Collaborate Disseminate
In High Sierra or Mojave, is it possible to harden our login password so that the hash is more difficult to crack? I’m not a crypto person, but can we increase the iterations, transforms, hashing algo strenth or something… … Continue reading How to harden user/login password? [migrated]
Is there any service that provides certified, security hardened Docker images for common platforms like Python, PHP, Node, Java, etc. with 0 major/critical CVEs.
Currently, we are using the ones from RedHat but the problem is, even If I s… Continue reading Where to find the security hardened docker images
My organization wants to restrict all the plugins/tools like Netcraft and Builtwith to detect all the server side technologies for security reason like platform, operating system name and version, web server name and version…. Continue reading How to restrict plugins/tools like Netcraft and Builtwith to detect server side technologies?
Over the years I have used a number of different sources of security configuration guidance for a spectrum of systems including for example:
https://www.cisecurity.org/cis-benchmarks/
https://www.stigviewer.com/stigs
https:… Continue reading Best Source of Security Configuration Guidance
As someone who is naturally good at recognizing risk and who are striving to maintain a wholistic view on security, I’m wondering how to evaluate and reduce the risks of hardware accessories (I.e. charging plug-ins, Thunderbolt cables), sp… Continue reading How to mitigate the risks of using new, third party imported electronic accessories?
What would be the best practices for securing a single-purpose Windows laptop against a determined foreign intelligence agency from tampering with data on the machine? The machine would be used several times per year by two individuals wh… Continue reading Securing a Laptop from a Foreign Intelligence Agency
As far as I remember,
most Debian Wheezy packages were not compiled with those useful security flags (ASLR, PIE, SSP, and more).
Did the situation improve with Debian Squeeze or the upcoming Debian Buster ?
By comparison, … Continue reading the state of ASLR, PIE, SSP on Debian in 2018?
The Center for Internet Security’s Critical Security Controls (“the CIS Controls”) are incredibly useful in helping organizations defend themselves against digital threats. By adopting the first five controls alone, it’s possibl… Continue reading Two-Thirds of Organizations Don’t Use Hardening Benchmarks to Establish a Secure Baseline, Report Reveals
From what I read, SSH is mainly used for remotely accessing a machine. If I don’t want anyone remotely accessing my machine, nor myself included, is it ok to delete these configuration files from my Linux system? Can doing so… Continue reading Is it ok to delete SSH configuration files?
As part of the new best practices in hardening server communications I need to deny TLS 1.0 on the web server, before doing so I wish to identify the number of clients who connect with this level of encryption.
Therefore I would like to kn… Continue reading Filter TLS in Wireshark or other monitoring tool