Security

Want to support HowtoForge? Become a subscriber!
 

How to secure an SSL VPN with one-time passcodes and mutual authentication

How to secure an SSL VPN with one-time passcodes and mutual authentication

SSL-based VPNs were designed to eliminate the need for complex configurations on the user's PC. Unfortunately, that was before the dangers of public WiFi networks and tougher regulatory requirements came into being. Thanks to WiFi, many attacks that were difficult are now quite simple. In particular, a man-in-the-middle attack can intercept SSL-encrypted traffic, rendering SSL-based VPNs useless - even if it's protected by a typical one-time password system. The man-in-the-middle can easily feed the one-time password into the SSL-based VPN within the alloted time.

Entering A Safe Mirror When Logging In With Unionfs And Chroot

Entering A Safe Mirror When Logging In With Unionfs And Chroot

When reading a 'hint' on the website of LinuxFromScratch I discovered the special capabilities of unionfs, specially in combination with chroot. Later I read a HowTo on a wikiwebsite of Gentoo, about entering a chrooted homedirectory when using a special script as shell. Combining these two brings me to using a chrooted environment, which you enter when logging in as a special user. This environment is a exact copy (mirror) of the system you're working on. Because you're in safe copy of the real system, you can do whatever you like, it will never change the system, everything stays inside the cache (the readwrite branch).

Introduction to Antispam Practices

Introduction to Antispam Practices 

Competitive Antispam products, proper legislation, efforts towards a better user education, it has all been tried in order to stop spam. However, unsolicited emails keep consuming the space and time of all email users. Moreover, spam messages can be the cause of serious virus and spyware outbreaks, while others “phish” for sensitive information like bank accounts and passwords.

Introducing Remo - An Easy Way to Secure an Insecure Online Application with ModSecurity

Introducing Remo - An Easy Way to Secure an Insecure Online Application with ModSecurity

Say you have a nasty application on your Apache webserver that has been installed by some jerks from the marketing department and you can neither remove nor patch it. Maybe it is a time problem, a lack of know-how, a lack of source-code, or possibly even political reasons. Consequently you need to protect it without touching it. There is ModSecurity, but they say this is only for experts. A straightforward alternative is Remo, a graphical rule editor for ModSecurity that comes with a whitelist approach. It has all you need to lock down the application.

How to secure VNC remote access with two-factor authentication

How to secure VNC remote access with two-factor authentication

VNC is the most popular remote access solution today. However, it was developed to provide remote access, not to provide secure remote access. Administrators have to add security to VNC by tunneling it through an encrpyted channel such as SSH and adding a layer of authentication. In this article, we will show you how to combine the NoMachine NX server to encrpyt VNC and remote X session combined with two-factor authentication from WiKID Systems to create a secure, fast remote access solution.

Secure Websites Using SSL And Certificates

Secure Websites Using SSL And Certificates

This how-to will guide you through the entire process of setting up a secure website using SSL and digital certificates. This guide assumes that you have already a fully functional (and configured) server running Apache, BIND, and OpenSSL. Just as a side note, this guide was written based on a Fedora Core 6 distribution, but should be the same for most other distros out there.

Preventing Brute Force Attacks With Fail2ban On Debian Etch

Preventing Brute Force Attacks With Fail2ban On Debian Etch

In this article I will show how to install and configure fail2ban on a Debian Etch system. Fail2ban is a tool that observes login attempts to various services, e.g. SSH, FTP, SMTP, Apache, etc., and if it finds failed login attempts again and again from the same IP address or host, fail2ban stops further login attempts from that IP address/host by blocking it with an iptables firewall rule.

Perfect Setup Of Snort + Base + PostgreSQL On Ubuntu 6.06 LTS

Perfect Setup Of Snort + Base + PostgreSQL On Ubuntu 6.06 LTS

This tutorial describes how you can install and configure the Snort IDS (intrusion detection system) and BASE (Basic Analysis and Security Engine) on an Ubuntu 6.06 (Dapper Drake) system. With the help of Snort and BASE, you can monitor your system - with BASE you can perform analysis of intrusions that Snort has detected on your network. Snort will use a PostgreSQL database to store/log the data it gathers.

How to secure WebDAV with SSL and Two-Factor Authentication

How to secure WebDAV with SSL and Two-Factor Authentication

This how-to documents how to configure a WebDAV resource using SSL and  two-factor authentication and how to access that resource from Windows, Linux and Mac.

How to encrypt a diskdrive in (X)Ubuntu Feisty with dm-crypt and LUKS

How to encrypt a diskdrive in (X)Ubuntu Feisty with dm-crypt and LUKS

Today security is one of the key aspects in our daily life - sometimes conscious, sometimes unconscious. Security has many aspects and one of them is computer security or security of your or your business' computer data. In this tutorial I will show how to encrypt a whole disk drive using (X)Ubuntu Feisty, dm-crypt, and LUKS.

first page
previous page
...
28
next page
last page
XML feed
"Facebook" is a registered trademark of Facebook, Inc. All rights reserved.