Category Archives: Security
Introduction The very first question may is why to tunnel IP over ICMP at all? Sometimes you may find yourself in a situation where you have network, but no access to the Internet because of annoying restrictions. That f.ex. could be a proxy which requires authentication, a captive portal like in hotels or the ports you need simply are not … Continue reading
Introduction My goal was to have an OpenVPN server running, to which i can connect using different ports and by pipping it over an IP over ICMP tunnel (the latter will follow in another post). Ports i want to use: 1194/udp – The default OpenVPN port 53/udp – If im lucky and the network has DNS open by default… 1195/udp … Continue reading
Just had the need to quickly check if the certificate of a domain was revoked or not, and found this tutorial: OpenSSL: Manually verify a certificate against a CRL Well done, but two problems: If the server doesn’t send all certificates (including the root CA), the verify process will fail Too much to type… So i quickly created a bash … Continue reading
Last week i received access to Let’s Encrypts beta, and therefore was able to generate some certificates which are fully accepted by any modern browser. Because of that, nethack.ch will be SSL only from now on. Let’s Encrypt should be GA around the 16th of November 2015. So, get ready to deploy SSL to your sites.
The default configuration of SSL is fine on most Linux distributions (you will get an A-Rating at SSL Labs), but still could be done a lot better and more secure. Goals we want to achieve: Enable Perfect Forward Secrecy (PFS) Enable HTTP Strict Transport Security (HSTS) Disable SSLv2 and SSLv3 PCI compliant FIPS-ready (optional) Don’t break IE… NOTE: the configuration below will … Continue reading