http://www.howtoforge.com/taxonomy/term/9/all en http://www.howtoforge.com/themes/htf_glass/images/howtoforge_logo_glass_blue.gif http://www.howtoforge.com/taxonomy/term/9/all http://www.howtoforge.com/add-wikid-two-factor-authentication-to-astaro-security-gateway <p><b>How To Add WiKID Two-Factor Authentication To The Astaro Security Gateway</b></p> <p>Astaro is a very popular Linux-based "all-in-one" security appliance offering spam filtering, malware protection, firewall, VPN, etc. The WiKID Strong Authentication Server is a dual-source two-factor authentication system. PINs are encrypted on a software token and sent to the WiKID server. If the PIN is correct, the encryption valid and the account active, a one-time password is generated, encrypted and returned to the user's token where it is decrypted and presented for use with a network-based services. This document will show how to add WiKID two-factor authentication to the Astaro Security Gateway version 7 using Radius.</p> <a href="http://www.howtoforge.com/add-wikid-two-factor-authentication-to-astaro-security-gateway" title="Read the rest of this posting." class="read-more">Read more...</a> Security Fri, 16 May 2008 14:20:39 +0200 http://www.howtoforge.com/add-wikid-two-factor-authentication-to-astaro-security-gateway http://www.howtoforge.com/add-wikid-two-factor-authentication-to-astaro-security-gateway#comment http://www.howtoforge.com/setting-up-truecrypt-5.1a-on-debian-etch-gnome <p><b>Protect Your Files With TrueCrypt 5.1a On Debian Etch (GNOME)</b></p> <p>This document describes how to set up TrueCrypt 5.1a on Debian Etch (GNOME). Taken from the TrueCrypt page: "TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta data, etc)."</p> <a href="http://www.howtoforge.com/setting-up-truecrypt-5.1a-on-debian-etch-gnome" title="Read the rest of this posting." class="read-more">Read more...</a> Debian Desktop Security Sun, 11 May 2008 19:12:19 +0200 http://www.howtoforge.com/setting-up-truecrypt-5.1a-on-debian-etch-gnome http://www.howtoforge.com/setting-up-truecrypt-5.1a-on-debian-etch-gnome#comment http://www.howtoforge.com/granular-bandwidth-management-rules-in-safesquid-proxy-server <p><b>How To Configure Granular Bandwidth Management Rules In SafeSquid Proxy Server</b></p> <p>Administrators can use SafeSquid to granularly distribute bandwidth across the network, depending on user, group, website being visited, mime or file type being accessed, and time / date range. This is achieved by defining the desired situation, by creating a profile under the Profiles section, and then allocating a specific bandwidth (QoS) to that profile.</p> <a href="http://www.howtoforge.com/granular-bandwidth-management-rules-in-safesquid-proxy-server" title="Read the rest of this posting." class="read-more">Read more...</a> Security Thu, 08 May 2008 14:11:47 +0200 http://www.howtoforge.com/granular-bandwidth-management-rules-in-safesquid-proxy-server http://www.howtoforge.com/granular-bandwidth-management-rules-in-safesquid-proxy-server#comment http://www.howtoforge.com/the-perfect-spamsnake-ubuntu-8.04 <P><B>The Perfect SpamSnake - Ubuntu 8.04 LTS</b></p> <P>This tutorial shows how to set up an Ubuntu Hardy Heron (8.04 LTS) based server as a spamfilter in Gateway mode.&nbsp;In the end, you will have a SpamSnake Gateway which will relay clean emails to your MTA.&nbsp;You will also be able to view your incoming queue, train your SpamSnake and carry out a few more advanced operations via MailWatch.</p><a href="http://www.howtoforge.com/the-perfect-spamsnake-ubuntu-8.04" title="Read the rest of this posting." class="read-more">Read more...</a> Anti-Spam/Virus Ubuntu Postfix Thu, 01 May 2008 18:45:36 +0200 http://www.howtoforge.com/the-perfect-spamsnake-ubuntu-8.04 http://www.howtoforge.com/the-perfect-spamsnake-ubuntu-8.04#comment http://www.howtoforge.com/installing-mod-security-on-sles10 <p><b> How To Install mod_security/mod_security2 On SuSE Linux Enterprise Server 10 (SLES10)</b></p> <p>The Apache module mod_security is a very powerful security module. Combined with predefined rules, you can close many security wholes on your server, opened by bad written php or perl apps. Unfortunately mod_security is not part of the SLES10 distribution. To install mod_security to have to install some 3rd party modules. This guide helps you to install mod_security on SLES10 in a reproducable way (RPM). It also helps you to remove the module, by building RPM packages you can easily uninstall.</p> <a href="http://www.howtoforge.com/installing-mod-security-on-sles10" title="Read the rest of this posting." class="read-more">Read more...</a> SuSE Apache Security Fri, 18 Apr 2008 09:38:03 +0200 http://www.howtoforge.com/installing-mod-security-on-sles10 http://www.howtoforge.com/installing-mod-security-on-sles10#comment http://www.howtoforge.com/setting-up-an-iptables-firewall-with-firehol-on-ubuntu <p><b>Setting Up An Iptables Firewall On Ubuntu With Firehol</b></p> <p> Everybody, who tried to configure an iptables firewall knows, that it can be quite a PITA. <i>firehol</i> is a tool that helps us to configure iptables according to our needs. In this How-To, I will discribe how to set up an iptables firewal using firehol that only allows SSH and ICMP (the protocol responsible for ping and traceroute). Also, only incoming connections are filtered, and outgoing connections are allowed.</p> <a href="http://www.howtoforge.com/setting-up-an-iptables-firewall-with-firehol-on-ubuntu" title="Read the rest of this posting." class="read-more">Read more...</a> Ubuntu Security Wed, 16 Apr 2008 13:31:20 +0200 http://www.howtoforge.com/setting-up-an-iptables-firewall-with-firehol-on-ubuntu http://www.howtoforge.com/setting-up-an-iptables-firewall-with-firehol-on-ubuntu#comment http://www.howtoforge.com/control-access-to-unwanted-websites-using-url-blacklist-with-safesquid-proxy-server <p><b>How To Control Access To Unwanted Websites Using URL Blacklist With SafeSquid Proxy Server</b></p> <p>SafeSquid - Content Filtering Internet Proxy, has many content filtering features that can be used to decide who is allowed what, when and how much on the net. In this tutorial I will describe how to control access to unwanted categories of websites, by using URL Blacklist database with SafeSquid Proxy Server.</p> <a href="http://www.howtoforge.com/control-access-to-unwanted-websites-using-url-blacklist-with-safesquid-proxy-server" title="Read the rest of this posting." class="read-more">Read more...</a> Security Tue, 15 Apr 2008 12:53:00 +0200 http://www.howtoforge.com/control-access-to-unwanted-websites-using-url-blacklist-with-safesquid-proxy-server http://www.howtoforge.com/control-access-to-unwanted-websites-using-url-blacklist-with-safesquid-proxy-server#comment http://www.howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-mandriva2008.1 <p><b>Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Mandriva 2008.1)</b></p> <p>This document describes how to install a Postfix mail server that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I will also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses. In addition to that, this tutorial covers the installation of <b>Amavisd</b>, <b>SpamAssassin</b> and <b>ClamAV</b> so that emails will be scanned for spam and viruses. I will also show how to install <b>SquirrelMail</b> as a webmail interface so that users can read and send emails and change their passwords.</p> <a href="http://www.howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-mandriva2008.1" title="Read the rest of this posting." class="read-more">Read more...</a> Anti-Spam/Virus Mandriva Postfix Sun, 13 Apr 2008 19:35:31 +0200 http://www.howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-mandriva2008.1 http://www.howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-mandriva2008.1#comment http://www.howtoforge.com/two-factor-authentication-google-apps-gheimdall <p><b>How to add two-factor authentication to Google Apps for your Domain using open source software</b></p> <p>Everybody loves GMail. With Google Apps for you Domain, you can use GMail with your own domain, allowing organizations to outsource their email - and the requisite anti-spam filtering to Google. Webmail is very convenient, but for frequent travellers and those who use public wifi, it can be quite dangerous. Logging in from a kiosk or shared computer is a sure way to get your username and password stolen by a keystroke logger. Using a public WiFi system can lead to a man-in-the-middle attack. In this document we will take advantage of two open source projects to add two-factor authentication to Google Apps. The first is Gheimdall, a a TurboGears project for Google Apps SSO service. Gheimdall supports PAM and LDAP authentication natively. It also includes sample code to add new authentication methods, which made it very easy to add two-factor authentication from WiKID. WiKID is a dual-source two-factor authentication solution that uses public key cryptography to strongly authenticate users.</p> <a href="http://www.howtoforge.com/two-factor-authentication-google-apps-gheimdall" title="Read the rest of this posting." class="read-more">Read more...</a> CentOS Fedora Email Security Fri, 04 Apr 2008 14:45:47 +0200 http://www.howtoforge.com/two-factor-authentication-google-apps-gheimdall http://www.howtoforge.com/two-factor-authentication-google-apps-gheimdall#comment http://www.howtoforge.com/encrypting-file-systems-with-truecrypt-on-fedora8 <p><b>Protect Your Files With TrueCrypt 5 On Fedora 8</b></p> <p>This document describes how to set up TrueCrypt 5 on Fedora 8. Taken from the TrueCrypt page: "TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta data, etc)."</p> <a href="http://www.howtoforge.com/encrypting-file-systems-with-truecrypt-on-fedora8" title="Read the rest of this posting." class="read-more">Read more...</a> Fedora Desktop Security Thu, 03 Apr 2008 18:39:44 +0200 http://www.howtoforge.com/encrypting-file-systems-with-truecrypt-on-fedora8 http://www.howtoforge.com/encrypting-file-systems-with-truecrypt-on-fedora8#comment http://www.howtoforge.com/setting-up-an-ssh-certificate-for-ubuntu-from-a-mac <p><b>Setting Up An SSH Certificate For Ubuntu From A Mac</b></p> <p>This howto should help you with setting up an RSA public and private key setup from a Mac to an Ubuntu box. Of course, this <i>should</i> be possible with other OS's but I have not tested it.</p><a href="http://www.howtoforge.com/setting-up-an-ssh-certificate-for-ubuntu-from-a-mac" title="Read the rest of this posting." class="read-more">Read more...</a> Ubuntu Security Tue, 01 Apr 2008 13:22:08 +0200 http://www.howtoforge.com/setting-up-an-ssh-certificate-for-ubuntu-from-a-mac http://www.howtoforge.com/setting-up-an-ssh-certificate-for-ubuntu-from-a-mac#comment http://www.howtoforge.com/set-up-internet-access-control-and-internet-filtering-with-safesquid <p><b>How To Set Up Internet Access Control And Internet Filtering With SafeSquid Proxy Server</b></p> <p>SafeSquid - Content Filtering Internet Proxy, has many content filtering features that can be used to decide who is allowed what, when and how much on the net. In this tutorial I will describe how to create user profiles, and give them access to specific websites only, while blocking access to all other websites.</p> <a href="http://www.howtoforge.com/set-up-internet-access-control-and-internet-filtering-with-safesquid" title="Read the rest of this posting." class="read-more">Read more...</a> Security Fri, 28 Mar 2008 11:42:00 +0100 http://www.howtoforge.com/set-up-internet-access-control-and-internet-filtering-with-safesquid http://www.howtoforge.com/set-up-internet-access-control-and-internet-filtering-with-safesquid#comment http://www.howtoforge.com/set-up-ssh-with-public-key-authentication-debian-etch <p><b>How To Set Up SSH With Public-Key Authentication On Debian Etch</b></p> <p>This mini-howto explains how to set up an SSH server on Debian Etch with public-key authorization (and optionally with disabled password logins). SSH is a great tool to control Linux-based computers remotely. It's safe and secure.</p> <a href="http://www.howtoforge.com/set-up-ssh-with-public-key-authentication-debian-etch" title="Read the rest of this posting." class="read-more">Read more...</a> Debian Security Thu, 27 Mar 2008 11:16:09 +0100 http://www.howtoforge.com/set-up-ssh-with-public-key-authentication-debian-etch http://www.howtoforge.com/set-up-ssh-with-public-key-authentication-debian-etch#comment http://www.howtoforge.com/securing-vsftp-with-ssl-and-two-factor-authentication <P><B>How to Secure VSFTP with SSL and Two-factor Authentication</b></p><P>Recently, there was a report from Finjan that administrator credentials for over 9,000 FTP servers were for sale. Then, F-Secure noted an increase in FTP-based attacks. Many companies and organization still use FTP extensively. If you're running an FTP server and you think you're admin credentials might be one of those 9,000, you should consider implementing two-factor authentication for SSH, which will then also give you two-factor authentication for SCP. This document shows how to configure the popular and secure VSFTP to use SSL for encryption and WiKID for two-factor authentication for your FTP users.</p><a href="http://www.howtoforge.com/securing-vsftp-with-ssl-and-two-factor-authentication" title="Read the rest of this posting." class="read-more">Read more...</a> FTP Security Mon, 24 Mar 2008 17:01:57 +0100 http://www.howtoforge.com/securing-vsftp-with-ssl-and-two-factor-authentication http://www.howtoforge.com/securing-vsftp-with-ssl-and-two-factor-authentication#comment http://www.howtoforge.com/virus-protection-with-avast-on-ubuntu-gutsy-gibbon <p><b>Virus Protection With avast! Linux Home Edition On Ubuntu Gutsy Gibbon</b></p> <p>This tutorial shows how you can install and use avast! Linux Home Edition on an Ubuntu Gutsy Gibbon desktop. Although there aren't many Linux viruses out there, this can be useful if you often exchange files with Windows users - it can help you to not pass on any Windows viruses (that don't do any harm to Linux systems) to Windows users. avast! Linux Home Edition is free for private and non-commercial use.</p> <a href="http://www.howtoforge.com/virus-protection-with-avast-on-ubuntu-gutsy-gibbon" title="Read the rest of this posting." class="read-more">Read more...</a> Ubuntu Desktop Security Tue, 18 Mar 2008 12:49:12 +0100 http://www.howtoforge.com/virus-protection-with-avast-on-ubuntu-gutsy-gibbon http://www.howtoforge.com/virus-protection-with-avast-on-ubuntu-gutsy-gibbon#comment