Collaborate Disseminate
I am somewhat administering an old Windows Server 2008 server that is used to host a older Video Game.
It’s in such a state that it has tons of custom code on it that run the server and hasn’t really been maintained.
We rec… Continue reading Steps to Harden Ancient Gaming Server
I generally zero out memory the moment it’s served its usefulness, but only with heap-allocated chunks. Is it a sin (or overkill) to do the same with arguments and stack values? Thanks in advance.
Edit:
Here’s an example of what I mean… Continue reading Is zeroing out values on the stack and arguments overkill?
I have several directories on my Mac, two most popular examples are:
~/.aws
~/.ssh
They can be read by any script file or third-party app in system.
I do not see a way to protect them in macOS (and in Linux). Mechanisms… Continue reading How to protect certain macOS user directory from unauthorized access?
I’ve got a service running inside a docker container. I’ve built my own image based on nginx:stable-alpine docker image.
I am trying to ascertain whether the concept of CIS hardening applies to the container itself or just the host OS whe… Continue reading CIS hardening of alpine based docker container
I’m using nginx (Port 8888) as a reverse proxy for my web server running over 8080. In the traditional way, nginx master process runs as root and spawns the child processes with user www-data. Is it recommended to run the mas… Continue reading Is it a security risk to run master process of nginx as root?
This is a follow up on my previous question about Storing sensitive, sharable data for a company where several of the employees have access to the server.
This solution has worked well for our customer, and we’re looking to… Continue reading Shareable encrypted data in a web application
I am currently reviewing some Android application build hardening guidelines which specify a minimum allowable supported API level. This was set internally at API level 15 and has been for some time, due to that being when se… Continue reading Current generally recommended minimum Android API level for security reasons (Late Dec 2018)
I am enforcing a hardening policy on my organization’s work stations.
One of the policies I removed, under Shutdown, is called “Allow system to be shut own without having to log on”.
Users started to complain and asked us to… Continue reading WIN 10 hardening: Importance of "Allow system to be shut down without having to log on" policy
its a very simple question but might not be too trivial. Imagine an attacker has access to your device and gained SYSTEM privilege. Your company has installed a logging agent on your device to capture all these malicious acti… Continue reading How to protect your anti virus program or logging agent?
I want to hide /dev files on Linux because some files can be dumped and used for reverse engineering/attack purposes.
My primary goal is to avoid users able to see those files from a shell: lurking on internet I’ve seen udev… Continue reading How to hide device files on linux?