Category: Security

Suspend-to-RAM and Suspend-to-Disk may seem useful when you don’t want to use your computer but you want to speed up start-up. While especially Suspend-to-RAM can get you to a running system quickly, with all the stuff open as you left it when you suspended your computer, there are certain problems with suspension, especially on mobile devices like notebooks and netbooks.

The big problem both types of suspension share is that they can effectively bypass encryption, which should be standard on a mobile device. My notebook has an encrypted root partition, and after a couple of tests I have now also encrypted my swap partition. Yes, until about 1 hour ago I have been working with an unencrypted swap partition, setup 1 (see below), and have now switched to setup 2 (again, see below).

Continue reading

Virtual once more: VPN

Remote access to servers should be secure. I guess we all agree on that.
Still there sometimes is no way around potentially insecure services like Remote Desktop or VNC. Or maybe you have servers that are not publicly accessible, because they are hidden behind a second firewall.

In order to both secure potentially insecure services and allow access to otherwise inaccessible servers you can use a Virtual Private Network, or VPN.

First of all I want to say that I think there are too many different implementations of VPNs out there. Windows seems to favor PPTP as it’s way to connect to VPNs. Aside from that there is L2TP, IPSec, OpenVPN and, if you want to count it as VPN, tunneling through SSH. And possibly a few more nobody really cares about.
Thus, when being given the opportunity to use such an encrypted connection the first question has to be what kind of VPN it actually is, because there is no one-size-fits-all configuration.
With IPSec being part of IPv6, and not just glued on top as in IPv4, there is hope, albeit little, that maybe, and just maybe, IPSec may establish itself as “the one VPN solution”.

Continue reading

Working as a Network Administrator I, sadly, also have to deal with Windows servers. While this is bad enough in itself this article is not written as a way to rant about my general dislike of Windows, or even the lack of security often attributed to the Windows operating system.

This article, as the title states, tries to explain why I think that using Windows as a web server is an outrageously stupid idea.

Websites nowadays are not only tools where individuals and organizations present themselves, they are not pure advertising anymore, but often enough part of the product. But even when they are purely informational, no matter of what kind this information may be, they play a valuable part in corporate strategy. For this reason a website has to be available 25 hours a day, 8 days a week.

Continue reading

(Mis-)Understanding IPTables

As now I am also maintaining a couple of firewalls I figured it might be a good idea to get familiar with their rulesets.
Frankly said, I was shocked.
Shocked by the number of conditions/rules that are used repeatedly in sub-chains for no particular reason, rules that have no effect, or rules that are plain pointless.

Continue reading

screen is a very useful tool. It enables you to run tasks in the background without actually sending them to the background.
What this means it that you do not have the annoying side-effects of sending a process to the background using myterriblylongrunningprogram &, but you get a complete session that you can disconnect from and it will keep happily working away.

Now the problem with screen is that it opens the possibility to circumvent authentication.
Continue reading

On eMail

Just like probably most people on the Internet I receive a lot of spam, especially on my very first eMail-address I ever registered. Yes, I still use that, even though I have mostly transitioned away from it by now.Now the problem is that spam is annoying, and can easily become the majority of mails in your inbox, as is the case with my old eMail.

Of course, you can argue, that I should use a spam-filter, and I actually do. But spam-filters can only do so much for you. They often work with wordlists, IP-based blacklists and other nifty tricks to detect spam. This of course does not work all the time, especially because spammers then come up with words like viagara, that can still be understood, but are not detected by the spam-filter, at least until the next update of the wordlist.
Aside from this need for frequent updates, which already is a problem in itself, but one I do not intend to cover here, there is the problem of false positives, wanted eMails that, for some reason, get marked as spam.

Continue reading