Home Tag "Configuration"

Short News: OpenSSL…”FREAK” attack

And once again an OpenSSL vulnerability has been disclosed. It was disclosed by Karthikeyan Bhargavan and the mitLS team. As every vulnerability needs a fancy name these days, this one is called FREAK attack. The vulnerability allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use ‘export-grade’ cryptography, which can then be […]

Turn off Nginx version display

By default Nginx likes to show it’s version in the reply header of every request and on error pages. It is important to turn off the nginx version disclosure in order to prevent attackers to find potential exploits for your nginx server version. While this is generally a problem, I suspect that the secure “do […]

“Secure” config for OpenSSH 6.6 Ubuntu 14.04

When using a standard Ubuntu1 14.04 installation, it will be configured half-way secure. However, to achieve no findings on vulnerability scanners like nessus, you’ll need to tweak the settings further. Another nice side-effect is, that attackers are usually using outdated systems which means that they’re not even able to get to the authentication part. Disable […]