Security

Want to support HowtoForge? Become a subscriber!
 

Secure OpenVPN with two-factor authentication from WiKID on Centos 7

Secure OpenVPN with two-factor authentication from WiKID.

In a previous tutorial, we showed how to configure PAM-RADIUS to support two-factor authentication. Now, and in future tutorials, we will add remote access services to this server that will also use WiKID for two-factor authentication. In this tutorial, we will demonstrate how to leverage that setup to add two-factor authentication through radius to OpenVPN on Centos 7.

How To Recover Data From An Encrypted Harddisk On Boot Failure With Ubuntu 14.04

How to recover data from an encrypted harddisk on boot failure with Ubuntu 14.04

This document describes how to recover an encrypted harddisk in a failed boot device for Ubuntu 14.04 Server. This method will work for Ubuntu Desktop also. This is a very havoc situation when the distro fails to boot and we have our important data inside the distro. If the harddisk is not encrypted then we can easily retrieve our data with the help of live-cds or live-USB boot devices, but if the harddisk was encrypted then situation becomes little hectic. I will cover the topic for encrypted harddisk data retrieval from Ubuntu distros.

How To Protect Your Web Server With Sophos UTM

How To Protect Your Web Server With Sophos UTM

In this Howto I will show, how you can setup a webserver to be protected in the demilitarized zone of an enterprise grade firewall. I will use the Sophos UTM Gateway which is available as a software appliance to be installed on "any" hardware and is free for home and personal use.

Manage Yubikeys for LUKS encryption with privacyIDEA

Manage Yubikeys for LUKS encryption with privacyIDEA

So today we will show, how you can manage many yubikeys for many notebooks using privacyIDEA. privacyIDEA is an authentication system for two factor authentication - usually with OTP devices. In a recent version privacyIDEA started to not only answer authentication request, but it was also enhanced to be able to define client machines and add information, which authentication device could be used for an application on a client machine.

Hybrid RAID 1 (Mirror) of RAM drive & SATA HDD Using LVM with LUKS [and systemd unit file] on Fedora Linux

Hybrid RAID 1 (Mirror) of RAM drive & SATA HDD Using LVM with LUKS [and systemd unit file] on Fedora Linux

The IT industry has a continual balance between security and usability. Within this balance, performance usually affects usability. In the realm of protecting "Data at Rest" (i.e. encryption) one may find three factors affecting performance, and therefore usabilty: The harddrive, CPU and RAM. Of these, the harddrive will always prove to be a bottleneck (yes, even with an SDD).

Free Software has a rather elegant solution for protecting Data at Rest, called Linux Unified Key Setup (LUKS). In the spirit of "Freedom 0: The freedom to run the program for any purpose." please enjoy my contribution to our collective knowledgebase of a solution to the fascinating problem of "how can we speed up encyption"?

How to configure pam-radius for WiKID Two-factor Authentication on Centos 7

Securing SSH On Centos 7 With WiKID Two-Factor Authentication

SSH offers a highly secure channel for remote administration of servers. However, if you face an audit for regulatory or business requirements, such as Visa/Mastercard PCI, you need to be aware of some potential authentication related short-comings that may cause headaches in an audit.

Two factor authentication with Yubikey for harddisk encryption with LUKS

Two factor authentication with Yubikey for harddisk encryption with LUKS

The yubikey is a cool device that is around for a while and several of us know it and love it. It is a device that is recognizes as a USB HID device and can emit one time passwords on a button press.

Quite for a while the yubikey supports a challenge response mode, where the computer can send a challenge to the yubikey and the yubikey will answer with a response, that is calculated using HMAC-SHA1.

How to add two-factor authentication from WiKID to X2Go remote desktop on Ubuntu

Securing X2Go On Ubuntu Precise With WiKID Two-Factor Authentication

In this document we are going to demonstrate how to implement two-factor authentication from WiKID for remote desktop on an Ubuntu 12.04 server using X2Go.

Manage two factor authentication in your serverfarm with privacyIDEA easily

Manage two factor authentication in your serverfarm with privacyIDEA easily

In this howto I will show, how you can use a privacyIDEA installation to add two factor authentication for many of your servers in your serverfarm.

privacyIDEA is a modular solution for two factor authentication especially with OTP tokens. Due to the modular structure it can be quickly and easily adapted and enhanced. E.g. adding new token types is as simple as writing a new lean python module. You do not need to modify your network for privacyIDEA, it does not write to existing databases or user stores. It only needs read access to your user stores like LDAP, Active Directory, SQL, SCIM-service or flat files. privacyIDEA supports all usual push-button-tokens, OTP cards and smartphone apps.

How To Get LTS updates for Debian 6 (Squeeze)

How To Get LTS updates for Debian 6 (Squeeze)

Debian Squeeze (6.0) is the so named "Old Stable" branch of Debian, the official support for this version ended in april 2014. Squeze is still used on many servers, so a group of Debian developers decided to provide security patches for a longer timespan for this release. These so called LTS updates (LTS = Long Term Support) are not available on the normal Debian update repository and not every user might be aware that he wont get these updates automatically. The following short guide explains how to enable the LTS repository and install the updates.

1
...
next page
last page