OpenVPN cryptographic layer
This is a technical overview of OpenVPN’s cryptographic layer, and assumes a prior understanding of modern cryptographic concepts. For additional discussion on OpenVPN security, see this FAQ item.
OpenVPN has two authentication modes:
In static key mode, a pre-shared key is generated and shared between both OpenVPN peers before the tunnel is started.
Continue reading »
26. JUN, 2009 CATEGORIES: TOOLS BY ADMIN VIEW COMMENTS
This guide is the second in a 3 part series. Part 1 covers the Installation of Nessus 4 on the Jaunty Jackalope – Ubuntu 9.04. Part 2 is the installation of OpenVas 2 on Ubuntu 9.04 and Part 3 will be a show down between the two vulnerability scanners. A full review with comparison scan results from a number of sample systems. Nessus is a commercial product from Tenable while OpenVas is an open source product that branched from the original Nessus open source project releasing version 1.0 in August 2008.
This guide will cover the installation of the following OpenVas components on Ubuntu 9.04 (Jaunty Jackalope). While specific to 64bit, other versions of Ubuntu should have no trouble with the following steps. Continue reading »
1. 关闭无关端口,禁止ping (建议)
2. 更改SSH默认端口 (一般)
3. 限制可以SSH登录的IP地址/范围 (建议)
4. 使用密钥方式代替密码方式 (强烈建议) Continue reading »
2010-3-5
Teredo的漏洞是否会导致其在使用中出现安全风险?Teredo允许内部网络过渡到IPv6, 通过它们的NAT设备互相连接并跨越IPv4的因特网。听起来很简单,不是吗?那么,在这里我将讨论一些企
问:Teredo的漏洞是否会导致其在使用中出现安全隐患?
答:当Teredo应用在企业环境时,这使我感到害怕——仅仅是因为它所具备的功能。对不熟悉技术的人来说,由微软倡导的Teredo是在IPv4的端口上使用UDP数据报建立IPv6通信隧道的技术,正如RFC4380中所定义的那样。
Teredo允许内部网络过渡到IPv6, 通过它们的NAT设备互相连接并跨越IPv4的因特网。听起来很简单,不是吗?那么,在这里我将讨论一些企业需要重点关注的安全问题。
在Teredo之前,许多组织在因特网上实验过网络到网络的IPv6连接,而且是使用IPv6-to-IPv4网关来实现的。下面是常见的情景: Continue reading »
Research In Motion executives are fond of saying that their platform is more secure than other mobile providers. For example, Scott Tzoke, RIM's VP of Security was recently quoted as saying that BlackBerrys are “secure right out of the box” (meaning that no additional mobile security protection is needed) and that RIM offers enterprises with the most secure mobile computing option thanks to the ability to create security settings for all enterprise users via its BlackBerry Enterprise Server (BES).
This official position is not without its critics, particularly among some mobile security researchers such as Tyler Shields whose presentation at ShmooCon 2010 showed how standard BlackBerry settings could “access and leak sensitive information using only RIM-provided APIs and no trickery or exploits at all.”
All of these security questions are moot, however, if you're using your BlackBerry to send its highly touted encrypted emails to or from the Russian Federation, the Peoples Republic of China; or, shortly, India, Saudi Arabia and the UAE. Continue reading »
Is a quality device password set to control access to the Blackberry?
Is content protection(encryption) enabled on the Blackberry?
Does the Blackberry contain the latest RIM operating system?
Are you regularly educating yourself on potential new Blackberry vulnerabilities and exploits?
Is an antivirus/antimalware program installed on the Blackberry?
Are you on the lookout for third-party Blackberry personal firewalls?
Is the Blackberry firewall-enabled?
Are the Blackberry firewall default setting configured as securely as possible for how the Blackberry will be utilized?
Are specific applications installed on the Blackberry configured with the least amount of access to other portions of the Blackberry?
Are users educated on the potential risks to Blackberry?
Are external interfaces that will not be utilized disabled?
Is the bluetooth Discoverable option disabled?
Are bluetooth options, such as acess to the address book,configured as securely as possible?
Things to Remember
Blackberry devices are susceptible to exactly the same types of threats as any other type of computer system. These threats include the following: Continue reading »