I attended the Ruxcon 2015 computer security conference this year in Melbourne Australia for my 6th consecutive year and thought I’d post an overview of the event. I’ll cover the awesome presentations that I saw as well as the capture the flag hacking game where I spent most of my time.
By default Apache will serve content out to anyone that requests it which essentially makes it public. We can add some additional simple configuration to create a private directory that can only be accessed based on source IP address, or with a username and password combination, or even based on user group membership.
With NFS we can export specific directories within a file system over the network to other clients allowing us to share various files over the network. It is important to configure this properly and secure it as much as possible so that only the required clients have access to the NFS share, otherwise it may be possible for anyone to mount it and access the data.
To do this we are going to use the /etc/exports file on the NFS server and lock down shares to only be accessible by specific IP addresses.
Read more »
It is important to secure a Linux system as much as possible in order to reduce the likelihood of compromise.
Here are 23 security tips to guide you through hardening your Linux operating system.
Read more »
Most of us would be familiar with the simple ICMP based ‘ping’ command which allows us to test for a basic response from some network connected device. While great for basic troubleshooting it does not allow us to confirm if the particular host at the other end is responding on TCP or UDP ports where the majority of services are likely to be provided.
Ping isn’t the be all and end all of network troubleshooting, if a firewall blocks inbound ICMP traffic then a ping will not succeed which can produce a false perception that the host is down as it is not responding to the ping, however other services could still be responding fine.
Alternatively while ping may come back fine with a response it doesn’t indicate if a web server is responding on port 80 for HTTP requests, the web server may have failed and no longer be responding.
So if ping is ICMP based, can we hit a TCP or UDP port for response instead? The answer is yes, let’s take a look.
Lately I’ve been working a lot with OSSEC, which is an open source host-based intrusion detection system (HIDS). This has primarily involved installing Linux or Windows based agents onto servers and configuring them to point to the OSSEC server, a process which is straight forward and fairly well documented. Unfortunately you aren’t going to be able to run an agent on some devices, such as those provided by Cisco or Juniper, so we instead have to look towards agentless or syslog monitoring.
In this post I outline how you can set up and use the CloudNS DNS resolver on a Windows computer. CloudNS is a free security focused service currently providing two servers in Australia for DNS resolution. CloudNS only allows connections with DNSCrypt which ensures messages are safely and securely sent to the resolver and not tampered with, DNSSEC is also supported. The resolvers also support Namecoin resolution which is an alternative decentralized DNS system, allowing you to start accessing .bit domains. CloudNS also does not log any of the queries or connections taking place, keeping things anonymous.
Lately I’ve been working on setting up a file server on an Amazon ec2 instance with ProFTPD so that I can upload files using FTPS/SFTP. I had some issues getting FTPS to work correctly despite using a Rapid SSL certificate from GeoTrust that I purchased. I attempted first with FileZilla, and then with WinSCP but both gave me the below error and had problems verifying my SSL certificate.
Unable to get local issuer certificate. The error occurred at a depth of 2 in the certificate chain.
I attended the Ruxcon 2012 computer security conference this year and thought I’d post an overview of the event. I’ll cover the awesome presentations that I saw as well as the capture the flag hacking game. I have now attended Ruxcon for the past 3 years and can definitely say that it only keeps getting better, this year was by far the best thus far and I can’t wait to go again in 2013. If you are at all interested in security and are in Australia I highly recommend going.