I use SSH with port forwarding for secure remote access. For me it’s better than using a VPN. Here are my reasons why: Clear visibility on what’s happening on the network. You control what happens. Easy configuration of IP ports and addresses. Single config file for OpenSSH client. Asymmetric, i.e. client-server model. Better suited for remote access. Public/Private key based security setup. No PKI needed. User space client. No encapsulation, only encryption overhead on the payload. The biggest downside is that you cannot forward UDP ports. There’s no such thing as a free lunch. There are workarounds for this limitation, such as using netcat forRead More →

No, this post is not about schools or universities. This is about SSL/TLS security. In order to secure an internet connection, SSL/TLS can be used. There are many ways to secure a network connection with SSL/TLS. You have ciphers and algorithms for connection setup and key exchange, ciphers for data stream encryption, hashing algorithms and most of those come in variants with different key lengths. So we talk about a Cipher Suites. A single cipher suite for example looks like this: “TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256”. Then there is history and backwards compatibility. Computers gets faster, resulting in secure encryption becoming insecure over time. So some encryption becomes obsolete butRead More →

One measure to harden WordPress is to disable PHP execution in specific folders. WordPress and several blog posts mention the wp-content and wp-includes folder. After disabling PHP execution on these two folders, the visual editor broke, not showing my post while the editing toolbar was gone as well. This problem not immediately relates to PHP execution being disabled since everything else worked perfectly fine.. I make notes of every change and my “Admin Logbook” (some might call it “Captains Log..”) showed the last change being this hardening change.  After I enabled PHP execution on wp-includes only, the editor worked again. Note that you have to clear theRead More →