RSS Feeds436 results. Narrow Selection By Tag Security AND
Other:
- Perl - Shell - SSH - Kernel - Mail - Networking - Virtualization - Tape Drives - Serial - Modems
- Perl - Shell - SSH - Kernel - Mail - Networking - Virtualization - Tape Drives - Serial - Modems
Winroute Firewall Advances
Some of my readers and clients know that I used to sell Fortinet firewalls. I stopped doing that several years ago because I found their support (for both me and my customers) to be unacceptably poor. The products themselves worked well and were reasonably priced, but support was not good and because of lousy documentation, support was often needed.
| Title | Date | Comments | |||
|---|---|---|---|---|---|
| Kerio Control Connection Limit Reached Alert | 2013 06 | ||||
| - While this alert might indicate suspicious activity, it might just be something simple that you forgot about. - | |||||
| Script to block DOS attacks | 2013 06 | 2013/06/03 TonyLawrence | |||
| - A simple script to block annoying abusers and possibly stop a little theft, too. - | |||||
| Wireshark 101 | 2013 05 | 2013/05/26 TonyLawrence | |||
| - Silly me. I really should have started using Wireshark long before this! - | |||||
| Kerio Control with multiple Internet Interfaces | 2012 11 | 2012/11/30 NickBarron | |||
| - If you have more than one Internet connection, Kerio Control can configure and use these in different ways. Learn how here. - | |||||
| Simple debugging with Kerio Control | 2012 11 | ||||
| - An easy way to use Control as a network sniffer by creating useless rules and adding Accounting logging. - | |||||
| A Verizon FIOS STB and a Kerio Control router | 2012 11 | 2013/01/19 anonymous | |||
| - Verizon provides a router that is needed for their Video on Demand and other TV services to work. How can we use a Kerio Control box with that? - | |||||
| Examining Kerio Control Traffic Rules | 2012 11 | 2012/11/08 TonyLawrence | |||
| - A simple Perl script helps display Kerio Control traffic rules. - | |||||
| Should I buy the Kerio Control Appliance or run the software version? | 2012 10 | ||||
| - Kerio offers its Control firewall in both software and hardware versions. Which should you choose? - | |||||
| Troubleshooting Kerio Control installation | 2012 10 | ||||
| - Setting up Kerio control is usually very easy. If you do experience problems, this guide can help. - | |||||
| Kerio Operator in a separate subnet behind Control Firewall | 2012 09 | 2013/06/14 TonyLawrence | |||
| - Installing Kerio Operator in a private subnet that is not the same as your office LAN network requires some special firewall rules. - | |||||
| Kerio Control Require3WayHandshake dropping packets | 2012 09 | 2012/10/24 NickBarron | |||
| - A Kerio Control 3110 replaces an old SonicWall. Immediately we saw problems with dropped packets: packet dropped: 3-way handshake not completed - | |||||
| How to find password hacks in your Kerio Mailserver log | 2012 08 | ||||
| - If a hacker can guess a password for a mail user on your system, they can send email that will appear to be from a legitimate user. Here's how to find and prevent such use. - | |||||
 | |||||
| Avast Free Antivirus for Mac | 2012 05 | 2012/05/30 NickBarron | |||
| - Will someone please make decent malware/antivirus protection for Macs? I'd hope that Apple would be smart enough to do that itself, but so far they seem uninterested and that leaves me feeling worried. - | |||||
| Why you should let me sell you a new firewall | 2012 05 | 2012/05/20 TonyLawrence | |||
| - I know - your current firewall is working fine. Or so you think. You could be right about that, but let me go over a few reasons why you might want to consider changing that firewall now. - | |||||
| Kerio Control Rip and Replace | 2012 05 | 2013/02/20 TonyLawrence | |||
| - I tore out a perfectly good Astaro Firewall and replaced it with a Kerio Control box. The Astaro was only two years old and was working fine, but tearing it out made both me and my customer very happy. Read on to learn why. - | |||||
| Kerio Control Hardware Appliance firewall | 2012 05 | 2012/05/22 TonyLawrence | |||
| - I got to configure two new Kerio Control hardware appliances this week. Learn what's different about these boxes compared to the software versions. - | |||||
| A Kerio Firewall transplant causes mail problems | 2012 04 | 2012/04/06 TonyLawrence | |||
| - Moving a Kerio Control firewall to new hardware shouldn't be any trouble at all. In fact, it was not, but some red herrings led me to think that something had gone mysteriously wrong. - | |||||
| Understanding Kerio Control Firewall Licensing | 2012 04 | 2012/05/19 TonyLawrence | |||
| - How many user licenses will your Kerio Control firewall require? The answer isn't as simple as it was before, but the current licensing does offer more flexibility. - | |||||
| Misconfigured router causes open SMTP relay | 2012 03 | 2012/03/10 NickBarron | |||
| - The last thing you want is an active mailserver acting as an open relay. Learn how a misconfigured router caused that on an innocent Kerio server. - | |||||
| Book Review - Michal Zalewski's 'The Tangled Web' | 2011 11 | 2011/11/12 TonyLawrence | |||
| - We will not have ventured very far into the Internet forest before we realize that our 'crack team' of web browsers is anything but. Most of them can't seem to tell a squirrel from a poisonous snake. When they do decide to point their weapons at something threatening, we had better duck ourselves, because their aim is atrociously bad. Suspicious looking miscreants appear at the edges of our trail and beckon us to follow them into the dark woods; our guides lay down their weapons and, with beaming grins, trot off never to be seen again! - | |||||
| Exploring Apple Document versions | 2011 11 | ||||
| - When I made the switch, I of course had files under the old account. Some were things I knew I'd need immediately, so I copied them to the new account and changed permissions. Others were things I might need, but then again I might not. What to do about those? - | |||||
| Can Online Services Be Secure? | 2011 08 | 2011/08/22 Ralph | |||
| - Recent data theft disasters have shown that it is not enough to operate a "secure server" and leave all customer's information unencrypted on this server. Because if you think your secure server is invincible, all your customer's data is at risk, the moment it turns out that the secure server is not as secure as you thought. - | |||||
| Advantages of Kerio Control Firewall | 2011 07 | ||||
| - As this customer actually wanted the appliance version, he asked about hardware replacement policies, extended warranties and wondered if he should buy two - | |||||
| Using fail2ban with Kerio Connect mailserver | 2011 06 | 2011/07/14 Pat | |||
| - Fail2ban is fussy about dates in log files; Kerio's security log does not meet its standards - | |||||
| Helping my sister-in-law with Gmail | 2011 06 | 2011/06/02 TonyLawrence | |||
| - I'd rather send pictures or a move than take control of their computer. They can refer back to what I sent over and over again. - | |||||
| Sophos free anti-virus for Mac | 2011 05 | 2011/05/23 TonyLawrence | |||
| - Although the main threat to Macs is trojans and malware, not viruses, the common man doesn't distinguish these - they are all the same to most folks. - | |||||
| A SCO Openserver to Red Hat Linux Conversion | 2011 04 | 2011/04/02 TonyLawrence | |||
| - A detailed history of a SCO to Linux Conversion - including desktop users. - | |||||
| Sendmail VRFY | 2004 09 | ||||
| - In the process of doing some testing of a mail server, I noticed a piece of spam mail delivered to an address that no one should have known about. This disturbed me greatly, because the only place that address appeared was in the mail alias file on my server. Had my server been compromised? - | |||||
| Using sudo | 2002 02 | 2013/03/05 lou | |||
| - I'm sure that there are more poorly written man pages, but "man sudoers" (which is how you find out about "sudo") is among my all time favorites for poor explanation. Let's clear that up. - | |||||
| GPG/PGP Basics | 2001 11 | 2013/04/05 ClovisSangrail | |||
| - Using gpg for encryption, understanding the basic use of GPG for new users. Recently someone asked me for a GPG or PGP public key so that they could send some sensitive material to me by email. - | |||||
| Lost root password (Linux) | 2003 12 | 2012/06/05 anonymous | |||
| - Let's try to fix your lost root password the easy way first. The first thing to try is to boot to single user mode. This MIGHT not work for you, because your system might be configured to still ask for a root password to get to single user mode. If that's the case, we'll use another trick that replaces init with /bin/bash. - | |||||
| Understanding PAM | 2005 03 | 2013/04/18 anonymous | |||
| - PAM is the Pluggable Authentication Module, invented by Sun. It's a beautiful concept, but it can be confusing and even intimidating at first. - | |||||
| Google Earth Street View | 2007 06 | 2011/10/14 bchopper | |||
| - I'm sorry. The ACLU will probably want their card back, but I just don't see cameras as a privacy problem. - | |||||
| OS X ACL usage | 2006 07 | 2011/08/11 AndyCanfield | |||
| - ACL use in OS X. The "chown" man page tells you about their usage, but it leaves a little bit out and isn't all that helpful. - | |||||
| OS X file encryption | 2006 05 | ||||
| - File encryption for Mac OS X. I'm going to look at two methods for encrypting files on Mac OS X. The first is built in, and uses DisK Utilty to create an encrypted disk image. - | |||||
| AIX Operating System Hardening Procedures & Security Guide | 2005 04 | ||||
| - System Hardening Procedures for AIX using the principle of least privilege. If the user does not need the service, they are not allowed to access that service. - | |||||
| What is a Managed Switch? | 2005 08 | 2012/07/17 TonyLawrence | |||
| - A managed switch allows you to control the individual ports of your switch - | |||||
| Unix Permissions | 2001 04 | ||||
| - Note: these are classic Unix permissions. However, many modern Unixes support extended attributes that go beyond this. We'll look at one example of that later in the article. - | |||||
| VPN's and other remote access | 2001 04 | 2011/05/09 TonyLawrence | |||
| - VPN Basics. A VPN is a Virtual Private Network. The concept is that you are using public or other shared lines (generally the Internet) to connect machines, but that all packets are encrypted (so your connections are "private"). - | |||||
| Xinetd | 2003 07 | 2010/10/29 SalvoLtWorfTomaselli | |||
| - Xinetd is a replacement for inetd, which was the original Unix super-daemon used to start network services on demand. The reason for inetd goes back to days of low memory and poor memory management: you didn't want to keep a service running in memory if it was infrequently used. - | |||||
| shc - shell script compiler | 2005 09 | ||||
| - Shell scripts are simple to create, but if a user has permission to execute the script, they also have permission to read it. There are ways to prevent that: - | |||||
| How can I restrict who can login with ssh? | 1997-2003 | 2010/06/27 anonymous | |||
| - There's no reason to allow every user access by ssh. You can restrict ssh logins to a specific set of users by an entry in the config file. - | |||||
| SSH passphrases and keys | 2005 02 | ||||
| - You then need to put the public key (.ssh/id_dsa.pub by default) into the authorized_keys2 file on the server. Once that's done, if you attempt an ssh to the server, you'll be asked for your passphrase rather than the password of the user on the server. Here's the most important thing to understand at this point: The password at the server doesn't matter anymore. You could log into the server and change the password, and ssh is still going to let you in because of the public key and the passphrase you've provided. You could even edit (as root, of course) /etc/shadow on the server and put a * in the password field, which would mean that no password could EVER be used to login as that user, but you could still login as that user using ssh and your key files/passphrase. - | |||||
| Understanding IPTABLES | 2002 11 | 2012/11/29 BigDumbDinosaur | |||
| - Packet filtering is something I've always hard a hard time getting my head around. Not the basics; that's easy enough. It's just the incredible level of detail, the difficulty of keeping it all in your head at once. - | |||||
| Random Numbers | 2003 09 | 2010/07/13 TonyLawrence | |||
| - Understanding Random Numbers. Until fairly recently, cpu's had no direct way to generate random numbers. Intel's Pentium III introduced a hardware random number generator that uses thermal noise "to generate high-quality random and nondeterministic numbers" , but prior to that systems that needed good random numbers had to rely on add-on boards or other external input. - | |||||
| SquidGuard | 2001 09 | ||||
| - squidGuard works with Squid to block access to sites by domain, ip address or even keywords. - | |||||
| sandbox-exec (Mac sandbox wrapper) | 2007 12 | ||||
| - Sandbox-exec can protect yoy from unknown binaries - | |||||
| Audit Logging | 2007 03 | ||||
| - What is required to meet regulatory compliance requirements audit logging? Does logging satisfy all the different regulatory compliance requirements? - | |||||
| Fortinet Firewall Transparent Mode | 2007 04 | ||||
| - Using Fortinet firewall in transparent mode to pass through external IP to an existing router. - | |||||
| SSH Login Attacks | 2005 01 | ||||
| - Failed password for illegal user [username]. in your logs may indicate brute force password guessing attempts. - | |||||
 | |||||
| SSH | 2001 05 | ||||
| - Standard Unix tools like telnet and ftp are not encrypted- everything you type, including your precious passwords, travels in packets that can at least potentially be seen by every machine they pass by or through. - | |||||
| Fortinet Firewall Virtual IP's | 2007 04 | ||||
| - Using Fortinet firewall virtual ip's to forward services to intrnal machines. - | |||||
| ProFTPd, wu-ftpd, and general ftp security | 2004 12 | ||||
| - FTP in general has a long and sad history of security problems. If you need to run an ftp server, you need to keep careful track of vulnerabilites and exploits that may make for a very unhappy da - | |||||
| Basic TrueCrypt Usage | 2010 01 | 2010/01/12 TonyLawrence | |||
| - People have said that they installed TrueCrypt, but have no idea what to do next. OK, maybe the interface isn't all that user friendly. - | |||||
| Security Paranoia - restricting ssh access | 2004 10 | ||||
| - I had email from someone today whose system was hacked, apparently by a dictionary attack over ssh. There is no reason to let that happen to you. - | |||||
| Prevent deletion or moving of files | 2009 10 | ||||
| - You need to let users create files in a common directory, but you don't want them to be able to delete other's files. Or you've put certain files, directories or symlinks into a user's home directory and don't want them to be able to mess with any of those. What can you do? - | |||||
| Domain or not? | 2005 11 | ||||
| - Computer networks are often just automatically set up without much thought: if it's a business, it's set up as a domain, if it's home, it's not. - | |||||
| Protect your Laptop with TrueCrypt | 2009 08 | ||||
| - Truly affordable hard drive, laptop and USB Drive encryption software for your business critical data - | |||||
| ssh forwarding | 2006 06 | ||||
| - Ssh forwarding can be confusing. Let's say we have a machine that our firewall will send traffic to, but we actually want to ssh to another internal machine. - | |||||
More Security articles
