Archivo de la categoría: Security

Fixing Chrome 58+ [missing_subjectAltName] with openssl when using self signed certificates ca root ssl

Since version 58, Chrome requires SSL certificates to use SAN (Subject Alternative Name) instead of the popular Common Name (CN), thus CN support has been removed. If you’re using self signed certificates (but not only!) having only CN defined, you get an error like this when calling a website using the self signed certificate: Here’s how… Leer más »

Guide to Deploying Diffie-Hellman for TLS ( Weak Diffie-Hellman and the Logjam Attack )

Guide to Deploying Diffie-Hellman for TLS Our study finds that the current real-world deployment of Diffie-Hellman is less secure than previously believed. This page explains how to properly deploy Diffie-Hellman on your server. We have three recommendations for correctly deploying Diffie-Hellman for TLS: Disable Export Cipher Suites. Even though modern browsers no longer support export… Leer más »

Setting up a SSL Cert from Comodo

Setting up a SSL Cert from Comodo   These are the steps I went through to set up an SSL cert. Purchase the cert Prior to purchasing a cert, you need to generate a private key, and a CSR file (Certificate Signing Request). You’ll be asked for the content of the CSR file when ordering… Leer más »

fail2ban security How To Protect SSH With Fail2Ban on CentOS 7

Introduction While connecting to your server through SSH can be very secure, the SSH daemon itself is a service that must be exposed to the Internet to function properly. This comes with some inherent risk and offers a vector of attack for would-be assailants. Any service that is exposed to the network is a potential… Leer más »

SSL on all websites free for 90 days

https://letsencrypt.org/ https://www.sslforfree.com/   How It Works Let’s Encrypt is the first free and open CAWe generate certificates using their ACME server by using domain validation. Private Keys are generated in your browser and never transmitted.For modern browsers we generate a private key in your browser using the Web Cryptography API and the private key is… Leer más »

nmap postfix

http://blog.datencamp.org/2012/08/howto-trick-nmaps-service-detection/

sshuttle: A Poor man’s VPN Over SSH

Do you ever wanted to use SSH as a VPN? There is little piece of useful utility called “sshuttle” is available to completely turn your SSH connection as VPN. sshuttle is a transparent proxy server that works as a poor man’s VPN over ssh. You don’t need any admin account on your remote system. It… Leer más »