Whether you want to access the Internet safely and securely while connected on an untrusty public Wi-Fi network, bypass Geo-restricted content or allow your coworkers to connect securely to your company network when working remotely, using a VPN is the best solution.

A VPN allows you to connect to remote VPN servers, making your connection encrypted and secure and surf the web anonymously by keeping your traffic data private.

There are many commercial VPN providers you can choose from, but you can never be truly sure that the provider is not logging your activity. The safest option is to set up your own VPN server.

This tutorial will explain how to install and configure OpenVPN on Debian 9. We will also show you how to generate clients certificates and create configuration files

OpenVPN is a fully featured, open-source Secure Socket Layer (SSL) VPN solution. It implements OSI layer 2 or 3 secure network extension using the SSL/TLS protocol. weiterlesen

Als offene DNS-Resolver werden DNS-Server bezeichnet, welche rekursive Anfragen für beliebige Domainnamen aus dem Internet zulassen und beantworten.

Problem

Offene DNS-Resolver können für DDoS-Reflection-Angriffe gegen IT-Systeme Dritter missbraucht werden.

Prüfung

Dieser Abschnitt beschreibt, wie Sie Ihr System auf einen offenen Dienst prüfen können. Es existieren üblicherweise mehrere Wege, dies zu testen. Das hier beschriebene Verfahren ist eines davon. Für alle hier beschriebenen Testverfahren werden Programme verwendet, die in gängigen Linux/Unix-Distributionen enthalten sind. Um zu überprüfen, ob ein Dienst offen aus dem Internet erreichbar ist, sollte die Prüfung nicht auf dem System selbst oder im lokalen Netzwerk erfolgen, sondern von einem anderen System im Internet, zum Beispiel an einem Kabel/DSL-Internetzugang. In allen Beispielen muss 192.168.45.67 durch die IP-Adresse des Systems ersetzt werden, welches geprüft werden soll. weiterlesen

How can you make sure all your system binaries and configuration files have not been compromised by an intruder? You can of course run rkhunter[1] or AIDE[2] on a regular base or via cron, but this is only going to show you, that a MD5 checksum has been changed.

Using git as an intrusion detection system is actually more useful than you might think. You can, for example also see what configuration has been changed or overwritten by an automated repository update or you can roll back to a previous working version of a specific apache vhost. If multiple system engineers work on the same machine, you will be able to evaluate what they have done and even make sure it was actually them.

Throughout this post series I will show you the power of git, sudo and gpg to create several layers of defence as well as a completely automated and comprehensible system documentation.

weiterlesen

Learn how to eliminate SSH keys and use a GNU Privacy Guard (GPG) subkey instead.

 

Many of us are familiar with Secure Shell (SSH), which allows us to connect to other systems using a key instead of a password. This guide will explain how to eliminate SSH keys and use a GNU Privacy Guard (GPG) subkey instead.

Using GPG does not make your SSH connections more secure. SSH is a secure protocol, and SSH keys are secure. Instead, it makes certain forms of key distribution and backup management easier. It also will not change your workflow for using SSH. All commands will continue to work as you expect, except that you will no longer have SSH private keys and you will unlock your GPG key instead.

By having SSH authenticated by your GPG key, you will reduce the number of key files you need to secure and back up. This means that your key management hygiene still has to be good, which means choosing good passphrases and using appropriate key preservation strategies. Remember, you shouldn’t back your private key up to the cloud!

Additionally, today SSH keys are distributed by hand and oftentimes directly. If you want to grant me access to a machine, you have to ask me for my SSH key. You may get lucky and find one posted on my website. However, you still have to decide if you trust my website. If I use a GPG key for SSH, you can select a known, good key for me using the GPG web of trust from a public keyserver. This is what The Monkeysphere Project is working on. Otherwise, nothing you do here affects the web of trust used for GPG encryption and signing.

weiterlesen

Introduction OpenVPN is a full-featured SSL VPN (virtual private network). It implements OSI layer 2 or 3 secure network extension using the SSL/TLS protocol. It is an open source software and distributed under the GNU GPL. A VPN allows you to connect securely to an insecure public network such as wifi network at the airport or hotel. VPN is also required to access your corporate or enterprise or home server resources. You can bypass the geo-blocked site and increase your privacy or safety online. This tutorial provides step-by-step instructions for configuring an OpenVPN server on Debian Linux 10 server.

weiterlesen