Pages tagged with 'Security'

Educating internet explorer users

2022-04-15
2 minutes

Internet Explorer was, in its prime, the most popular internet browser in the world. Originally released alongside Windows 95, its headline feature seemed to be that it was maintained by Microsoft and was automatically installed. It wasn’t until Internet Explorer 2.0 in November 1995 that feature we’re used to, like

Storing Ansible Vault password in Bitwarden

2021-12-20
4 minutes

I’ve used Ansible for a number of years for the provisioning of both my servers and desktops. It’s versatile, it’s simple, it’s powerful, and has a number of great features. Personally, I make all of my “playbooks” public for all for all to see, but provisioning still requires some secrets.

Securing public servers

2021-02-11
9 minutes

At some point, servers need to be put on the public internet. Whether that be a VPS in the cloud, or your new homelab. Once a server is on the internet, it’s subject to anything and everything the internet has to offer, from botnets to hackers and script kiddies. It’s

Unsafe routes with Nebula

2021-02-02
2 minutes

Nebula is a great mesh network I recently deployed into my stack. For connecting nodes spread between networks, it’s great, much better than my previous WireGuard installation. An additional feature of nebula is unsafe_routes. Unsafe routes allow nodes which don’t have Nebula installed to be accessible to other Nebula nodes.

Nebula mesh network - an introduction

2021-01-08
8 minutes

WireGuard has been the “hot new thing” when it comes to VPNs, but it’s not always the best suited for every workload. Nebula is a mesh network originally created by Slack, but now owned by a separate company.TechSNAP 419 - Nebulous NetworkingLinux Unplugged 329 - Flat Network TruthersWhat’s a mesh

Wiping Hard Drives

2020-11-21
2 minutes

People say there’s no 100% reliable way to wipe a storage drive, and they’re right. By the nature of how mechanical drives work, there’s no real way to say for sure whether the data is ever really gone. With drives, the only way to be sure the content is gone

LAN-only applications with TLS

2020-10-19
3 minutes

The internet is a wild place, filled with well, everything. There are many ways of exposing an application to the internet, but no matter how secure an application claims to be, or how confident you are with your infrastructure, sometimes you may just be more comfortable keeping it internal. Historically,

Container processes shouldn't run as root!

Docker containers, and containers as a whole, are really just a regular program wrapped in some extra protections provided by the kernel (namely cgroups etc) to create isolation, and other interesting features. Unlike VMs, containers run closer to the host operating system, so close they use the same kernel, meaning

How to store passwords

2020-05-28
5 minutes

Storing passwords is a pretty simple problem in software development, right? Wrong! Storing passwords correctly is pretty complicated. With that said, it’s very simple to just lean on work someone else has done, and the libraries available for your language of choice. In reality, you should never do it yourself.

Exposing your Homelab

2020-04-29
5 minutes

In the current lockdown situation, a lot of people are starting to eye up that old desktop machine, or Raspberry Pi they bought for a project and just left on a shelf, and thinking of putting it to use, as a server! Naturally, once you’ve got something set up in

WireGuard HAProxy Gateway

2020-03-21
3 minutes

Last year, I wrote a post on setting up a gateway to a private network, powered by OpenVPN-AS. I ran this network setup for quite a while with a lot of success, exposing services on my home network to the public internet, securely. Unfortunately, there were a couple issues with

Why WireGuard

2020-03-06
2 minutes

What is WireGuard? The website defines it as “… extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.”. Which basically means it’s a VPN, but sane. The point of a VPN is to allow two machines to talk to eachother, no matter how the network inbetween is set

nologin vs false

2020-03-05

When disabling a user account on a Linux box, it is good practice to also change the shell to something which, well, isn’t a shell. The point of these shells is rather than presenting the user with a prompt to execute further commands, it returns a failure code, and log

CVE-2019-19844

2019-12-18
6 minutes

Yesterday, an email was sent to django-announce, informing of an upcoming security update, labelled “high” severity. Previous notifications like this have been one week before the actual disclosure; This email, just 12 hours. The updates were scheduled to be released 12:00 UTC the next day (today). Already, not the best

Getting started with WireGuard

2019-09-15
2 minutes

WireGuard is taking the VPN world by storm, coming very close to the current champion OpenVPN in simple, small-scale deployments. It’s just unfortunate few people know about it, and quite how incredible it is!What is WireGuard?WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It

Creating a fast, secure WordPress site

2018-10-08
3 minutes

In terms of security, WordPress, and PHP in general for that matter, have become a bit of a joke. If you want a site to be secure, people tend to steer clear of WordPress and PHP. That being said, nothing stands even close to WordPress in plugin support, community size,

VPN Gateway - Opening ports the safe way

2018-06-21
3 minutes

VPNs are a way of accessing application which sit on a separate network using an encrypted tunnel. Contrary to popular belief, they are not designed to anonymize your internet habits. Whilst VPNs are designed to enable a client to access the servers network, it’s possible to use them to provide

KeePassXC 2.3 Migration Guide

2018-03-03
3 minutes

I’ve been using KeePassXC since not long after it’s initial split from KeePassX in late 2016. I’ve bounced around many password managers, but KeePassXC looked to fill all the boxes:It’s actively maintained, unfortunately unlike KeePassXIt’s open source, and easy to contribute to, as I haveIt’s got all the features I

Opening Port 22

2018-01-23

My university has a development sever, which it uses to host our coursework without the need to set up a development environment locally. It also enables lecturers to mark our work in a controlled environment, without needing to spin up an environment, and run untrusted code on their machines, a

Cyber Security Month 2016

2016-10-01

As it is Cyber Security Month, now is the perfect time to work on improving the security on my websites, projects, and servers. But, upgrading them for now isn’t good enough for me, I wanted to add a way of scanning projects automatically, to check for any new issues. As