User login

security

Vulnerability scanning

Remote

Implement vulnerability scanning to help fulfill https://nvd.nist.gov/800-53/Rev4/control/RA-5">SSP Control RA-5 - Vulnerability Scanning.

Feedback on private, secure cloud storage / backup given to Least Authority

The convenience (can actually be used) and security balance is the real magic in this space. For example, i am at this moment fairly afraid that i've forgotten my SpiderOak passphrase and lost the backup piece of paper. On my ToDo list for months has been check if i can still access my data and then re-up the subscription. I own my failings, but i suspect other humans share them. Perhaps tiers of data security in one service could be an answer? One tier, the lowest, can be recovered with a password reset to e-mail, so the private key actually stored somewhere with you.

Simple tools for security against surveillance

Recommendations by Noah of HackBlossom following an excellent history of security and surveillance.

uBlock Origin - Never see ads again!
https://github.com/gorhill/uBlock#installation

Privacy Badger - Don't let websites track you!
https://www.eff.org/privacybadger

Encryption on Ubuntu: Just the commands

For set-up, see https://help.ubuntu.com/community/FolderEncryption

Open:
encfs ~/.ncryptd ~/ncryptd

where ncryptd is the name of your directory. Note the dot (.) in front of ncryptd in the first parameter of the encfs command; the encrypted version is an entirely different directory and could have a completely fidderent name from the directory you decrypt it into.

Use of -p is not recommended: set file permissions explicitly

Stefan told me not to recommend scp -r ~/code/example username@host.example.com:/var/www/.

Server blocking someone who should have access? Try etc/hosts.allow

Blocked and receiving an error "ssh: connect to host" "port 22: Connection refused", Stefan added the IP address where this was not working to the hosts allow file, and explained the system.

There's two relevant files: /etc/hosts.allow and /etc/hosts.deny

/etc/hosts.deny is updated by the denyhosts package based on attacks and suspicious behaviour. it can be overridden by /etc/hosts.allow

An entry consists of a service, such as ssh, and a number of IP addresses.

Web App Security

Introduction

This page is the seed of Public Display's collective knowledge base about security. Here you will find the main classes of vulnerability we need to be aware of, with a brief description.

Syndicate content