PUBLIC MARKS from camel with tag secure

Very secure FTPd est un outil très complet, stable, sécurisé et performant à la fois. Il permet une gestion du serveur à la carte selon les besoins de l’administrateur, sa relative complexité ne doit surtout pas être un frein à son utilisation car au final on se rend bien compte que les multiples possibilités d’utilisations font de VsFTPd un logiciel puissant, hautement configurable. Sans nul doute, ce logiciel est ce qui se fait de mieux en la matière ! Dans le cadre de cet article, nous allons faire en sorte que l’espace disque soit partagé de deux manières. Un utilisateur que l’on nommera paul aura les droits suivants : lecture, écriture et suppression. Le deuxième qui s’appellera tom pourra uniquement avoir accès en lecture seule, il ne pourra en aucun cas uploader, déplacer où encore supprimer un fichier contrairement à paul. Autre point important, l’accès au serveur en anonyme sera tout simplement refusé par soucis de sécurité.

This article explains how you can install and configure apache2-mpm-peruser on a Debian Etch server. apache2-mpm-peruser is an MPM (Multi-Processing Module) for the Apache 2 web server, very similar to apache2-mpm-itk, but faster (almost as fast as apache2-mpm-prefork). mpm-peruser allows you to run each of your vhosts under a separate UID and GID - in short, the scripts and configuration files for one vhost no longer have to be readable for all the other vhosts. It is based on metuxmpm, a working implementation of the perchild MPM. The result is a sane and secure web server environment for your users, without kludges like PHP's safe_mode.

Commençons tout d’abord par expliquer les quelques termes alambiqués du titre de ce billet pour les néophytes : * SFTP signifie « Secure File Transfer Program », c’est un programme permettant de transférer des fichiers en utilisant une liaison chiffrée par SSH (Secure SHell) ; attention à ne pas confondre SFTP avec FTPS qui signifie pour sa part « File Transfer Protocol over SSL » ! * chroot est un programme permettant de changer le répertoire racine d’un processus afin que ce dernier n’ai accès qu’à une partie limitée de l’arborescence. * scponlyc est un shell limité destiné uniquement aux transferts de fichiers dans un chroot. Le but du jeu est donc de permettre à un utilisateur de transférer des fichiers sur un serveur de manière sécurisée sans qu’il n’obtienne pour autant un shell et sans qu’il lui soit permit de voir l’arborescence du serveur.

SSH has numerous uses beyond just logging into a remote system. In particular, SSH allows you to forward ports from one machine to another, tunnelling traffic through the secure SSH connection. This provides a convenient means of accessing a service hosted behind a firewall, or one blocked by an outgoing firewall. However, forwarding an individual port still requires you to change where your program connects, telling it to use a non-standard port on localhost rather than the standard port on the remote machine, and it requires a separate port forward for each machine you want to access. Dynamic port forwarding via SOCKS provides a more convenient alternative. The examples in this article assume that you reside behind a restrictive firewall which does not allow outgoing SMTP connections except to a designated mail server. You want to connect to a different mail server, mail.example.net, on port 25. You have an SSH account on a machine shell.example.org, which does not reside within the restrictive firewall and can thus access port 25 on mail.example.net.

In this HowTo, I will explain how you can secure your network from virus and other malware, by installing ClamAV and integrating it with SafeSquid, to scan all in-coming content for virus, and block all infected content at the HTTP Gateway, even before it enters your network. Virus Security In SafeSquid SafeSquid has built-in connectivity to various daemon based anti virus software like ClamAV, Sophos, Avast, F-Prot, NOD32 and Kaspersky. It also has a universal ICAP (Internet Content Adaptation Protocol) client that can be used to connect to ICAP based security software like Dr.Web ICAP, Kaspersky Antivirus for Proxy Server, Trend Micro InterScan Web Security and Symantec Scan Engine. You can even use multiple anti virus software with SafeSquid to simultaneously scan in-coming content. This does not cause any significant latency, since SafeSquid has a multi-threaded architecture.

djbdns is a very secure suite of DNS tools that consists out of multiple parts: dnscache, a DNS cache that can be used in /etc/resolv.conf instead of your ISP's name servers and that tries to sort out wrong (malicious) DNS answers; axfrdns, a service that runs on the master DNS server and to which the slaves connect for zone transfers; and tinydns, the actual DNS server, a very secure replacement for BIND.

djbdns is a very secure suite of DNS tools that consists out of multiple parts: dnscache, a DNS cache that can be used in /etc/resolv.conf instead of your ISP's name servers and that tries to sort out wrong (malicious) DNS answers; axfrdns, a service that runs on the master DNS server and to which the slaves connect for zone transfers; and tinydns, the actual DNS server, a very secure replacement for BIND.

An open protocol to allow secure API authentication in a simple and standard method from desktop and web applications.

his article describes how to implement SSL-enabled name-based vhosts - that is secure virtual hosts which share the same IP address and port - with the SNI-capable mod_gnutls module for Apache’s httpd web server.

SSL-based VPNs were designed to eliminate the need for complex configurations on the user's PC. Unfortunately, that was before the dangers of public WiFi networks and tougher regulatory requirements came into being. Thanks to WiFi, many attacks that were difficult are now quite simple. In particular, a man-in-the-middle attack can intercept SSL-encrypted traffic, rendering SSL-based VPNs useless - even if it's protected by a typical one-time password system. The man-in-the-middle can easily feed the one-time password into the SSL-based VPN within the alloted time.

Vous avez envie de chiffrer des fichiers super secrets, comme par exemple votre liste de mot de passe qui est dans un simple fichier texte, ou les fichiers sur votre clé USB pour éviter que l'on vous l'empreinte et récupère votre plan pour dominer le monde ? Cryptsetup est votre ami, il peut faire pleins de choses, grâce au chiffrement.

Today it is possible to create a secure website with relative ease by requiring a client to present a digitally signed certificate. A digitally signed certificate is simply a piece of information that contains data about the subject, public key, dates of validity, identification of the Certificate Authority (CA), and the digital signature. There are typically two ways to go about creating a secure website. First is by the use of a self-signed certificate. The second way is by using a Trusted Certificate signed by a CA. The choice is up to you, and this tutorial will show you how to do both. Go ahead and su into root and let's begin!

Manuel de sécurisation de Debian

Sécuriser son Ubuntu-server - Prendre un Café

Secure PHP installation - Lorenzo Alberton

freeCap can be used to prevent spam on any form; guestbook, comment area, signups, shopping carts - any area of your website where you fear the evil spammers may target.

SecurePHP is a wiki about PHP security. To learn more about what a wiki is, please visit Wikipedia (http://en.wikipedia.org/wiki/Wiki). If you'd like to experiment with writing wiki syntax and articles, please use the Sandbox instead of experimenting with existing articles and content.

All versions of MySQL currently shipped with Debian Sarge lack support OpenSSL due to licensing issues. In order to enable support for SSL connections it is necessary recompile MySQL from source.