Security

A 8-post collection

Using Let’s Encrypt TLS Certificates for SMTP, IMAP, and HTTP

One of the greatest advances towards securing the Internet happened on April 12, 2016 when the Internet Security Research Group (ISRG) launched the “Let’s Encrypt” X.509 Transport Layer Security (TLS) (you may recognize it by the older SSL moniker) Certificate Authority. Major sponsors of the ISRG include the Electronic Frontier Foundation (EFF), the Mozilla Foundation, Akamai, and Cisco. The purpose of Let’s Encrypt is to provide free TLS certificates to anyone that can prove they own a domain so that they can secure the communications between their clients and their server through encryption. The service is fully automated and renewals are automated as well, keeping the certificates current and validated. However, securing your website is but one...

Ubiquiti - Configure micro-segmentation for IoT devices

Internet of Things (IoT) The Internet of Things is a label that the computer industry, the media, and manufacturers have created to describe small devices that live on a network and provide a specific feature. The Internet of things (stylised Internet of Things or IoT) is the internetworking of physical devices, vehicles (also referred to as "connected devices" and "smart devices"), buildings and other items—embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data. [...] The IoT allows objects to be sensed and/or controlled remotely across existing network infrastructure, creating opportunities for more direct integration of the physical world into computer-based systems, and resulting in improved efficiency,...

Cryptolocker - An Executive Infection

On Monday morning, I got a call from one of our Executives telling me that his home computer was displaying a strange message and asking for some assistance.  I asked what was displaying on the screen and he responded, “It’s asking for me to pay them money to get my files”.  After listening to Steve Gibson’s (@SGgrc) and Leo Laporte’s (@leolaporte) Security Now podcast from last Wednesday (#427: A Newsy Week), I dreaded the answer to my next question.  “Please read me what it says on the screen, ” I asked.  He responded with, “Your personal files are encrypted!  Your important files encryption produced on this computer…”, oh no… My Executive’s personal home computer had been infected...

Astaro Security Gateway - Setting up a Public Web Server with Web Application Firewall

I run an Astaro Security Gateway (ASG) from Sophos (now called Sophos Unified Threat Management (UTM)) for the bulk of my firewall needs at home.  Sophos (and Astaro before them) did a nice thing in allowing Home Users to run the product for up to 50 internal IP addresses for free.  You can download the home version of the product here, including a VMware Appliance, which is what I use. This is not your run-of-the-mill firewall and as such the configuration for various options can be quite tricky.  I recently wanted to expose an internal server’s web server on a public URL so I could access it when I’m not at home.  There are two ways of accomplishing...

Configure SSH2 Access for Updating WordPress

WordPress is one of the most popular blogging platforms on the Internet. One of the first things I do when I setup a new WordPress installation is harden it. You can read about a number of my suggestions in the article Secure Your WordPress Installation. However, one of the more complex activities I undertake is securing the upgrade facility so that it uses SSH for handling all of my site’s updates. This is for Ubuntu 10.04 LTS: Create a “wordpress” user that will be used to manage your site. [shell] % sudo adduser wordpress [/shell] Add the following lines to your wp-config.php, I usually put mine right after the Language definition: [shell] /** Define Upgrade FTP Usernames and Passwords...