Collaborate Disseminate
I’m using nginx (Port 8888) as a reverse proxy for my web server running over 8080. In the traditional way, nginx master process runs as root and spawns the child processes with user www-data. Is it recommended to run the mas… Continue reading Is it a security risk to run master process of nginx as root?
This is a follow up on my previous question about Storing sensitive, sharable data for a company where several of the employees have access to the server.
This solution has worked well for our customer, and we’re looking to… Continue reading Shareable encrypted data in a web application
I am currently reviewing some Android application build hardening guidelines which specify a minimum allowable supported API level. This was set internally at API level 15 and has been for some time, due to that being when se… Continue reading Current generally recommended minimum Android API level for security reasons (Late Dec 2018)
I am enforcing a hardening policy on my organization’s work stations.
One of the policies I removed, under Shutdown, is called “Allow system to be shut own without having to log on”.
Users started to complain and asked us to… Continue reading WIN 10 hardening: Importance of "Allow system to be shut down without having to log on" policy
its a very simple question but might not be too trivial. Imagine an attacker has access to your device and gained SYSTEM privilege. Your company has installed a logging agent on your device to capture all these malicious acti… Continue reading How to protect your anti virus program or logging agent?
I want to hide /dev files on Linux because some files can be dumped and used for reverse engineering/attack purposes.
My primary goal is to avoid users able to see those files from a shell: lurking on internet I’ve seen udev… Continue reading How to hide device files on linux?
In High Sierra or Mojave, is it possible to harden our login password so that the hash is more difficult to crack? I’m not a crypto person, but can we increase the iterations, transforms, hashing algo strenth or something… … Continue reading How to harden user/login password? [migrated]
Is there any service that provides certified, security hardened Docker images for common platforms like Python, PHP, Node, Java, etc. with 0 major/critical CVEs.
Currently, we are using the ones from RedHat but the problem is, even If I s… Continue reading Where to find the security hardened docker images
My organization wants to restrict all the plugins/tools like Netcraft and Builtwith to detect all the server side technologies for security reason like platform, operating system name and version, web server name and version…. Continue reading How to restrict plugins/tools like Netcraft and Builtwith to detect server side technologies?
Over the years I have used a number of different sources of security configuration guidance for a spectrum of systems including for example:
https://www.cisecurity.org/cis-benchmarks/
https://www.stigviewer.com/stigs
https:… Continue reading Best Source of Security Configuration Guidance