Category: Security

Link: Access Google Authenticator on the Desktop

No longer are you limited to using your smartphone to use Google’s two-step authentication. There are many apps that you can use easily on your desktop to help keep your accounts more secure.

Keep in mind, though, that using a two-step authenticator app is less secure on your computer. Anyone who has access to your desktop can get your security key and log into your account. But if you don’t own a smartphone, using a program on your computer is better than nothing.

To use any of these apps to secure your accounts, you need to make sure you go through the usual process to enable two-factor authentication on Google or activate any other services that need two-factor authentication. Instead of entering the key into a mobile app, all you do is to enter it on your desktop.

Full article here:
Access Google Authenticator on the Desktop (Make Tech Easier)

Link: OpenVPN-Setup: Shell script to set up Raspberry Pi (TM) as an OpenVPN server

About

Shell script to set up Raspberry Pi (TM) as a VPN server using the free, open-source OpenVPN software. Includes templates of the necessary configuration files for easy editing, as well as a script for easily generating client .ovpn profiles after setting up the server. Based on the ReadWrite tutorial ‘Building A Raspberry Pi VPN’ by Lauren Orsini (see sources 1 and 2 at the bottom of this Readme).

To follow this guide, you will need to have a Raspberry Pi Model B or later (so long as it has an ethernet port), an SD or microSD card (depending on the model) with Raspbian installed, a power adapter appropriate to the power needs of your model, and an ethernet cable to connect your Pi to your router or gateway. You will also need to setup your Pi with a static IP address (see either source 3 or 4) and have your router forward port 1194 (varies by model & manufacturer; consult your router manufacturer’s documentation to do this). You should also find your Pi’s local IP address on your network and the public IP address of your network and write them down before beginning. Enabling SSH on your Pi is also highly recommended, so that you can run a very compact headless server without a monitor or keyboard and be able to access it even more conveniently (This is also covered by source 4). And last but not least, be sure to change your user password from the default.

Full documentation and download here:
OpenVPN-Setup (GitHub)
Discussion in this Reddit thread

Stop SOME SipVicious attacks from reaching your Asterisk, FreeSwitch, YATE, etc. PBX server

This tip was posted by user “infotek” on the FreePBX site but applies to all software PBX systems that use the iptables firewall. “infotek” wrote:

By default the SipVicious scanner uses the ua : “friendly-scanner”. To block this ua, you can have iptables search the packet for that text.

add the following line to /etc/sysconfig/iptables

-A INPUT -p udp -m udp –dport 5060 -m string –string “friendly-scanner” –algo bm –to 500 -j DROP

Now the thing to keep in mind about this is that it only works if you know the string that will be sent as the user agent, and some hackers using SipVicious may take the trouble to change that default string, but some protection is better than none.  However this same technique can be used to block any attack that constantly sends the same string as the user agent, if you know what that string contains.

For those that use Webmin to manage iptables, here are the settings to use.  This should come BEFORE any other rules applicable to port 5060 – I made it the very first rule on the page “Incoming packets (INPUT) – Only applies to packets addressed to this host“:

Rule comment: Stop SipVicious
Action to take: Drop
Network protocol: Equals UDP
Destination TCP or UDP port: Equals Port(s) 5060
Additional IPtables modules: string
Additional parameters: –string “friendly-scanner” –algo bm –to 500

All other settings on the Webmin “Add Rule” page should be left at the default value (usually <ignored>).

To stop the hackers clever enough to change the default user agent string, consider also using this technique.

Link: 4 Tools to Securely Delete Files from Linux

Any computer user with normal level skill set knows that any data removed from computer system can be recovered later with little bit of efforts. This is a good thing in the scenario when you have accidentally deleted your critical data. But in most cases, you don’t want your private data to be recovered easily. Whenever we remove anything, the operating system deletes just the index of the particular data. It means that data is still there somewhere on the disk, this method is insecure, as any smart computer hacker can use any good data recovery tool to easily recover your deleted data. Linux users utilizes the well know “rm” command to remove data from their operating system, but “rm” command works in the conventional fashion. Data removed using this command can be recovered by special file recovery tools.

Let’s see how we can safely and completely remove files/folders from our Linux system. The methods mentioned below remove data completely so it becomes very hard for recovery tools to find traces of the actual data and recover it.

Full article here:
4 Tools to Securely Delete Files from Linux (LinOxide)

Link: Understanding Linux File Permissions

The Unix operating system (and likewise, Linux) differs from other computing environments in that it is not only amultitasking system but it is also a multi-user system as well.

…..

In order to make this practical, a method had to be devised to protect the users from each other. After all, you could not allow the actions of one user to crash the computer, nor could you allow one user to interfere with the files belonging to another user.

This lesson will cover the following commands:

  • chmod – modify file access rights
  • su – temporarily become the superuser
  • chown – change file ownership
  • chgrp – change a file’s group ownership

Full article here:
Understanding Linux File Permissions (Project: Fenix)

Link: Security in Three Ds: Detect, Decide and Deny (using DenyHosts to stop brute-force SSH attacks)

Whenever a server is accessible via the Internet, it’s a safe bet that hackers will be trying to access it. Just look at the SSH logs for any server you use, and you’ll surely find lots of “authentication failure” lines, originating from IPs that have nothing to do with you or your business. Brute-force attempts (such as “dictionary attacks”) try different passwords over and over to try to get into your box, and there’s always a chance that they eventually will succeed. Thus, it’s a good idea to apply these “three Ds” for your security: detect intruder attempts, decide when they’ve gone “over the top” (past what would be acceptable for honest-to-goodness typing mistakes), and deny them access at least for a (longish!) while.

Several tools manage this kind of monitoring (see the Resources section). In this article, I describe installing, configuring and running DenyHosts. With it, you’ll have a running background dæmon that will check your system continuously for access attempts, decide if they look unsafe, block them and inform you. DenyHosts even can be configured to share information with other servers, so whenever a hacker is detected on one system, it will be blocked on other systems too.

Full article here:
Security in Three Ds: Detect, Decide and Deny (Linux Journal)

Link: How To Install And Configure Squid Proxy On Ubuntu And Debian

Squid Proxy is  a a great proxy server mainly used for caching frequently requested web content in order to speed up response time and also save network bandwidth. It supports many different protocols such as HTTP, FTP, TLS, SSL, Internet Gopher and HTTPS. Although it was originally designed to run as a daemon on Unix-like systems there have been several ports to windows, but according to wikipedia more current versions are not being developed.

Squid Proxy is released under the GNU General Public License.

In this tutorial you will learn how to install and setup Squid Proxy on Ubuntu and Debian Linux distributions. Just follow each step of this guide carefully and everything will be ok.

Full article here:
How To Install And Configure Squid Proxy On Ubuntu And Debian (Unixmen)

Link: How to Secure Your Newly Installed Ubuntu

Without a doubt, a freshly installed Linux system is less susceptible to malware, spyware and hacking than a freshly installed Windows system. However, most Linux systems are configured with some default settings that are inherently insecure. Some Linux distros are designed to be installed with very secure defaults, but this results in systems that have a significant difficulty for new users, especially those who are not computer security professionals.

Ubuntu is arguably the most popular Linux distro today, and this is due to a large number of factors, one of which is its friendliness to new users. Many of Ubuntu’s default settings are geared towards allowing users to use their systems immediately after installation with as little disruption as possible. While this has its positives, it also results in a system that has a few weaknesses, trading them for user convenience. This article will walk you through some basic but powerful configuration changes that show you how to secure your newly installed Ubuntu from many of the common attack methods.

Full article here:
How to Secure Your Newly Installed Ubuntu (Make Tech Easier)

Link: Top 30 Nmap Command Examples For Sys/Network Admins

Nmap is short for Network Mapper. It is an open source security tool for network exploration, security scanning and auditing. However, nmap command comes with lots of options that can make the utility more robust and difficult to follow for new users.

The purpose of this post is to introduce a user to the nmap command line tool to scan a host and/or network, so to find out the possible vulnerable points in the hosts. You will also learn how to use Nmap for offensive and defensive purposes.

Full article here:
Top 30 Nmap Command Examples For Sys/Network Admins (nixCraft)