Tag Archives: security

I create a super simple set of tools to secure your Ubuntu server

And you can get it here: blm849/supersimplehardening: A super simple way to harden your server.

I create a lot of Ubuntu test servers, and I find that as soon as I create a Ubuntu server on a cloud environment, it gets immediately attacked by automated software. This is obviously a concern. A bigger concern is that when I went  searching for recommendations on how to harden such a server, I found  a wide variety of recommendations! It can be hard to know what to do. Still, I needed something. As a result, I created this package of scripts. The scripts do a number of things:

  • prevent direct root login to your server via ssh. This was one of the things I saw consistently happen and once someone cracks the root access on your machine, it’s game over.
  • stop some basic security holes, like IP spoofing
  • download some useful software, like logwatch, ufw and others
  • upgrade all software on the server

This is just a very very limited number of things to prevent attacks. But it is better than nothing.

If you install Apache, PHP, MySQL or other software on your machine, there are even more attacks that will be launched against it. I recommend you get a firewall up and running and at least run logwatch on a regular basis to look for potential attacks being launched against you.

Finally, if it is important for you to secure your server, don’t stop with my scripts. Go out and consult with IT security specialists right away.

Good luck!

Advertisements

If you are worried about the WannaCrypt ransomware (and if you are a Windows user, you should be), then…

…Then you want to go here and download and install the appropriate software for your Windows system: Security Essentials Download.

According to this, Microsoft has upgraded it’s security software to prevent similar attacks. That’s good. What’s not good is that you can be certain there will be a wave of copycat attacks coming. Get the software and install it today.

A good list of resources on passwords and PC security in general

I collected a list of all the links I had concerning passwords and PC security and general on this blog. It’s not exhaustive, but it is useful, especially if your knowledge on the topic is limited.

Do you need tools for a safer PC ?

Of course you do: everyone does. Therefore check this out: Tools for a Safer PC — Krebs on Security.

Two really good articles on passwords. (Really!)

Yes, it is possible to write good articles on what is the bane of our current existence: computer passwords. The first one talks about the top passwords that people commonly use. The second one is a beautifully written piece about the thought that goes into people’s passwords.

You will have an entirely new perspective on passwords after reading this.

P.S. Thanks to Anna P for pointing out the second one.

Why I am backing the ‘1984’ Stealth Fashion for the Under-Surveillance Society by Zoltan Csaki on Kickstarter

Here are my reasons for (and why you might want to as well):

  • To reduce abuse of access to your data: There are more and more stories of organizations, government and other, using and abusing data given off from your cell phone (e.g. this story on location based marketing in Toronto being just one).  This product can help put a stop to that.
  • To increase the amount of control I have: I may not have an issue with others using this data and there may be times when I think there is a benefit to me to have this data accessible. Generally I don’t, but I like the option. This product helps with that.
  • To encourage more people to make such products: if this campaign is successful, I hope to see more businesses attempting similar but different and possibly better products, which is a benefit to me and people like me who values their privacy.

Reasons against:

  • it’s not foolproof. By that, I mean anyone with enough motivation could still use the data you inevitably will give off when you are using your phone to extrapolate things about you. As well, there are other ways you can be tracked (E.g., abusive apps).

In my case, I think the reasons for outweigh the reasons against, and that is why I have pledged to this Kickstarter campaign . I would encourage you to pledge as well.

Here’s a link to it: ‘1984’ Stealth Fashion for the Under-Surveillance Society by Zoltan Csaki — Kickstarter.

How to make your Internet use more secure and private, 2013 edition

It’s a constant battle, but this article by Sean Bonner (Encryption and Privacy – What I’m Using) is a great rundown of tools you should consider in making your Internet use more private and less exploitable.

He covers a wide range of tools, from Tor to VPNs to duckduckgo, and more. Better still, his article is readable and understandable by people who lives revolve around something other than computers.

When it comes to security, you are always making trade-offs between being more secure and other things you want from technology (e.g. ease of use). That said, try and make your computer as secure as you can: every bit helps.