Home Configuration

Configuration

Three SSL/TLS Tools you need to know!

Not only when working on IT-Security related things but also for daily sysadmin stuff, it’s essential to have the right tool to do the job. Below are my three favorite tools I use when configuring, debugging and researching SSL/TLS related things. Let’s face it… with all these recent issues, it’s necessary to deal with SSL […]

Turn off Nginx version display

By default Nginx likes to show it’s version in the reply header of every request and on error pages. It is important to turn off the nginx version disclosure in order to prevent attackers to find potential exploits for your nginx server version. While this is generally a problem, I suspect that the secure “do […]

“Secure” config for OpenSSH 6.6 Ubuntu 14.04

When using a standard Ubuntu1 14.04 installation, it will be configured half-way secure. However, to achieve no findings on vulnerability scanners like nessus, you’ll need to tweak the settings further. Another nice side-effect is, that attackers are usually using outdated systems which means that they’re not even able to get to the authentication part. Disable […]