Security

Want to support HowtoForge? Become a subscriber!
 

How to setup Single Sign On with OTP using simpleSAMLphp and privacyIDEA

How to setup Single Sign On with OTP using simpleSAMLphp and privacyIDEA

This howto will deal with Single Sign On to web pages. Maybe you know OpenID. Similar to Kerberos a "Ticket" is granted to the user to authenticate at other services using the ticket and not the credentials anymore. In this howto we will use SAML (Security Assertion Markup Language) which is more sophisticated than the simple OpenID. SAML can be used to setup trust relations between several entities. This is why it is used between companies and organizations, why online service are using it.

Data Recovery Techniques on Linux

Data Recovery Techniques on Linux

When one of my friends called telling me that he had accidentally deleted some important files from his drive, his exasperation was understandable. It happens to everyone at some point of their computer-using lives. Unfortunately, in his case, those were some extremely important documents that, had he not recovered them, could have proven very costly.

Installing and using Tundeep for network tunnelling and testing on Debian

Installing and using Tundeep for network tunnelling and testing on Debian

Tundeep is a network tunnelling daemon written in C that runs in userspace using libpcap. Tundeep is used as a security testing tool allowing a tester to tunnel through the target network at layer 2. A TAP interface will be brought up on the tester's machine for each level of the network allowing direct interaction with hosts on the network segment through a compromised client device.

How to setup your OTP appliance with privacyIDEA

How to setup your OTP appliance with privacyIDEA

In this howto we will setup a system that can act as your own personal OTP appliance, managing all authentication devices in your network. You then may configure your services to authenticate against this machine. It is a good idea to use some virtualization mechanism. If you have some old hardware around, this is even as good.

How to create a jailed ssh user with Jailkit on Debian Wheezy

How to create a jailed ssh user with Jailkit on Debian Wheezy

This document describes how to install and configure Jailkit in Debian Wheezy Server. Jailkit is a set of utilities to limit user accounts to specific files using chroot() and or specific commands. Setting up a chroot shell, a shell limited to some specific command, or a daemon inside a chroot jail is a lot easier and can be automated using these utilities.

Secure OpenVPN with two-factor authentication from WiKID on Centos 7

Secure OpenVPN with two-factor authentication from WiKID.

In a previous tutorial, we showed how to configure PAM-RADIUS to support two-factor authentication. Now, and in future tutorials, we will add remote access services to this server that will also use WiKID for two-factor authentication. In this tutorial, we will demonstrate how to leverage that setup to add two-factor authentication through radius to OpenVPN on Centos 7.

How To Recover Data From An Encrypted Harddisk On Boot Failure With Ubuntu 14.04

How to recover data from an encrypted harddisk on boot failure with Ubuntu 14.04

This document describes how to recover an encrypted harddisk in a failed boot device for Ubuntu 14.04 Server. This method will work for Ubuntu Desktop also. This is a very havoc situation when the distro fails to boot and we have our important data inside the distro. If the harddisk is not encrypted then we can easily retrieve our data with the help of live-cds or live-USB boot devices, but if the harddisk was encrypted then situation becomes little hectic. I will cover the topic for encrypted harddisk data retrieval from Ubuntu distros.

How To Protect Your Web Server With Sophos UTM

How To Protect Your Web Server With Sophos UTM

In this Howto I will show, how you can setup a webserver to be protected in the demilitarized zone of an enterprise grade firewall. I will use the Sophos UTM Gateway which is available as a software appliance to be installed on "any" hardware and is free for home and personal use.

Manage Yubikeys for LUKS encryption with privacyIDEA

Manage Yubikeys for LUKS encryption with privacyIDEA

So today we will show, how you can manage many yubikeys for many notebooks using privacyIDEA. privacyIDEA is an authentication system for two factor authentication - usually with OTP devices. In a recent version privacyIDEA started to not only answer authentication request, but it was also enhanced to be able to define client machines and add information, which authentication device could be used for an application on a client machine.

Hybrid RAID 1 (Mirror) of RAM drive & SATA HDD Using LVM with LUKS [and systemd unit file] on Fedora Linux

Hybrid RAID 1 (Mirror) of RAM drive & SATA HDD Using LVM with LUKS [and systemd unit file] on Fedora Linux

The IT industry has a continual balance between security and usability. Within this balance, performance usually affects usability. In the realm of protecting "Data at Rest" (i.e. encryption) one may find three factors affecting performance, and therefore usabilty: The harddrive, CPU and RAM. Of these, the harddrive will always prove to be a bottleneck (yes, even with an SDD).

Free Software has a rather elegant solution for protecting Data at Rest, called Linux Unified Key Setup (LUKS). In the spirit of "Freedom 0: The freedom to run the program for any purpose." please enjoy my contribution to our collective knowledgebase of a solution to the fascinating problem of "how can we speed up encyption"?

1
...
next page
last page