http://netvouz.com/falko/tag/security?feed=rss&pg=1 falko's bookmarks tagged "security" on Netvouz http://www.howtoforge.com/ssl_vpn_one_time_passcodes_mutual_authentication SSL-based VPNs were designed to eliminate the need for complex configurations on the user's PC. Unfortunately, that was before the dangers of public WiFi networks and tougher regulatory requirements came into being. Thanks to WiFi, many attacks that were difficult are now quite simple. In particular, a man-in-the-middle attack can intercept SSL-encrypted traffic, rendering SSL-based VPNs useless - even if it is protected by a typical one-time password system. The man-in-the-middle can easily feed the one-time password into the SSL-based VPN within the alloted time. falko Mon, 02 Jul 2007 10:04:06 GMT http://www.howtoforge.com/webdav_with_ssl_and_two_factor_authentication This guide documents how to configure a WebDAV resource using SSL and two-factor authentication and how to access that resource from Windows, Linux and Mac. falko Wed, 18 Apr 2007 11:30:38 GMT http://www.howtoforge.com/apache2_mod_security_debian_etch This article shows how to install and configure ModSecurity (version 2) for use with Apache2 on a Debian Etch system. ModSecurity is an Apache module that provides intrusion detection and prevention for web applications. It aims at shielding web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc. falko Sun, 08 Jul 2007 11:50:14 GMT http://www.howtoforge.com/remo_modsecurity_apache Say you have a nasty application on your Apache webserver that has been installed by some people from the marketing department and you can neither remove nor patch it. Maybe it is a time problem, a lack of know-how, a lack of source-code, or possibly even political reasons. Consequently you need to protect it without touching it. There is ModSecurity, but they say this is only for experts. A straightforward alternative is Remo, a graphical rule editor for ModSecurity that comes with a whitelist approach. It has all you need to lock down the application. falko Fri, 08 Jun 2007 10:09:50 GMT http://www.howtoforge.com/php-fpm-nginx-security-in-shared-hosting-environments-debian-ubuntu If you want to use nginx and PHP-FPM for shared hosting environments, you should make up your mind about security. In Apache/PHP environments, you can use suExec and/or suPHP to make PHP execute under individual user accounts instead of a system user like www-data. There's no such thing for PHP-FPM, but fortunately PHP-FPM allows us to set up a "pool" for each web site that makes PHP scripts execute as the user/group defined in that pool. This gives you all the benefits of suPHP, and in addition to that you don't have any FTP or SCP transfer problems because PHP scripts don't need to be owned by a specific user/group to be executed as the user/group defined in the pool. falko Sun, 25 Sep 2011 16:51:02 GMT http://www.howtoforge.com/blockhosts_debian_etch In this article I will show how to install and configure BlockHosts on a Debian Etch system. BlockHosts is a Python tool that observes login attempts to various services, e.g. SSH, FTP, etc., and if it finds failed login attempts again and again from the same IP address or host, it stops further login attempts from that IP address/host. By default, BlockHosts supports services that use TCP_WRAPPERS, such as SSH, i.e. services, that use /etc/hosts.allow or /etc/hosts.deny, but it can also block other services using iproute or iptables. falko Sun, 30 Sep 2007 10:14:14 GMT http://www.howtoforge.com/fail2ban_debian_etch In this article I will show how to install and configure fail2ban on a Debian Etch system. Fail2ban is a tool that observes login attempts to various services, e.g. SSH, FTP, SMTP, Apache, etc., and if it finds failed login attempts again and again from the same IP address or host, fail2ban stops further login attempts from that IP address/host by blocking it with an iptables firewall rule. falko Tue, 01 May 2007 17:45:47 GMT http://www.howtoforge.com/fail2ban_opensuse10.3 In this article I will show how to install and configure fail2ban on an OpenSUSE 10.3 system. Fail2ban is a tool that observes login attempts to various services, e.g. SSH, FTP, SMTP, Apache, etc., and if it finds failed login attempts again and again from the same IP address or host, fail2ban stops further login attempts from that IP address/host by blocking it with an iptables firewall rule. falko Mon, 15 Oct 2007 07:04:56 GMT http://www.howtoforge.com/secure_websites_using_openssl_and_apache This article will guide you through the entire process of setting up a secure website using SSL and digital certificates. This guide assumes that you already have a fully functional (and configured) server running Apache, BIND, and OpenSSL. Just as a side note, this guide was written based on a Fedora Core 6 distribution, but should be the same for most other distros out there. falko Fri, 18 May 2007 09:46:20 GMT http://www.howtoforge.com/proftpd-tls-debian-etch FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure. This article explains how to set up ProFTPd with TLS on a Debian Etch server. falko Fri, 14 Dec 2007 11:32:06 GMT