Archive
Posts in Security
Wiping disk drive data with Darek's boot and nuke
Over the years I have accumulated dozens of disk drives. As I upgrade drives and donate my older hardware to friends and charities, I like to make sure the data on those drives is wiped. I've been using Darik's boot and nuke (DBAN) to wipe my drives for the past year or two, and the entire process couldn't be easier. DBAN is a bootable Linux CDROM image that wipes a hard drive using one of several strong data destruction algorithms (Gutmann wipe, DoD short, Dod long, etc.)…
$ read more →Speeding up SSH (SCP) data transfers
I'll be the first to admit that I'm an SCP addict. It doesn't matter what kind of data I'm working with, if it can be turned into an object that I move around with scp I'm in! One thing I've always noticed with scp is the dismal out of the box performance. I read quite some time back on the openssh mailing list that there were some fixed buffers inside openssh that prevented copy operations from fully utilizing high speed network links…
$ read more →Securing your Linux vsftp installations by locking down your server and chroot()'ing users
As much as we all hate FTP and the insecurities of the protocol, I've given up on the fact that it's going to be retired anytime soon. A lot of old legacy systems (mainframes, AS400s, etc.) don't support SSH, but they so support the infamous FTP protocol. These two factors force a lot of companies to continue to use it, so we need to take every measure we can to protect the FTP servers that receive files from these systems. I've been using vsftpd for quite some time, and it has one of the best security track records of the various FTP server implementations…
$ read more →Running an SSH client inside your Firefox web browser
I recently came across FireSSH, which is an SSH client that runs inside Firefox. The FireSSH plug-in allows you to create an SSH connection to a remote host using just a web browser, and I can see all kinds of uses for this! The plug-in is written entirely in javascript, and uses a couple of features that require Firefox 4 (Firefox 4 rocks, so upgrading to it should be a no brainer). To access the plug-in, you will first need to surf over to the mozilla plug-in site and install it using your choice of installation options…
$ read more →A simple and easy way to restart dropped SSH sessions on Linux servers
I frequently use OpenSSH port forwards to move around my various networks, and there is nothing worse than an SSH connection dropping when you make heavy use of them. Recently I came across the autossh utility, which provides a crazy easy way to monitor ssh sessions and restart them when they are reset or dropped. To use this awesome little tool, you can invoke autossh with the options you would normally pass to your ssh client: In the example above I am creating a dynamic local port forward that will accept connections on localhost:8000. To change how autossh manages the sessions and logs it creates, you can set one of more environment variables…
$ read more →