This article notes the AWS EC2 Security Group that should be associated with an EC2 to permit a roaming VPN client to connect to an IPSec/L2TP hosted on a server within AWS. * TIP: The AH and ESP are entered in as just numbers, not the “AH” and “ESP”.
Read more
This article is a quick note on how to improve OpenSSH server security on Redhat Enterprise Linux and CentOS 6 and 7. This is not about Passwords-v-Keys (use keys, not passwords) but rather hashes, encryption and key exchanges. The “/etc/ssh/sshd_config” file should have the following added to it to ensure
Read more
High-end firewall appliances such as those from Watchguard offer the facility to automatically block remote systems based on their behavior such as port scanning. An intruder will often start their intrusion with some reconnaissance which includes scanning the remote system for open ports to learn what services are available. pfSense
Read more
This article explains how to install OpenVAS on CentOS 7. My earlier attempts to document the installation process of OpenVAS on CentOS 6 failed. OpenVAS is an alternative to (and a fork of) the very popular Nessus. It’s a very capable vulnerability scanner. I hope to write other articles on
Read more
This article demonstrates how to find viruses on your Linux workstation or server, move the virus to a special directory and notify you if a virus was found. In addition, (as an example only) we don’t want to scan the “/var/lib/mysql” directory because that’s where our databases are so we’ll
Read more
This article demonstrates how to restrict SSH access to only specified users and/or groups. You can do the reverse by allowing all but a few users to SSH into the server but we’ll focus on allowing only those we specify. Open the file “/etc/ssh/sshd_config” and look for (or create if
Read more
Like happens so often, the notes and comments you found in forums don’t quiet work how you expected. In this article i demonstrate how to enable CORS on NginX and show you how to test it. You’ll see a working example. There are reasons you can’t do this without modifications
Read more
Just like with VMWare or Hyper-V, Amazon’s AWS supports snapshots and they make it easy to create them and restore from them. But in true AWS style, they don’t make it obvious how it works. I’m hoping to change that in this article. I’ve used the word “snapshot” but strictly
Read more
The Australian government is continuing its push for the public to start using the centralized health record system. The idea being that i could move from one doctor to another with ease – essentially my records follow me. The Health Minister Greg Hunt is under pressure to convince the public
Read more
Scenario: You’re at home and want to log into the office Intranet to finish up some work. But wait, the Intranet is on your corporate network and you’re at home. Sure you can use your corporate VPN – if you have one and can remember the credentials. If not, consider
Read more