Upgrade Red Hat / CentOS 5 Password Hashing | By default, Red Hat / CentOS 5 uses the largely less desirable md5 algorithm for local account password hashing. Bah! Debian / Ubuntu : you are already using SHA-512 – yay! Be sure to mock your fellow Red Hat friends on this topic. (Note: the new Red Hat / CentOS 6 is now SHA-512 by
Disable Debian Banner Suffix on SSH Server
Disable Debian Banner Suffix on SSH Server | While ssh requires broadcasting the exact version number for the protocol of the openssh spec, you can opt to disable broadcasting of the ‘Debian’ suffix that is added by default. By default your server provides something like this to the world: OpenSSH 5.2p1 Debian 7ubuntu3.5 (protocol 2.0) I’ll show you how to change that and
Prevent Postfix Brute Force
Prevent Postfix Brute Force | An often used attack vector is brute forcing MTA logins. While most admins watch ssh auth logs like a hawk, email auth/login logs are most often not closely watched for this sort of thing if at all. I’ll show you one way to easily prevent a Postfix brute force attack! This how-to focuses on fail2ban
Enable FileVault in OS X
Enable FileVault in OS X | Mac OS X since 10.3 has had a feature called FileVault. FileVault as of Mac OS X 10.5 uses 256 bit AES to encrypt your home directory. This is particularly good if you use a laptop. If your laptop is stolen, the hard drive home directory contents are basically gibberish to someone if they attempt
Privacy Inspector – Android
Privacy Inspector – Android | There is a great free Android app called Privacy Inspector which scans your apps to find out what they are doing with your phone’s information. Most of this sort of info is collected and sold to advertisers. In this example, I’ll scan the Engadget app to see what information it is snooping from my phone.
Hardending Red Hat Linux, OS X, and Windows
Hardending Red Hat Linux, OS X, and Windows | The security folks at the NSA have online guides on how to secure Linux, OS X, and Windows operating systems. These are definitely worth a read of all articles even if an OS in question is not your main cup of tea. Here is the link: http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml Page has been taken down This direct link
Check Your Plugins
Check Your Plugins | Mozilla has an excellent url that checks for out-of-date browser plugins. Check it out: mozilla.com/plugincheck Sweet!
Set Password Expiration for Linux Accounts
Set Password Expiration for Linux Accounts | For security, it is good to enforce password expiration. Here’s how you do it in Linux. Edit the file /etc/login.defs: sudo nano /etc/login.defs Here you can specify options for password expiration: PASS_MAX_DAYS 90 PASS_MIN_DAYS 7 PASS_MIN_LEN 14 PASS_WARN_AGE 7 Max Days: maximum life of a password Min Days: prevent a second change again for X
SSH Password Login From Specific IP Ranges
SSH Password Login From Specific IP Ranges | Want to require ssh keys from remote sources, but then allow ssh passwords from your local home network? It is easy to make this specific configuration or alter as desired for your server. I’ll show you how! 1. Edit the sshd_config file sudo nano /etc/ssh/sshd_config In this file, edit the existing line PasswordAuthentication to ‘no’
Securing phpMyAdmin
Securing phpMyAdmin | phpMyAdmin is a great tool but it is also a large target by hackers. Take these initial steps to secure your phpMyAdmin install in Ubuntu Linux. 1. First we will setup an Apache login and password in order to load the phpmyadmin page. This command creates an apache authenticated user (Example here creates a username
