For quite some time I’ve been making use of a dd-wrt modified linksys box on my home network as an openvpn endpoint so that when I’m out and about in the world, I connect the vpn, switch firefox to route through a squid proxy server on the home network and I’ve got a nice fairly secure web browsing setup. But, as they say there’s more than one way to skin a cat. And, that’s what I’ve played around with the last couple days. First off, I guess I should describe the concept. 1) Let’s say that you’re browsing the web at an open wireless access point and you don’t trust the network or 2) let’s say you need to be able to access an intranet web server that is not accessible from the internet side of a network or scenario 3) let’s say a web site is blocking access based on ip address (for instance say you’re behind the great firewall of xyz business/company)…. how can you still manage to access the web pages you want to 3,2) at all or 1) securely with as little snooping as possible.
Tag: ssh
-
Handy DNS tools online
There are some tools that I make use of almost daily. Either because something strikes my curiousity or because of necessity to find out a bit more about a computer issue. DNS lookup tools fall into the category of “must have” for the kind of stuff I wind up doing. Whether it’s a whois lookup to see who is a contact for a given domain, looking to see when a domain expires or just looking up reverse dns information to find out where the machine is located that’s been trying to enter the ssh server. Of course, spam blacklist lookups are handy too. I’m adding a few links to the sidebar for some of the more useful of these…
-
Encrypting wireless traffic
Incidents.org has been running their security tip a day this month and I really liked this one. It’s essentially a way to encrypt your wireless traffic using ssh. That’s something I’ve covered here before, but it’s worth reminding that it’s possible and a good idea.
-
Wget user agent avoidance
I use wget a LOT. Many times in working with a website I’ve got a ssh console opened to the site and if there’s a plugin that I’d like to download it doesn’t make sense to download and then upload, I want to just download it directly from xyz.com webserver to the website where it will be installed. However, many times people have set up rules to block wget downloads. Yes, I know people use wget to suck down entire websites, it uses up bandwidth, etc. etc. Well. Wget is capable of sending a different user-agent.
-
Banks and Web security
George Ou has a good post on Banks cheating their way to meet web security guidelines. Many of the observations that he notes come from the Between the Lines column here and are SPOT ON. The biggest I see is related to “multifactor authentication”….
-
WordPress 2.0.4 Update
It has been a few days now, but I noticed that WordPress 2.0.4 has now been released and is highly recommended due to the fixing of a few security issues. They also list a number of bugfixes as well. So, if you’re running a site based on wordpress it’s time to update. It’s really a fairly painless process. I do recall upgrading ONE site to 2.0.3 and it was quite painFUL…. things went quite wrong and I had to restore the database from a backup. BUT… I’ve now upgraded 5 or so installs to 2.0.4 without a hitch. (One was a 2.0.3 install and the others were (I believe) 2.0.2).
-
IPtables magic, or… Blocking Aggressive Outbound Traffic with IPtables
Blocking Aggressive Outbound Traffic with IPtables.
For starters, I’ve tested this on a test system that started out with NO iptables rules, and then moved on to an IPCop install (the vmware download from vmwarez.com…)
I’ve detailed previously one dilemma that I had with regard to my own cable connection which made me question how one could SAFELY host a wireless access point (in the clear) for guest web browsing, without allowing a wireless user to port scan the outside world/aggressively spread viruses/etc. Traditional firewall setups are typically oriented towards protecting the internal network. This post is an attempt to give an explanation of how to implement the idea put forth in this post.
-
Firewall musings…
Yesterday I had a bit of a realization. I had just been looking at a wireless router/firewall setup and was thinking about the firewalling rules (which seemed to be geared at the WIRELESS lan… i.e. blocking that activity on the Wireless segment.) You know, traditionally firewalls have had the attitude of defending the internal network from the outside. Of course, these days firewalls sometimes protect the internal network from a WLAN (Wireless segment as well.) But, I put a few events together and started looking for a new feature in a firewall.
-
Debian development server compromise
Sans also brings this story about the Debian development server being compromised. Investigation is ongoing. The machine was gluck.debian.org and hosted CVS among other things (ddtp, lintian, people, popcon, planet, ports, release). It has been taken offline currently for a reinstall, other systems have been locked down until they can patch the vulnerability that they suspect was exploited. More details will be announced.
-
Rsync for easy (and quick) backups
I’ve got to say, I haven’t spent ENOUGH time with rsync to really be fluent in how I could put it to use…. A week or so ago I was reading this list of essential Linux software by a guy that moved from Mac OS X to linux because he detested the DRM that was being shoved down his throat. Anyway, one of his essentials was rsync for backups. Which got me thinking. Why didn’t I use rsync for backups. At one point in time I used unison, but for some reason had stopped and was in need of reorganizing my home backup strategy anyway. I found a few interesting approaches.