May
19
2015
NetFilter IPTables Project Auto-Expiring Rules could be very interesting (for example) to ban IPs for a certain amount of time, and then have then automatically un-banned (by removing Filtering Rule).
IPTables do not provide an integrated solution for that, but a simple combination with the ‘at’ command can do the magic.
Continue reading
Comments Off on IPTables Auto-Expiring Rules on Linux. | tags: Ban, IPTables, IPTables Timed Rules, Linux, NetFilter, Temporary Rules, Time-Based Rules, Timed Rules | posted in Linux Administration, Networking Resources, Security
Mar
20
2015
While configuring Multiple Networks VPNs (Multiple policy and destination SubNets reached via the same remote IPSec VPN Peer) between Mikrotik and other Firewalls, traffic would randomly stop for certain destinations.
Packet forwarding and encryption only works for one destination (the first matched IPSec Policy) and any other destination (and only the first matched one) will be reachable by performing a ‘SA Flush’.
Continue reading
Comments Off on Mikrotik IPSec VPNs with multiple destination Networks/Policies and SA(s) management. | tags: IPSec, Mikrotik, policy, SA, SAs, VPN | posted in Mikrotik World, Networking Resources, Security
Oct
3
2014
On September 24, 2014, a GNU Bash vulnerability (Shellshock or “Bash Bug”), was discovered and published.
The vulnerability allows remote attackers to execute arbitrary code given specific conditions, by injecting strings of code following environment variable assignments.
Because of Bash’s large utilization (Ex: Linux, BSD, OsX), many computers are vulnerable to Shellshock Bash Bug.
All unpatched Bash versions between 1.14 through 4.3 seems to be compromised.
Continue reading
Comments Off on Protect Servers Against Shellshock Bash Vulnerability. | tags: Bash, Bash Vulnerability, CVE-2014-6271, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, Shellshock, Shellshock Bash Vulnerability | posted in Linux Administration, Security
Sep
12
2014
Loosing the private key it’s bad, but if someone steals the private key, it’s a disaster.
Thieves can not only decrypt personal data, they can also impersonate the owner by signing messages with his private key.
Yes, it is possible to revoke the stolen key, but that would mean probably loose years of signatures and basically creating a massive inconvenience to redistribute a new public key to the world. SubKeys can help to prevent this disaster.
Having separate SubKeys makes key management easier and protects you in certain occasions, for example it is possible to create a new SubKey when a previous one gets stolen, without losing previous signatures.
Continue reading
Comments Off on PGP Key Security generating and using SubKeys. | tags: Cryptographic Keys, GPG, gpg2, Key, Key Ring, KeyRing, PGP, Pretty Good Privacy, Private Key, Public Key | posted in Cryptography, Security
Sep
11
2014
PGP keys and SSH keys can share the same RSA algorithm and for this reason, with some little tuning it is possible to use a PGP SubKey to authenticate users into SSH Servers.
Continue reading
Comments Off on SSH Authentication with PGP Keys. | tags: Authentication, Capabilities, Capability, GPG, gpg2, MonkeySphere, openpgp2ssh, PGP, RSA, SSH, ssh-agent, SubKey, SubKeys | posted in Cryptography, Linux Administration, Security