Category: Security Infos

Meltdown Spectre VM Hosting

Thru current IT News you may have heard about the major Security Problem of x86 Technology. If your Websites current hosted on VM at VM Providers, contact them to get current news about their bug handling of their VM Host Servers. If you get no details, then shutdown your sites temporarily, or look for a other solution which isn’t running on x86 Technology. Otherwise you can try to switch from php-kits to static HTML Websites. On the Net there are very helpful tools to do this easy. For WordPress is a WP to HTML Plugin available. This dumps your blog […]

Debian: without sytemd

If you run Debian Servers, you read last weeks about security problems of systemd service manager. On several tests i have seen much systems having problems on service starts on boot like on debian, raspian .. This is a result of not clean redesigned scripts of the services by the Maintainers like the Proxy Server “privoxy” Package… For Tests i decided to try the new Debian Fork Replacement DEVUAN  for Desktop and a standard Debian Server Setup without systemd! Howto purge Systemd on a Debian System read this external Wiki: http://without-systemd.org/wiki/index.php/How_to_remove_systemd_from_a_Debian_jessie/sid_installation or try Devuan for Server and Desktop: https://devuan.org/ Remark: […]

Security: Disable USB Drive mount for Users

If you share your Systems and you want to disable USB Drive connects there is a small solution. By default the gvfs Service handle all automounts and drive scans. On old Linux Systems you could purge the complete gvfsd “Backend” but Ubuntu-Desktop forces some pakets to the default Desktop Package! If you purge it the working Desktop can be destroyed! It’s easier to disable the “USB Drivers” called Modules from load on Start! Cause Rules are “Software” and can FAIL unknown!! Howto? Edit the /etc/modprobe.d/blacklist.conf and add: blacklist usb_storage blacklist uas Update initramfs (Kernel Image) update-initramfs -u -k all reboot […]

Security: Isolated Browser eMail Programs

If you want to be more secure, on Linux you can isolate used programs on different Users! All you need is installed by default! Howto: Add a new User for eMail and Browser to the System with: $sudo adduser mailuser $sudo adduser webuser now install if not installed by default “gksu” User Switch $sudo apt-get install gksu copy now the default App Links to webuser’s Home Desktop, for mailuser enter mailuser’s name $cp /usr/share/applications/firefox-esr.desktop /home/webuser/Desktop/firefox-esr.desktop edit the firefox-esr.desktop by right click on nautilus or a editor and change command line: old: /usr/lib/firefox-esr/firefox-esr %u to: gksu -u webuser -w "/usr/lib/firefox-esr/firefox-esr %u" […]

Security: Protection Against Cryptware Wannacry

You heard perhaps last day’s about the major problems of Attacks to Systems with the “WannaCry” Crypto Ware Howto protect yourself? Enable the Firewall on Windows Systems!! Always! Update daily the Virus Scanners and Windows Patches! Disable and CLOSE Ports you never need! SMB Protocol is a open unencrypted Transfer Protocol! Use a second Router with Firewall behind your ISP Router or Modem! (openwrt, pfsense) Check with nmap Portscanner Tool the taken Rules and check if the work! For Network Access use ALWAYS SFTP with Authentification over KEYs Logins (Two Factor: Key and Password for unlock the Keyfiles id_rsa) For […]