Category: Security

Link: Managing the Iptables Firewall

Your firewall is an important first line of defense on any publicly-accessible server. In previousarticles I listed how to set up a firewall without getting into any detail. This article goes into depth with configuring your iptables firewall.

Full article here:
Managing the Iptables Firewall (Fideloper)

Link: How to Install and Configure UFW – An Un-complicated FireWall in Debian/Ubuntu

The ufw (Uncomplicated Firewall) is an frontend for most widely used iptables firewall and it is well comfortable for host-based firewalls. ufw gives a framework for managing netfilter, as well as provides a command-line interface for controlling the firewall. It provides user friendly and easy to use interface for Linux newbies who are not much familiar with firewall concepts.

While, on the other side same complicated commands helps administrators it set complicated rules using command line interface. The ufw is an upstream for other distributions such as Debian, Ubuntu and Linux Mint.

Full article here:
How to Install and Configure UFW – An Un-complicated FireWall in Debian/Ubuntu (TecMint)

Links: Raspberry Pi / Linux security series

While this series is intended specifically for Raspberry Pi users, anyone new to Linux that would like to know how to secure their system would likely benefit from reading these articles from “The Unwritten Words”:
Raspberry Pi: Initial Setup (Security – Part I)
Raspberry Pi: iptables (Security – Part II)
Raspberry Pi: fail2ban (Security – Part III)

Link: How to Bake an Onion Pi (Tor proxy on Raspberry Pi)

Feel like someone is snooping on you? Browse the web anonymously anywhere you go with the Onion Pi Tor proxy. This is a cool weekend project that uses a Raspberry Pi mini computer, USB wi-fi adapter, and Ethernet cable to create a small, low-power, and portable privacy Pi.

Full article here:
How to Bake an Onion Pi (Make)

Link: Transfer Files Securely Using SCP in Linux

The most common way to get terminal access to a remote Linux machine is to use Secure Shell (SSH). To work, the Linux server needs to be running a SSH server (OpenSSH) and at the other end you need a SSH client, something like PuTTy in Windows or the ssh command line tool on Linux or other Unix-like operating systems such as FreeBSD.

The attraction of SSH is that the connection between the two machines is encrypted. This means that you can access the server from anywhere in the world safe in the knowledge that the connection is secure. However the real power of SSH is that the secure connection it provides can be used for more than just terminal access. Among its uses is the ability to copy files to and from a remote server.

Full article here:
Transfer Files Securely Using SCP in Linux (Make Tech Easier)
Related:
12 scp command examples to transfer files on Linux (BinaryTides)

How to easily switch between your normal DNS service and Tunlr under OS X

[notice]The use of services such as Tunlr, that provide access to geographically-blocked websites and services you might not normally be able to access, may be illegal in some jurisdictions.  We are not lawyers, so cannot comment further on this.  You are responsible for knowing your local laws.[/notice]

Tunlr is a service that describes itself as follows:

Do you want to stream video or audio from U.S.-based on-demand Internet streaming media providers but can’t get in on the fun because you’re living outside the U.S.? Fear not, you have come to the right place. Tunlr lets you stream content from sites like Netflix, Hulu, MTV, CBS, ABC, Pandora and more to your Mac or PC. Want to watch Netflix or HuluPlus on your iPad, AppleTV or XBox 360 even though you’re not in the U.S.? Tunlr lets you do this.

If you are in the U.S., Tunlr may allow you to access certain sites in Great Britain and elsewhere in Europe.  It does not yet allow access to sites in Canada (pity).  Again, we are specifically not saying that it is legal to to this, since were are not lawyers and cannot give legal advice.

You utilize Tunlr by setting your computer’s or router’s DNS addresses to Tunlr, but Tunlr does not want you to do this except when you are actually accessing content.  As their FAQ explains:

Why you shouldn’t set your DNS permanently to Tunlr

For speed, stability, privacy and security reasons we do not recommend to permanently set your computer’s or router’s DNS addresses to Tunlr. Setting the DNS permanently to Tunlr also puts a heavy strain on Tunlr’s network infrastructure. In order to render the permanent use of our DNS resolvers less attractive, we’re artificially delaying responses to DNS queries. What this means is that your Internet surfing experience will be a lot slower than if you’d just use your Internet service provider’s DNS resolver. However, your ability to download/stream audio or video content is not affected by this delay. To sum it up: do not use our DNS resolver for day to day web surfing.

The FAQ shows “links for more ideas about how to temporarily use our DNS resolver” and they do show some suggestions for OS X, but at this writing none of those links show the easiest way.  When you use the method described below, you will be able to simply click on the Apple logo in the top menu bar and select Tunlr as your DNS, or switch from Tunlr back to your usual DNS, like this:

Selecting Tunlr DNS from the Apple dropdown menu
Selecting Tunlr DNS from the Apple dropdown menu

Note that when you switch DNS servers in OS X your network connection will be momentarily interrupted, so you probably don’t want to do this while you have downloads or uploads in progress.

So, how do you set this up?  It’s relatively simple.  Go To System Preferences (which is another selection in the Apple menu shown above), and when it comes up, in the Internet & Wireless section click on Network.  You should then see a screen similar to this:

System Preferences | Network settings
System Preferences | Network settings

This image is from a system with only a wired ethernet connection – you may see additional connections. But in the left-hand menu you want to select the connection you’ll be using while using Tunlr, which is probably your wired (en0) connection unless you use wireless exclusively.

Before you go any further, click the Advanced button in the lower right corner, then on the next screen click the Proxies tab at the top:

Advanced Network settings, Proxy tab
Advanced Network settings, Proxy tab

What you want to see is what’s currently in the “Bypass proxy settings for these Hosts & Domains” text box.  If there is anything in that box, copy it and save it somewhere – you can open a TextEdit window and paste it in there temporarily if necessary.  Next, at the top, click on the Location dropdown and it should give you the option to Edit Locations, so select that:

Adding a new location
Adding a new location

Next you should see a popup window showing your existing locations:

Popup to add new locations
Popup to add new locations

Click the + in the popup and it should let you enter a new location, so enter Tunlr:

Adding new Tunlr location
Adding new Tunlr location

Click Done and the new location will be added. At this point it is not configured so you will likely be thrown offline, and you’ll see something like this:

New Tunlr location created but not yet configured
New Tunlr location created but not yet configured

Next click the Advanced button and go to the DNS tab, then click on the + and add the two Tunlr DNS addresses (69.197.169.9 and 192.95.16.109) as shown here:

Network settings, DNS tab with Tunlr proxies entered
Network settings, DNS tab with Tunlr proxies entered

After adding the two Tunlr proxies, click OK and then click Advanced again and go to the Proxies tab. What you want to do here is paste in any proxy information you copied from your original network connection back into the “Bypass proxy settings for these Hosts & Domains” text box.  So, copy that from TextEdit or wherever you saved it and paste it in here — it should look exactly as it did for the original connection:

Advanced Network settings, Proxy tab
Advanced Network settings, Proxy tab

Click OK and you should be taken back to the main Network settings window. Now it should show the two Tunlr DNS addresses:

Network settings, Tunlr location with Tunlr DNS addresses configured
Network settings, Tunlr location with Tunlr DNS addresses configured

The last thing to do is click Apply, which should enable the Tunlr location and start using the Tunlr DNS:

Network settings, Tunlr location configured and connected
Network settings, Tunlr location configured and connected

Note that the dot next to your network connection should have changed from yellow to green. Now open your web browser and go to the Tunlr status page (you can just click on that link). You are looking for the section near the bottom of the page headed Tunlr activation check, which should tell you whether or not Tunlr is activated.

Note that even if it says that you need to restart your device or computer after you change the DNS address, that is NOT true when you use this method.  Instead, when you want to access geographically-locked content that Tunlr knows about, you simply go to the Apple menu and select the Tunlr location, and when you are done accessing that content you go back the the same menu and select the Automatic location (or whatever your default location is called). Just keep in mind that any time you change locations, any in-progress communications (downloads or uploads) will be interrupted, and depending on the software and/or protocols used, you may need to restart those connections.

Link: How To Set Up Tunlr DNS Under Linux To Access Netflix, Hulu, CBS, ABC, Pandora and More Outside The US

Tunlr is a free DNS service that lets you use U.S.-based on-demand Internet streaming providers, such as Netflix, Hulu, CBS, MTV, ABC, Pandora and more, if you’re living outside the U.S. At the time I’m writing this article, Tunlr reports that the following streaming services are working:

  • US video streaming services: Netflix, Hulu, CBS, ABC, MTV, theWB, CW TV, Crackle, NBC, Fox, A&E TV, TV.com, Vevo, History, Logo TV, Crunchyroll, DramaFever, Discovery, Spike and VH1;
  • US audio streaming services: Pandora, Last.fm, IheartRadio, Rdio, MOG, Songza;
  • Non-US streaming services: BBC iPlayer (excluding live streams), iTV Player, NHL Gamecenter Live and TF1 Replay / WAT.tv (excluding “direct” stream).
In my test, Tunlr has worked as advertised, but there’s one issue: using Tunlr DNS permanently is not a good idea: for privacy/security reasons, speed and so on. Even the Tunlr FAQ page says you shouldn’t use the Tunlr DNS for every day web surfing. On Windows, there are some tools you can use to quickly switch the Tunlr DNS on/off, but there’s no such tool for Linux, so here’s how to properly use Tunlr under Linux.

Full article here:
How To Set Up Tunlr DNS Under Linux To Access Netflix, Hulu, CBS, ABC, Pandora and More Outside The US (Web Upd8)

Link: How to Setup your own Proxy Server for Free [Updated]

Do a Google search like “proxy servers” and you’ll find dozens of PHP proxy scripts on the Internet that will help you create your own proxy servers in minutes for free. The only limitation with PHP based proxies is that they require a web server (to host and run the proxy scripts) and you also need a domain name that will act as an address for your proxy site.

If you don’t have a web domain or haven’t rented any server space, you can still create a personal proxy server for free and that too without requiring any technical knowledge.

YouTube Video Link: How to Create a Proxy Server

Full article here:
How to Setup your own Proxy Server for Free [Updated] (Digital Inspiration)

Link: Mosh – A replacement for SSH

Mosh(mobile shell) is Remote terminal application that allows roaming, supports intermittent connectivity, and provides intelligent local echo and line editing of user keystrokes.

Mosh is a replacement for SSH. It’s more robust and responsive, especially over Wi-Fi, cellular, and long-distance links.

Mosh is free software, available for GNU/Linux, FreeBSD, Solaris, Mac OS X, and Android.

YouTube video link: Mosh: An Interactive Remote Shell for Mobile Clients

Full article here:
Mosh – A replacement for SSH (Ubuntu Geek)

Link: Run Automated Scripts Over SSH

We’ve shown you how to use SSH to transfer files securely. But there’s a major issue with SSH’s default behaviour. You are only connected with the remote machine after you’ve manually entered the password which rules it out for any tasks you want to run unattended. Or does it?

Here’s a quick lowdown on how the OpenSSH CLI tools (scp and sftp) work so that you can better appreciate the issue. When you want to copy over files to or from the remote host, you can use scp which automatically initiates a SSH connection to the remote host. Every time you run a scp command it establishes a new connection to the remote. So if you have multiple scp commands you’d be entering the same password several times.

This is why you wouldn’t want to use scp in any scripts you want to run unattended. There’s also the fact that if you have multiple accounts on several machines on the network, you’d have trouble memorizing unique, strong passwords for each.

To overcome this problem, you need to switch OpenSSH’s default authentication mechanism to a key-based system.

Full article here:
Run Automated Scripts Over SSH (Make Tech Easier)

Recent Posts

Recent Comments

Archives

Categories

Meta

GiottoPress by Enrique Chavez