</li> <li>Contact</li> <li>About us</li> </ul> </li> </ul>Privacy policy<p>Thank you for your interest in our privacy policy. This policy contains information about how we process your personal data and about your rights according to the European GDPR (General Data Protection Regulation). References below to “we” or “us” refer to the operator of this website. Our website and this privacy policy are provided under Czech and European law.</p>Scope<p>The following privacy policy is valid for https://infosec-handbook.eu/.</p>A short version of our privacy policy<ul> <li>By default, our web server processes your IP address. Processing your IP address is technically necessary to send our content to your client.</li> <li>By default, we do not log any personal data of you. Log files are automatically encrypted after one day and stored in encrypted format for ten days.</li> <li>We do not track your browsing behavior or anything else. We do not try to identify you. We do not collect statistics. We do not set any cookies. We do not serve ads.</li> <li>Your rights are explained in Articles 15–21 and 77 of the European GDPR.</li> <li>In case of any questions related to this privacy policy, feel free to contact us.</li> <li>For further information about our security measures, read our security policy.</li> </ul>Contact details<p>We are private individuals domiciled in different European countries, operating this website and its web server. Our server is physically located in Germany.</p> <p>The controller in terms of the GDPR is:</p> <p> </p>Mr. Jakub Rytíř, M.Sc.<br>190 00 Praha 9, Vysočany<br>Czech RepublicContact details<p> </p>Contents<ul> <li>Definitions</li> <li>Personal data we process</li> <li>Personal data third parties process for us</li> <li>Accessing our website using mirrors and archives</li> <li>Your rights (Articles 15–20 GDPR)</li> <li>Right to object (Article 21 GDPR)</li> <li>Right to lodge a complaint with a supervisory authority (Article 77 GDPR)</li> <li>Changelog</li> </ul>Definitions<p>There are several definitions in the GDPR. The most important definitions are:</p> <ul> <li>‘personal data’ means any information relating to an identified or identifiable <em>natural</em> person</li> <li>‘processing’ means any operation […] on personal data […] such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction</li> </ul> <p>If we talk about your personal data in the following, we mean anything that can be used to identify you. Examples are your name, e-mail address, and IP address. When we talk about “processing of personal data,” we mean any type of processing.</p>Personal data we process<p>When you visit our website, your <strong>IP address</strong> and user-agent are automatically processed by our web server. We automatically get this data from your client (e.g., your web browser or RSS/Atom feed reader). Our web server needs your IP address to send our contents back to your client. By default, we do not process any other personal data from you. Furthermore, our web server doesn’t store your IP address permanently (e.g., in log files).</p> <p>The legal basis for processing your personal data, as explained above, is Article 6(1) f GDPR. Our legitimate interest is providing our content.</p>Logging<p>Our web server writes information about particular client-side requests to so-called log files. We use these log files to detect attack-like behavior and to improve our services. Our web server automatically encrypts all log files after one day using public-key cryptography. The encrypted log files are automatically deleted after ten days.</p> <p>In case of abnormal requests (for technical people: all HTTP status codes except 200, 302, 304), we only log the following. Unusual requests include repeated attempts to access denied files or other attack-like behavior:</p> <ul> <li>timestamp ("[31/Dec/2016:12:01:10 +0100]")</li> <li>IP address (“123.123.123.123”)</li> <li>HTTP status code (“403”)</li> <li>bytes transmitted (“157”)</li> <li>first line of request for each request/HTTP version (“GET /secrets.bak HTTP/1.1)</li> <li>user-agent (“Mozilla/5.0 (Windows NT 6.1. rv:60.0) Gecko/20100101 Firefox/60.0”)</li> <li>in some cases, our web application firewall also logs full client-side requests and full server-side responses</li> </ul> <p>We use this data to identify new attacks, audit blocked requests, and unblock legitimate users, if necessary. We store blocked IP addresses for 14 days. We also use this data to identify broken links (for technical people: HTTP status code 404).</p> <p>The legal basis for processing your personal data, as explained in this section, is Article 6(1) f GDPR. Our legitimate interests are blocking attacks and improving our services.</p>Personal data third parties process for us<p>The following third parties process personal data for us:</p>netcup GmbH, Germany<p>The netcup GmbH (read their privacy policy) provides our servers. The netcup GmbH may log access attempts (IP address, user-agent) for all of its customers (including us) to detect DDoS attacks, attack-like behavior, and so on.</p> <p>We concluded a data processing agreement according to Article 28 GDPR with netcup GmbH.</p> <p>The legal basis for processing your personal data is Article 6(1) f GDPR. Our legitimate interest and the interest of the netcup GmbH is detecting/blocking attack-like behavior and proving our content.</p>Tutao GmbH, Germany (e-mail only)<p>The Tutao GmbH (read their privacy policy) provides our mail server. It isn’t necessary to send us any e-mails to access our website. <strong>If you decide to contact us, you agree that Tutao GmbH and we process your personal data (e.g., name, e-mail address) to answer your request.</strong> We do not use your e-mail address for marketing purposes or tracking. We immediately delete your e-mails after your request is answered.</p> <p>The legal basis for processing your personal data is Article 6(1) a GDPR. You may withdraw your consent with this at any time.</p>Accessing our website using mirrors and archives<p>Third parties may provide our content as a mirror (reflecting the current content) or as an archived website (reflecting outdated content). Kindly note that this privacy policy doesn’t cover such mirrors or archives.</p>Your rights (Articles 15–20 GDPR)<p>According to Articles 15 to 20 of the GDPR, you have several rights concerning your personal data processed by us:</p> <ul> <li>Art. 15: Right of access</li> <li>Art. 16: Right to rectification</li> <li>Art. 17: Right to erasure</li> <li>Art. 18: Right to restriction of processing</li> <li>Art. 19: Notification obligation regarding rectification or erasure of personal data or restriction of processing</li> <li>Art. 20: Right to data portability</li> </ul> <p>You may exercise your rights by contacting us.</p>Right to object (Article 21 GDPR)<p> <strong>You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point e or f of Article 6(1) GDPR, including profiling based on those provisions. We no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of you or for the establishment, exercise or defence of legal claims. This doesn’t affect the lawfulness of processing based on consent before its withdrawal (point c of Article 13(2) GDPR).</strong> </p>Right to lodge a complaint with a supervisory authority (Article 77 GDPR)<p>Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.</p>Changelog<p>We updated this page on May 28, 2020. For transparency, we provide a complete changelog of this page on codeberg.org^{external link}.</p>Latest activity<ul> <li> <p>tutorial</p> <p>KeePassXC and YubiKeys – Setting up the challenge-response mode</p> <p>Dec 12, 2020 · NEW</p> </li> <li> <p>myths</p> <p>Signal messenger myths</p> <p>Nov 5, 2020 · UPDATED</p> </li> <li> <p>Web server security</p> <p>Web server security – Part 3: TLS and security headers</p> <p>Nov 3, 2020 · UPDATED</p> </li> <li> <p>tutorial</p> <p>NTS – Securing NTP with RFC 8915</p> <p>Oct 4, 2020 · NEW</p> </li> <li> <p>tutorial</p> <p>Signify</p> <p>Sep 28, 2020 · NEW</p> </li> </ul>categories<ul> <li>ask-us-anything 3</li> <li>authentication 5</li> <li>discussion 6</li> <li>hack-the-box 1</li> <li>home-network-security 6</li> <li>knowledge 5</li> <li>limits 3</li> <li>monthly-review 12</li> <li>myths 7</li> <li>privacy 13</li> <li>tutorial 12</li> <li>vulnerability 1</li> <li>web-server-security 9</li> </ul>tag cloud2fa 36c3 ad-blocking afwall ama android apache appeals assessment audit blogging bluetooth caa camera capec career certifications cms comptia covid19 crlite cryptcheck csp ct ctf curl cutycapt cve cvss cwe dejablue dns dnssec doh dot e-foundation e-mail e2ee ecsm2019 ecsm2020 encryption ethics exif fail2ban federation fido2 firefox firewall fscrypt ftp gdm gdpr gnupg grub hackthebox hardenize https hugo hygiene infosechandbook ios iot ips isolation jitsi-meet joomla keepassxc keybase knob kr00k kresd lan lets-encrypt libreoffice lineageos lnav logging luks malvertising mastodon matrix metadata minisign mintotp modsecurity monitoring nas nextcloud nginx nitrokey ntp ntpsec nts observatory ocsp open-source openpgp openssl osint ot-security owasp pam password pdfex pentesting photo phpbb policy privacy privacy-policy privacyscore privacytools prtg python rcs redaction remote-access rom router sandbox server-security sha1 side-channel-attack signal signify simjacker social-engineering software-security ssh standard survey tls tor tracking turris-omnia u2f ultravnc usbguard verification vnc waf web-server webauthn webbkoll wibattack wlan wordpress wpa2 wpa3 xmpp yubikeyRSS/Atom · Sitemap · Privacy policy · Security policy · Changelog · Copyright<br> <br>Mirror (codeberg.org)