Security

A 7-post collection

Ubiquiti - Configure micro-segmentation for IoT devices

Internet of Things (IoT) The Internet of Things is a label that the computer industry, the media, and manufacturers have created to describe small devices that live on a network and provide a specific feature. The Internet of things (stylised Internet of Things or IoT) is the internetworking of physical devices, vehicles (also referred to as "connected devices" and "smart devices"), buildings and other items—embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data. [...] The IoT allows objects to be sensed and/or controlled remotely across existing network infrastructure, creating opportunities for more direct integration of the physical world into computer-based systems, and resulting in improved efficiency, accuracy and economic benefit....

Cryptolocker - An Executive Infection

On Monday morning, I got a call from one of our Executives telling me that his home computer was displaying a strange message and asking for some assistance.  I asked what was displaying on the screen and he responded, “It’s asking for me to pay them money to get my files”.  After listening to Steve Gibson’s (@SGgrc) and Leo Laporte’s (@leolaporte) Security Now podcast from last Wednesday (#427: A Newsy Week), I dreaded the answer to my next question.  “Please read me what it says on the screen, ” I asked.  He responded with, “Your personal files are encrypted!  Your important files encryption produced on this computer…”, oh no… My Executive’s personal home computer had been infected...

Astaro Security Gateway - Setting up a Public Web Server with Web Application Firewall

I run an Astaro Security Gateway (ASG) from Sophos (now called Sophos Unified Threat Management (UTM)) for the bulk of my firewall needs at home.  Sophos (and Astaro before them) did a nice thing in allowing Home Users to run the product for up to 50 internal IP addresses for free.  You can download the home version of the product here, including a VMware Appliance, which is what I use. This is not your run-of-the-mill firewall and as such the configuration for various options can be quite tricky.  I recently wanted to expose an internal server’s web server on a public URL so I could access it when I’m not at home.  There are two ways of accomplishing...

Configure SSH2 Access for Updating WordPress

WordPress is one of the most popular blogging platforms on the Internet. One of the first things I do when I setup a new WordPress installation is harden it. You can read about a number of my suggestions in the article Secure Your WordPress Installation. However, one of the more complex activities I undertake is securing the upgrade facility so that it uses SSH for handling all of my site’s updates. This is for Ubuntu 10.04 LTS: Create a “wordpress” user that will be used to manage your site. [shell] % sudo adduser wordpress [/shell] Add the following lines to your wp-config.php, I usually put mine right after the Language definition: [shell] /** * Define Upgrade FTP Usernames and Passwords...

Secure your WordPress Installation

WordPress is an extremely popular web platform with about 7% of all websites running WordPress. That large a population means that attackers have a rich environment to exploit your installation. There have been historical attacks and worms written specifically to target WordPress. Even highly visible bloggers weren’t immune to the attacks. However, there are some simple actions you can take to ensure your WordPress installation is as safe as possible. Backups I shouldn’t have to say this, but if you are not creating backups of your WordPress site, then you will eventually lose it.  This isn’t me being melodramatic.  It’s a fact.  Something will occur and you’ll find that you cannot recover or repair the...