Introduction SELinux is a mandatory access control (MAC) system available in Linux kernels as of version 2.6. Of the Linux Security Modules available, it is the most comprehensive and well tested, and is founded on 20 years of MAC research. SELinux combines a type-enforcement server with either multi-level security or an optional multi-category policy, and [...]
I recently decided to give the new 8.0 release of FreeBSD a go and was fairly impressed. I did use BSD along time ago on a home server for a few months but pretty much forgot everything about it from back then. This time my implementation is for a router/firewall solution. However, today we’ll only [...]
If you need or want PGP (Pretty Good Privacy) try the commercial PGP software at : http://www.pgp.com/ or the (free) GNU implementation of the OpenPGP standard at http://www.gnupg.org/. Strong encryption software such as PGP Was (possibly still is) regarded as a sensitive “munition” or some such rubbish, and export is not allowed – as if [...]
NOTE: Original research conducted in November 2002. Findings updateded in May 2010 with (slightly) new data collected eariler in the year. Even though the key ideas behind DNSSEC have been intro-duced quite some time ago DNSSEC has not yet seen large scale deployment. This is in large part due to the anticipated overhead of DNSSEC. While [...]
The openssl application that ships with the OpenSSL libraries can perform a wide range of crypto operations. This HOWTO provides some cookbook-style recipes for using it. Table of Contents Introduction How do I find out what OpenSSL version I’m running? How do I get a list of the available commands? How do I get a [...]
Goals and nature of DNSSEC Quoting from RFC 4033: The Domain Name System Security Extensions (DNSSEC) add data origin authentication and data integrity to the Domain Name System. The really interesting bit is that DNSSEC strives to do so using the current nearly unmodified DNS protocol, including caching, wildcards, forwarders etc. This is a massive [...]
What Is DNS? DNS represents the abbreviation for a Domain Name Server which is used to interpret domain names such as www.yourdomain.com into an Internet Protocol (IP) address. The Internet Protocol address consists of numbers such as 107.60.132.4 that give the domain a unique identification. An IP address is one-of-a-kind and unique so it can [...]
Many of us use the excellent OpenSSH (see Resources later in this course) as a secure, encrypted replacement for the venerable telnet and rsh commands. One of OpenSSH’s more intriguing features is its ability to authenticate users using the RSA and DSA authentication protocols, which are based on a pair of complementary numerical keys. As [...]
Basic concept of port knocking In computer networking, port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of prespecified closed ports. Once a correct sequence of connection attempts is received, the firewall rules are dynamically modified to allow the host which sent the connection [...]
Everybody has a mentor. I’m no exception. When I first started working as a Technology Engineer, my mentor told me: Optimist: The glass is half full. Pessimist: The glass is half empty. Engineer: The glass is twice the size it needs to be. I’ve told that line at parties many times and have always gotten [...]