Security Notes

Sarath Pillai's picture

How Does SSL/TLS Chain Certificates and Its Validation work?

Certificate Chain Validation Process

The number of websites on the internet that enforces SSL, ie: HTTPS version of their websites are growing day by day, which a good thing as far as security is concerned. This claim is not without any proof. All major web browser statistics published online does indicate this fact. Checkout the chrome staticstics on ssl published by Google, and Firefox statistics from Mozilla.


Sarath Pillai's picture

How To Secure Apache Web Server

Methods to secure apache web server

Apache and Nginx together contribute to at least 80 percent of the websites running on the entire internet. If you are a customer of a hosting service provider or a company, then also you are using Apache most of the time to run your website (because most of the hosting companies run cpanel Apache at the backend. Although, you cannot customize and configure Apache in such cases to your own wish ).

In this post we will be discussing actions and methods that need to be taken to secure your Apache web server to a certain extent. According to me you really cannot completely secure any server (primarily because each day some or the other vulnerabilities are discovered).  I remember the below line which I read somewhere…


“If you need your server to be really secure. Then do not connect it to a network”


Sarath Pillai's picture

Block Referrer Spam on Your Website

Stop Referrer Spam

Internet is a very beautiful place to learn new things and gain information. As it has to provide information and access to anybody from anywhere in the globe, there was no other option, than to keep it wide open to all public. Although in the beginning (during its infancy period)it was only used by good and nice fellows with good intention, gradually it has become a composite mixture of good and evil.


Sarath Pillai's picture

SSL OpenVPN in Linux: Installation and configuration

SSL open VPN

Virtual Private Network is a norm these days in any architecture, where you enable access to your internal network to authorized employees and other associates. In this tutorial we will be discussing the working and configuration of one such VPN solution.


Before getting inside the installation and configuration part we will discuss the basics of this technology. Wikipedia defines openvpn as follows.


A virtual private network (VPN) extends a private network across a public network, such as the Internet.


Sarath Pillai's picture

What is Perfect Forward Secrecy and its impact on SSL (HTTPS)

PEC (Perfect Forward Secrecy)

Actually I was writing a usual tutorial article for getting SSL VPN configured for clients to login using their key pairs. I was doing a little bit of research to make that article more accurate while I explain its working. And during that research I stumbled upon one interesting fact about the way we communicate using SSL. Hence this article is the result of whatever I found.


The main reason am writing this is because it has a major security impact on the way we communicate today over the internet.


Sarath Pillai's picture

SSH Port Forwarding in Linux: Configuration and Examples

SSH Port Forwarding

During the mid 90's (1995 to be precise) one researcher named Tatu Ylönen, at the university of Helsinki (Finland) designed a protocol, that eventually replaced all remote login programs. The primary objective behind Tatu Ylönen's design of the new protocol was to stop password sniffing attacks.


In other words, remote login programs prior to 1995 used to send login credentials and other critical information in clear text format through the wire. Due to this, anybody with a little bit technical knowledge can sniff the packets and read the password.


Sarath Pillai's picture

Linux IPTABLES Firewall Tutorial: Getting Started with basics

Linux Iptables Firewall

We had several requests from our readers to include tutorials and articles about basic things like security in Linux and how to configure it. The problem is “Security in Linux” is a pretty big topic that covers different aspects and tools related to Linux. Most of the times security entirely depends upon the kind of architecture you have. The thing applicable to one architecture might not be applicable to another.


The only solution in getting things clear is to keep on learning new stuff and try to collect more details about what a particular thing does, or what a configuration actually does.


Sarath Pillai's picture

What is Port knocking and how to configure it in Linux

Port Knocking

The basic minimum security that any body can implement on a publicly exposed server is source address based or sometimes called as host based security. It is nothing but to allow your specified hosts or addresses to gain access, and block the rest.


An attacker can even compromise a source address based firewall by spoofing the source ip address (which will make the request appear to the server as one among your allowed source list )


But this situation becomes too difficult to implement if you wish to gain access to your publicly available server from anywhere in the world. The reason is you cant simply go ahead and do a “allow all addresses” to your remote login SSH port.

Sarath Pillai's picture

Secure Zone transfer in BIND using TSIG(Transaction Signatures)

secure zone transfer

In this post i will explain some of the concepts related to DNS zone transfer, and how to secure zone transfer. As other tutorials i will begin with the basics and concepts, and then we will look into configuration part (i will include the configuration details in between.)

BIND is a highly used DNS server package available for both Linux and windows. It’s much flexible compared to other DNS server packages.

For those who don’t know what is a DNS zone file i will recommend reading the below article i wrote sometime back, which will explain the content of a zone file.

Read: What is a DNS zone file and its contents


Sarath Pillai's picture

Linux IPSec site to site VPN(Virtual Private Network) configuration using openswan


If you have a Linux machine and a couple of trained experts who can work on it, then you can achieve your required architecture setup almost free of cost. A Linux machine can power your web based applications and can outperform most of the proprietary applications available, if configured in the correct manner. In this blog post we will be discussing configuration of a very widely used technology called as VPN.

A Linux machine can be configured as a router, that routes traffic inside and outside of your infrastructure. If you are interested in understanding how a Linux router does a NAT(Network Address Translation), then i will recommend you to read the below blog post.


Subscribe to RSS - Security Notes