If you don’t know what a firewall is, let’s start there… A firewall is basically a digital “wall” that sits on the edge of your network or device. When someone makes a connection over a network or the internet to your server, they connect by the IP address + a Port. Firewalls, on a very […]

This was going to be a long article but I decided to cut it short. Use case: You have a Remote Server – You need to securely access some sensitive service or another (let’s say a MySQL connection) and don’t want to open the port to up to the internet. What’s a person to do?

If you aren’t familiar with Owncloud, it is a very cool open-source software package that runs on Linux Apache (or Nginx) that provides “dropbox like” functionality that you can host yourself. This is a big deal for the tech-savvy average-Joe that is worried about keeping private data private (i.e. he doesn’t want all of his […]

If you haven’t use Filezilla Server before it is a pretty decent and easy to manage FTP/FTPS solution. While I don’t care for the Filezilla client (for several reasons, one of them being that it stores saved passwords in plaintext on your machine), the server software is okay… it runs nicely on Windows Server 2012 […]

I will try to keep this short and to the point. If you work in a Windows/Linux mixed environment, you may come across a scenario where you need to move SSL certificates and private keys from a Windows server using IIS to Linux running Apache or similar. Windows and Linux tend to use two different […]

If you are in a decently secure network your Active Directory domain controllers are “silo’d” off from all of your workstations and member servers. This is good, however, if your internal firewalls aren’t configured properly it can cause all kinds of headache for day-to-day domain operations. Update: You might also want to checkout this article […]

I have been doing a bit of cleaning house lately and have no less than 7 old hard drives sitting in my office. So I had a few questions to answer. First… are they usable? Second, if they aren’t, how can I securely dispose of them?

I have been using powershell to automate Internet Explorer interactions with a web application with a login page in our internal environment at work. I ran into an issue with my script because the page I was trying to access was secured with SSL and we were using a self-signed certificate. This causes Internet Explorer […]

In this article, let us review how to generate private key file (server.key), certificate signing request file (server.csr) and webserver certificate file (server.crt) that can be used on Apache server with mod_ssl. Source: How To Generate SSL Key, CSR and Self Signed Certificate For Apache   The above linked article is an excellent overview that […]

“Enterprise Log Search and Archive” (AKA ELSA) is an open-source project started by an individual who needed the ability to not just collect logs from a bunch of devices but to also quickly search and parse them. And by a “bunch” I mean on the scale of millions and millions of logs. A lot of […]

Recently I had to produce some very high-level, general documentation for platform hardening. Boy, there isn’t much out there in terms of content when you start researching this topic out. Yes, there are lots of specific hardening docs for specific platforms but if you are like me and need to write generic “policies” or guidelines […]

Read about it more in detail here on Redhat’s site. This vulnerability affects all applications using certain versions of OpenSSL, so this is a cross-platform issue. This isn’t nearly as atrocious as Heartbleed was as there isn’t a chance of leaking your private keys. However, if you use Qualsys labs excellent SSL web scanner to […]

In a post Heartbleed world, implementation of SSL is being scrutinized like never before (at least in my short years of experience in information security). Even though Microsoft/IIS implementations were hardly, if at all, affected by Heartbleed, they do often suffer from other common SSL vulnerabilities. This is particularly true of Microsoft Server 2003 R2 […]

Currently I am looking into a couple of different cloud platforms for new infrastructure projects. Microsoft Azure is creeping up rather highly on the list. A few years ago the concepts of “security” and “cloud hosting” were diametrically opposed in many people’s minds. Security is an ironic field of IT in that technology, vulnerabilities and […]

Free penetration testing tools abound. Free, easy-to-use penetration testing tools… not as much. Free, easy-to-use, web-hosted penetration testing tools, rarer still. I came across an excellent, web-hosted NMAP port scanning tool and I wanted to make sure I linked it here in case I needed it again in the future. Without further ado… https://pentest-tools.com/discovery-probing/tcp-port-scanner-online-nmap I […]