OCSP Stapling on Nginx and Apache webserver To understand OCSP stapling, it is necessary to understand OCSP, the Online Certificate Status Protocol. OCSP is a protocol for determining whether a certificate is revoked (for instance, becau se its private key was compromised). Every time a browser connects to an HTTPS website, it contacts the OCSP responder specified in the SSL certificate, and asks if the certificate is revoked. If the respond er replies that the certificate is revoked, the browser blocks the page from loading. Web Servers Networking Security
ProFTPd Server with virtual users and in SFTP mode How to configure proftpd server with virtual users and with sftp mode. Debian Linux Networking Security
nftables geoip - continents ip In the previous articles, we showed how to perform packet marking in nftables based on geoip source ip addresses and also how to log traffic to external files . Today we will show how to mark packets based on which continent they come from. The principle is that we first mark packets based on the source IP address so that we know which countries they are coming from. And then we'll find out which continent the state is on. Linux Security Networking
nftables and GeoIP How to Block IPs from Countries or Continets using NfTables Geoip script We'll learn how we can block traffic originated from specific country or continent IPs using GeoIP database and linux nftables . This article describes the configuration for debian linux distros. nftables is the new packet classification framework that intends to replaces the existing {ip,ip6,arp,eb}_tables infrastructure. In a nutshell: It is available in Linux kernels >= 3.13 It comes with a new command line utility nft whose syntax is different to iptables. Linux Security Networking
How nftables log to external file Logging traffic blocked by the nftables or iptables firewall rules is necessary for debugging the firewall rules and to be alerted to local software problems. Any packet matching a rule can be logged by using -j LOG target for iptables or log statement for nftables. Logging packet has no effect on the packet's disposition, however. The packet must match an accept or drop rule. Linux Security Networking
Add or Change SSL/TLS certificate in Lotus Domino Add or Change SSL/TLS certificate in Lotus Domino SSL/TLS certificates don’t last forever, most of them need to be renewed on a yearly cycle and occasionally you will want to change the type of the SSL certificate mid-cycle. Lotus Notes SSL/TLS For work with ssl/tls certificates in the lotus notes are used with the kyrtool program. You can download kyrtool from this IBM website . Or direct from our web site . Security Linux
Working with Vsftpd as FTPS server with virtual users and SSL certificates in Debian or Ubuntu Introdution What is the difference between FTP , FTPS and SFTP we learned in the last article Understanding Key Differences Between FTP, FTPS and SFTP We also need to recognize the difference between active and passive ftp connections Configure VSFTPd server Install vsftpd server and pam service First you need vsftp and PAM with htpasswd utility support installed ~] apt-get install vsftpd libpam-pwdfile apache2-utils Configure pam for vsftpd Linux Pluggable Authentication Modules (PAM) provide dynamic authentication support for applications and services in a Linux or GNU/kFreeBSD system. Debian Linux Networking Security
Understanding Key Differences Between FTP, FTPS and SFTP Understanding Key Differences Between FTP, FTPS and SFTP Perhaps the most common protocols used in file transfer today are FTP, FTPS and SFTP. While the acronyms for these protocols are similar, there are some key differences among them, in particular how data are exchanged, the level of security provided and firewall considerations. Learning these key differences can help you when choosing a file transfer protocol or troubleshooting common connection issues. Networking Security
How to Enable Full Disk Encryption with encrypted boot, root partition and ramdisk in Debian - Ubuntu Linux This is a tutorial on how to get a step-by-step installation of Debian on a fully encrypted disk. We encrypt everything, including the kernel and the initialization ramdisk. Without a password, the thief will not even blow. Security Debian Linux
Most secure SSL/TLS configuration for Apache, Nginx, Postfix, Dovecot, HAProxy and other What is a cipher suite? Cipher suites decide how secure, compatible and fast your HTTPS website is. A cipher suite is a set of information that helps determine how your web server will communicate secure data over HTTPS. A web server uses certain protocols and algorithms to determine how it will secure your web traffic. These are the ingredients of a secure connection. A cipher suite is essentially a list of those ingredients. Security Linux Networking Web Servers
